WGU D487 Secure SW Design
Objective Assessment Actual Exam
2026/2027 | Questions with Verified
Answers | 100% Correct | Pass
Guaranteed
Q001: A fintech start-up is designing a mobile banking app. During
threat-modeling sessions, the team identifies that attackers could attempt
to reverse-engineer the mobile client to extract API keys hard-coded in
the source code. Which secure design practice best mitigates this
specific risk?
Options:
A. Obfuscate the entire mobile binary and continue to embed the keys
for performance
B. Move API keys to a cloud-based secrets-management service and
fetch them at runtime using attested short-lived tokens
C. Encrypt the keys with AES-256 and store the encryption key in the
same mobile package
P a g e 1 | 43
,D. Use HTTP Basic Authentication instead of API keys to simplify client
logic
ANSWER: B
Verified Answer: OWASP MASVS-STORAGE-2 requires that sensitive
credentials must not be stored in the client; instead, runtime retrieval
from a hardened secrets vault with attestation and scoped tokens
enforces least privilege and prevents static leakage.
Q002: A web application uses a micro-service architecture. One service
needs to invoke another over an internal network. The architect wants to
ensure that the caller is authenticated and that the credential is scoped
only to the required endpoint. Which approach aligns with the principle
of least privilege?
Options:
A. Share one long-lived service account JWT across all services and
reuse it for every call
B. Issue an mTLS client certificate valid for five years and embed it in
every container image
C. Use a short-lived OAuth 2.0 access token minted by an internal
authorization server with audience and scope claims set to the target
service
D. Pass the same static API key in an HTTP header because the internal
network is already segmented by a firewall
ANSWER: C
Verified Answer: Short-lived tokens with explicit audience and scope
claims enforce fine-grained least privilege, whereas long-lived shared
P a g e 2 | 43
,secrets or certificates violate that principle (NIST SP 800-207 section
5.1).
Q003: During a design review, a security engineer notices that user-
supplied input is concatenated directly into SQL query strings. The team
lead argues that input is validated on the client side. Which secure
design principle is most clearly being violated?
Options:
A. Defense in depth
B. Fail securely
C. Economy of mechanism
D. Open design
ANSWER: A
Verified Answer: Relying solely on client-side validation removes a
defensive layer; secure design mandates server-side controls
(parameterized queries) as an additional layer—defense in depth (NIST
800-160 Vol.1 3.3).
Q004: A developer proposes signing session cookies with HMAC-
SHA256 but wants to use the same 128-bit static key for the next three
years to avoid key-rotation overhead. Which NIST guideline addresses
the appropriate cryptoperiod for this symmetric key?
Options:
A. SP 800-57 Part 1 recommends a maximum cryptoperiod of 1–2 years
for signature applications using symmetric keys
B. SP 800-57 Part 1 allows up to 5 years for any HMAC key under 256
bits
P a g e 3 | 43
, C. FIPS 140-3 mandates that session-signing keys may be reused
indefinitely if stored in a FIPS module
D. OWASP ASVS states that cryptoperiods are optional when HMAC is
used
ANSWER: A
Verified Answer: NIST SP 800-57 Part 1 Table 5-3 limits symmetric
signature keys (e.g., HMAC) to about one year in high-traffic systems,
reinforcing key rotation as a secure design requirement.
Q005: A threat model for an e-commerce platform uses STRIDE. Which
STRIDE category best describes the risk where a customer can change
the price of an item to $0.01 before checkout?
Options:
A. Tampering
B. Information Disclosure
C. Repudiation
D. Elevation of Privilege
ANSWER: D
Verified Answer: Manipulating price data to gain unauthorized
purchasing power is an unauthorized privilege escalation—Elevation of
Privilege in STRIDE (Microsoft Security Development Lifecycle).
Q006: An architect is selecting a cryptographic mode for storing
encrypted backups at rest. The backups are large, but random access to
small segments is required. Which mode provides authenticated
encryption and random access while minimizing re-encryption of
unmodified blocks?
