1|Page
WGU D487 SECURE SOFTWARE DESIGN
STUDY TEST BANK UPDATES 2025/2026
WITH EXPERT VERIFIED QUESTIONS
AND CORRECT ANSWERS GRADED A+
FOR GUARANTEED PASS
What is a study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve
them over time?,
Building Security In Maturity Model (BSIMM)
What is the analysis of computer software that is performed without
executing programs?
Static analysis
Which International Organization for Standardization (ISO) standard is
the benchmark for information security today?
ISO/IEC 27001
What is the analysis of computer software that is performed by
executing programs on a real or virtual processor in real time?
Dynamic analysis
Which person is responsible for designing, planning, and implementing
secure coding practices and security testing methodologies?
Software security architect
A company is preparing to add a new feature to its flagship software
product. The new feature is similar to features that have been added in
previous years, and the requirements are well-documented. The project
,2|Page
is expected to last three to four months, at which time the new feature
will be released to customers. Project team members will focus solely on
the new feature until the project ends. Which software development
methodology is being used?
Waterfall
A new product will require an administration section for a small number
of users. Normal users will be able to view limited customer information
and should not see admin functionality within the application. Which
concept is being used?
Principle of least privilege
The software security team is currently working to identify approaches
for input validation, authentication, authorization, and configuration
management of a new software product so they can deliver a security
profile. Which threat modeling step is being described?
Analyzing the threats
The scrum team is attending their morning meeting, which is scheduled
at the beginning of the work day. Each team member reports what they
accomplished yesterday, what they plan to accomplish today, and if they
have any impediments that may cause them to miss their delivery
deadline. Which scrum ceremony is the team participating in?
Daily Scrum
What is a list of information security vulnerabilities that aims to provide
names for publicly known problems?
Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available
algorithms to hide product data from unauthorized access?
Cryptographic practices
,3|Page
Which secure coding best practice ensures servers, frameworks, and
system components are all running the latest approved versions?
System configuration
Which secure coding best practice says to use parameterized queries,
encrypted connection strings stored in separate configuration files, and
strong passwords or multi-factor authentication?
Database security
Which secure coding best practice says that all information passed to
other systems should be encrypted?
Communication security
Team members are being introduced during sprint zero in the project
kickoff meeting. The person being introduced is a member of the scrum
team, responsible for writing feature logic and attending sprint
ceremonies. Which role is the team member playing?
Software developer
A software security team member has created data flow diagrams,
chosen the STRIDE methodology to perform threat reviews, and created
the security assessment for the new product. Which category of secure
software best practices did the team member perform?
Architecture analysis
Team members are being introduced during sprint zero in the project
kickoff meeting. The person being introduced will be a facilitator, will
try to remove roadblocks and ensure the team is communicating freely,
and will be responsible for facilitating all scrum ceremonies. Which role
is the team member playing?
Scrum master
, 4|Page
The new product standards state that all traffic must be secure and
encrypted. What is the name for this secure coding practice?
Communication security
Which DREAD category is based on how easily a threat exploit can be
repeated?
Reproducibility
Which mitigation technique can be used to fight against a data tampering
threat?
Digital signatures
What is a countermeasure to the web application security frame (ASF)
configuration management threat category?
Service account have no administration capabilities
Which type of requirement specifies that file formats the application
sends to financial institutions must be certified every four years?
Compliance requirement
Which type of requirement specifies that credit card numbers displayed
in the application will be masked so they only show the last four digits?
Privacy requirement
Which type of requirement specifies that user passwords will require a
minimum of 8 characters and must include at least one uppercase
character, one number, and one special character?
Security requirement
Which type of requirement specifies that credit card numbers are
designated as highly sensitive confidential personal information?
Data classification requirement
WGU D487 SECURE SOFTWARE DESIGN
STUDY TEST BANK UPDATES 2025/2026
WITH EXPERT VERIFIED QUESTIONS
AND CORRECT ANSWERS GRADED A+
FOR GUARANTEED PASS
What is a study of real-world software security initiatives organized so
companies can measure their initiatives and understand how to evolve
them over time?,
Building Security In Maturity Model (BSIMM)
What is the analysis of computer software that is performed without
executing programs?
Static analysis
Which International Organization for Standardization (ISO) standard is
the benchmark for information security today?
ISO/IEC 27001
What is the analysis of computer software that is performed by
executing programs on a real or virtual processor in real time?
Dynamic analysis
Which person is responsible for designing, planning, and implementing
secure coding practices and security testing methodologies?
Software security architect
A company is preparing to add a new feature to its flagship software
product. The new feature is similar to features that have been added in
previous years, and the requirements are well-documented. The project
,2|Page
is expected to last three to four months, at which time the new feature
will be released to customers. Project team members will focus solely on
the new feature until the project ends. Which software development
methodology is being used?
Waterfall
A new product will require an administration section for a small number
of users. Normal users will be able to view limited customer information
and should not see admin functionality within the application. Which
concept is being used?
Principle of least privilege
The software security team is currently working to identify approaches
for input validation, authentication, authorization, and configuration
management of a new software product so they can deliver a security
profile. Which threat modeling step is being described?
Analyzing the threats
The scrum team is attending their morning meeting, which is scheduled
at the beginning of the work day. Each team member reports what they
accomplished yesterday, what they plan to accomplish today, and if they
have any impediments that may cause them to miss their delivery
deadline. Which scrum ceremony is the team participating in?
Daily Scrum
What is a list of information security vulnerabilities that aims to provide
names for publicly known problems?
Common computer vulnerabilities and exposures (CVE)
Which secure coding best practice uses well-tested, publicly available
algorithms to hide product data from unauthorized access?
Cryptographic practices
,3|Page
Which secure coding best practice ensures servers, frameworks, and
system components are all running the latest approved versions?
System configuration
Which secure coding best practice says to use parameterized queries,
encrypted connection strings stored in separate configuration files, and
strong passwords or multi-factor authentication?
Database security
Which secure coding best practice says that all information passed to
other systems should be encrypted?
Communication security
Team members are being introduced during sprint zero in the project
kickoff meeting. The person being introduced is a member of the scrum
team, responsible for writing feature logic and attending sprint
ceremonies. Which role is the team member playing?
Software developer
A software security team member has created data flow diagrams,
chosen the STRIDE methodology to perform threat reviews, and created
the security assessment for the new product. Which category of secure
software best practices did the team member perform?
Architecture analysis
Team members are being introduced during sprint zero in the project
kickoff meeting. The person being introduced will be a facilitator, will
try to remove roadblocks and ensure the team is communicating freely,
and will be responsible for facilitating all scrum ceremonies. Which role
is the team member playing?
Scrum master
, 4|Page
The new product standards state that all traffic must be secure and
encrypted. What is the name for this secure coding practice?
Communication security
Which DREAD category is based on how easily a threat exploit can be
repeated?
Reproducibility
Which mitigation technique can be used to fight against a data tampering
threat?
Digital signatures
What is a countermeasure to the web application security frame (ASF)
configuration management threat category?
Service account have no administration capabilities
Which type of requirement specifies that file formats the application
sends to financial institutions must be certified every four years?
Compliance requirement
Which type of requirement specifies that credit card numbers displayed
in the application will be masked so they only show the last four digits?
Privacy requirement
Which type of requirement specifies that user passwords will require a
minimum of 8 characters and must include at least one uppercase
character, one number, and one special character?
Security requirement
Which type of requirement specifies that credit card numbers are
designated as highly sensitive confidential personal information?
Data classification requirement
