CERTIFIED
WGU D487 PRE-
ASSESSMENT: SECURE
SOFTWARE DESIGN (KEO1)
(PKEO)
60+ (2025-2026 Full Exam Kit) Solved Q&A | Correct & Verified
Answers
100% Guaranteed Pass Rate
Complete examWGU D487 PRE-ASSESSMENT: SECURE
✓
coverage: SOFTWARE DESIGN (KEO1) (PKEO)
✓ 100% Accurate & Verified Questions and Answers
✓ Reviewed by Subject Matter Experts
✓ Updated for current exam objectives
✓ Instant digital download after purchase
Trusted by thousands of students and professionals worldwide • © 2025-2026
,Questions
Question 1
Which person is responsible for designing, planning, and implementing secure coding practices and security testing
methodologies?
Correct Answer
Software security architect
Question 2
The software security group is conducting a maturity assessment using the Building Security in Maturity Model (BSIMM). They
are currently focused on reviewing security testing results from recently completed initiatives.Which BSIMM domain is being
assessed?
Correct Answer
Software security development life cycle (SSDL) touchpoints
Question 3
What is the first step of the SDLC/SDL code review process?
Correct Answer
Identify security code review objectives
Question 4
Application credentials are stored in the database using simple hashes to store passwords. An undiscovered credential recovery
flaw allowed a security analyst to download the database and expose passwords using their GPU to crack the simple encryption.
How should the organization remediate this vulnerability?
Correct Answer
Enforce the use of strong, salted hashing functions when storing passwords
, Question 5
Which privacy impact statement requirement type defines how personal information is protected on devices used by more than a
single associate?
Correct Answer
Privacy control requirements
Question 6
The product security incident response team (PSIRT) determined a reported vulnerability was credible and of a high enough
severity that it needs to be fixed. What is the response team's next step?
Correct Answer
Identify resources and schedule the fix
Question 7
The software security team has been tasked with identifying who will be involved when security vulnerabilities are reported from
external entities. They are creating a RACI matrix that will identify stakeholders by who is responsible, accountable, consulted,
and informed of any new vulnerabilities. Which post-release deliverable is being described?
Correct Answer
External vulnerability disclosure response process
Question 8
Which design and development deliverable details the progress of personal information requirements created in earlier phases of
the security development lifecycle?
Correct Answer
Privacy compliance report
WGU D487 PRE-
ASSESSMENT: SECURE
SOFTWARE DESIGN (KEO1)
(PKEO)
60+ (2025-2026 Full Exam Kit) Solved Q&A | Correct & Verified
Answers
100% Guaranteed Pass Rate
Complete examWGU D487 PRE-ASSESSMENT: SECURE
✓
coverage: SOFTWARE DESIGN (KEO1) (PKEO)
✓ 100% Accurate & Verified Questions and Answers
✓ Reviewed by Subject Matter Experts
✓ Updated for current exam objectives
✓ Instant digital download after purchase
Trusted by thousands of students and professionals worldwide • © 2025-2026
,Questions
Question 1
Which person is responsible for designing, planning, and implementing secure coding practices and security testing
methodologies?
Correct Answer
Software security architect
Question 2
The software security group is conducting a maturity assessment using the Building Security in Maturity Model (BSIMM). They
are currently focused on reviewing security testing results from recently completed initiatives.Which BSIMM domain is being
assessed?
Correct Answer
Software security development life cycle (SSDL) touchpoints
Question 3
What is the first step of the SDLC/SDL code review process?
Correct Answer
Identify security code review objectives
Question 4
Application credentials are stored in the database using simple hashes to store passwords. An undiscovered credential recovery
flaw allowed a security analyst to download the database and expose passwords using their GPU to crack the simple encryption.
How should the organization remediate this vulnerability?
Correct Answer
Enforce the use of strong, salted hashing functions when storing passwords
, Question 5
Which privacy impact statement requirement type defines how personal information is protected on devices used by more than a
single associate?
Correct Answer
Privacy control requirements
Question 6
The product security incident response team (PSIRT) determined a reported vulnerability was credible and of a high enough
severity that it needs to be fixed. What is the response team's next step?
Correct Answer
Identify resources and schedule the fix
Question 7
The software security team has been tasked with identifying who will be involved when security vulnerabilities are reported from
external entities. They are creating a RACI matrix that will identify stakeholders by who is responsible, accountable, consulted,
and informed of any new vulnerabilities. Which post-release deliverable is being described?
Correct Answer
External vulnerability disclosure response process
Question 8
Which design and development deliverable details the progress of personal information requirements created in earlier phases of
the security development lifecycle?
Correct Answer
Privacy compliance report