P a g e 4 | 43
Objective Assessment Actual Exam
2026/2027 | Questions with Verified
Answers | 100% Correct | Pass
Guaranteed
Q001: A fintech start-up is designing a mobile banking app. During
threat-modeling sessions, the team identifies that attackers could attempt
to reverse-engineer the mobile client to extract API keys hard-coded in
the source code. Which secure design practice best mitigates this
specific risk?
Options:
A. Obfuscate the entire mobile binary and continue to embed the keys
for performance
B. Move API keys to a cloud-based secrets-management service and
fetch them at runtime using attested short-lived tokens
C. Encrypt the keys with AES-256 and store the encryption key in the
same mobile package
P a g e 1 | 43
,D. Use HTTP Basic Authentication instead of API keys to simplify client
logic
ANSWER: B
Verified Answer: OWASP MASVS-STORAGE-2 requires that sensitive
credentials must not be stored in the client; instead, runtime retrieval
from a hardened secrets vault with attestation and scoped tokens
enforces least privilege and prevents static leakage.
Q002: A web application uses a micro-service architecture. One service
needs to invoke another over an internal network. The architect wants to
ensure that the caller is authenticated and that the credential is scoped
only to the required endpoint. Which approach aligns with the principle
of least privilege?
Options:
A. Share one long-lived service account JWT across all services and
reuse it for every call
B. Issue an mTLS client certificate valid for five years and embed it in
every container image
C. Use a short-lived OAuth 2.0 access token minted by an internal
authorization server with audience and scope claims set to the target
service
D. Pass the same static API key in an HTTP header because the internal
network is already segmented by a firewall
ANSWER: C
Verified Answer: Short-lived tokens with explicit audience and scope
claims enforce fine-grained least privilege, whereas long-lived shared
P a g e 2 | 43
,secrets or certificates violate that principle (NIST SP 800-207 section
5.1).
Q003: During a design review, a security engineer notices that user-
supplied input is concatenated directly into SQL query strings. The team
lead argues that input is validated on the client side. Which secure
design principle is most clearly being violated?
Options:
A. Defense in depth
B. Fail securely
C. Economy of mechanism
D. Open design
ANSWER: A
Verified Answer: Relying solely on client-side validation removes a
defensive layer; secure design mandates server-side controls
(parameterized queries) as an additional layer—defense in depth (NIST
800-160 Vol.1 3.3).
Q004: A developer proposes signing session cookies with HMAC-
SHA256 but wants to use the same 128-bit static key for the next three
years to avoid key-rotation overhead. Which NIST guideline addresses
the appropriate cryptoperiod for this symmetric key?
Options:
A. SP 800-57 Part 1 recommends a maximum cryptoperiod of 1–2 years
for signature applications using symmetric keys
B. SP 800-57 Part 1 allows up to 5 years for any HMAC key under 256
bits
P a g e 3 | 43
, C. FIPS 140-3 mandates that session-signing keys may be reused
indefinitely if stored in a FIPS module
D. OWASP ASVS states that cryptoperiods are optional when HMAC is
used
ANSWER: A
Verified Answer: NIST SP 800-57 Part 1 Table 5-3 limits symmetric
signature keys (e.g., HMAC) to about one year in high-traffic systems,
reinforcing key rotation as a secure design requirement.
Q005: A threat model for an e-commerce platform uses STRIDE. Which
STRIDE category best describes the risk where a customer can change
the price of an item to $0.01 before checkout?
Options:
A. Tampering
B. Information Disclosure
C. Repudiation
D. Elevation of Privilege
ANSWER: D
Verified Answer: Manipulating price data to gain unauthorized
purchasing power is an unauthorized privilege escalation—Elevation of
Privilege in STRIDE (Microsoft Security Development Lifecycle).
Q006: An architect is selecting a cryptographic mode for storing
encrypted backups at rest. The backups are large, but random access to
small segments is required. Which mode provides authenticated
encryption and random access while minimizing re-encryption of
unmodified blocks?
P a g e 4 | 43
