CERTIFIED
WGU D487 - SECURE
SOFTWARE DESIGN
1200+ (2025-2026 Full Exam Kit) Solved Q&A | Correct &
Verified Answers
100% Guaranteed Pass Rate
✓ Complete exam coverage:WGU D487 - Secure Software Design
✓ 100% Accurate & Verified Questions and Answers
✓ Reviewed by Subject Matter Experts
✓ Updated for current exam objectives
✓ Instant digital download after purchase
Trusted by thousands of students and professionals worldwide • © 2025-2026
,Questions
Question 1
A) Building Security in Maturity Model (BSIMM)
Correct Answer
What is the study of real-world software security initiatives organized so companies can measure their initiatives and
understand how to evolve them over time?
A) Building Security in Maturity Model (BSIMM)
B) Security features and design
C) OWASP Software Assurance Maturity Model (SAMM)
D) ISO 27001
Question 2
A) Static analysis
Correct Answer
What is the analysis of computer software that is performed without executing programs?
A) Static analysis
B) Fuzzing
C) Dynamic analysis
D) OWASP ZAP
Question 3
A) iso 27001
Correct Answer
What iso standard is the benchmark for information security today?
A) iso/iec 27001
B) iso/iec 7799
C) iso/iec 27034
D) iso 8601
,Question 4
A) dynamic analysis
Correct Answer
what is the analysis of computer software that is performed by executing programs on a real or virtual processor in real time?
A) dynamic analysis
B) static analysis
C) fuzzing
D) security testing
Question 5
A) software security architect
Correct Answer
which person is responsible for designing, planning, and implementing secure coding practices and security testing
methodologies?
A) software security architect
B) product security developer
C) software security champion
D) software tester
Question 6
A) Waterfall
Correct Answer
A company is preparing to add a new feature to its flagship software product. The new feature is similar to features that have
been added in previous years, and the requirements are well-documented. The project is expected to last three to four months,
at which time the new feature will be released to customers. Project team members will focus solely on the new feature until
the project ends.
Which software development methodology is being used?
A) Waterfall
B) Agile
C) Scrum
D) Extreme programming
, Question 7
A) Principle of least privilege
Correct Answer
A new product will require an administration section for a small number of users. Normal users will be able to view limited
customer information and should not see admin functionality within the application.
Which concept is being used?
A) Principle of least privilege
B) Privacy
C) Software security champion
D) Elevation of privilege
Question 8
A) Analyzing the target
Correct Answer
The software security team is currently working to identify approaches for input validation, authentication, authorization, and
configuration management of a new software product so they can deliver a security profile.
Which threat modeling step is being described?
A) Analyzing the target
B) Drawing data flow diagram
C) Rating threats
D) Identifying and documenting threats
WGU D487 - SECURE
SOFTWARE DESIGN
1200+ (2025-2026 Full Exam Kit) Solved Q&A | Correct &
Verified Answers
100% Guaranteed Pass Rate
✓ Complete exam coverage:WGU D487 - Secure Software Design
✓ 100% Accurate & Verified Questions and Answers
✓ Reviewed by Subject Matter Experts
✓ Updated for current exam objectives
✓ Instant digital download after purchase
Trusted by thousands of students and professionals worldwide • © 2025-2026
,Questions
Question 1
A) Building Security in Maturity Model (BSIMM)
Correct Answer
What is the study of real-world software security initiatives organized so companies can measure their initiatives and
understand how to evolve them over time?
A) Building Security in Maturity Model (BSIMM)
B) Security features and design
C) OWASP Software Assurance Maturity Model (SAMM)
D) ISO 27001
Question 2
A) Static analysis
Correct Answer
What is the analysis of computer software that is performed without executing programs?
A) Static analysis
B) Fuzzing
C) Dynamic analysis
D) OWASP ZAP
Question 3
A) iso 27001
Correct Answer
What iso standard is the benchmark for information security today?
A) iso/iec 27001
B) iso/iec 7799
C) iso/iec 27034
D) iso 8601
,Question 4
A) dynamic analysis
Correct Answer
what is the analysis of computer software that is performed by executing programs on a real or virtual processor in real time?
A) dynamic analysis
B) static analysis
C) fuzzing
D) security testing
Question 5
A) software security architect
Correct Answer
which person is responsible for designing, planning, and implementing secure coding practices and security testing
methodologies?
A) software security architect
B) product security developer
C) software security champion
D) software tester
Question 6
A) Waterfall
Correct Answer
A company is preparing to add a new feature to its flagship software product. The new feature is similar to features that have
been added in previous years, and the requirements are well-documented. The project is expected to last three to four months,
at which time the new feature will be released to customers. Project team members will focus solely on the new feature until
the project ends.
Which software development methodology is being used?
A) Waterfall
B) Agile
C) Scrum
D) Extreme programming
, Question 7
A) Principle of least privilege
Correct Answer
A new product will require an administration section for a small number of users. Normal users will be able to view limited
customer information and should not see admin functionality within the application.
Which concept is being used?
A) Principle of least privilege
B) Privacy
C) Software security champion
D) Elevation of privilege
Question 8
A) Analyzing the target
Correct Answer
The software security team is currently working to identify approaches for input validation, authentication, authorization, and
configuration management of a new software product so they can deliver a security profile.
Which threat modeling step is being described?
A) Analyzing the target
B) Drawing data flow diagram
C) Rating threats
D) Identifying and documenting threats
