Free Preparation Discussions
MENU
WGU (D487, KEO1) Secure Software Design Exam Questions
- Topic 1: Software Architecture and Design: This module covers topics in designing, analyzing, and managing large scale software systems. Students will learn various architecture types, how to select and implement appropriate design patterns, and how to build well structured, reliable, and secure software systems.
- Topic 2: Software Architecture Types: This section of the exam measures skills of Software Architects and covers various architecture types used in large scale software systems. Learners explore different architectural models and frameworks that guide system design decisions. The content addresses how to identify and evaluate architectural patterns that best fit specific project requirements and organizational needs.
- Topic 3: Design Pattern Selection and Implementation: This section of the exam measures skills of Software Developers and Software Architects and covers the selection and implementation of appropriate design patterns. Learners examine common design patterns and their applications in software development. The material focuses on understanding when and how to apply specific patterns to solve recurring design problems and improve code organization.
- Topic 4: Large Scale Software System Design: This section of the exam measures skills of Software Architects and covers the design and analysis of large scale software systems. Learners investigate methods for planning complex software architectures that can scale and adapt to changing requirements. The content addresses techniques for creating system designs that accommodate growth and handle increased workload demands.
- Topic 5: Software System Management: This section of the exam measures skills of Software Project Managers and covers the management of large scale software systems. Learners study approaches for overseeing software projects from conception through deployment. The material focuses on coordination strategies and management techniques that ensure successful delivery of complex software solutions.
- Topic 6: Reliable and Secure Software Systems: This section of the exam measures skills of Software Engineers and Security Architects and covers building well structured, reliable, and secure software systems. Learners explore principles for creating software that performs consistently and protects against security threats. The content addresses methods for implementing reliability measures and security controls throughout the software development lifecycle.
Free WGU WGU (D487, KEO1) Secure Software Design Exam Actual Questions
Note: Premium Questions for WGU (D487, KEO1) Secure Software Design were last updated On May. 28, 2026 (see below)
Which threat modeling step identifies the assets that need to be protected?
Which category classifies identified threats that have some defenses in place and expose the application to limited exploits?
The software security team prepared a report of necessary coding and architecture changes identified during the security assessment.
Which design and development deliverable did the team prepare?
Comprehensive and Detailed In-Depth Explanation:
In the context of software security, a threat model is a structured representation that identifies potential threats to the system, evaluates their severity, and guides the development of mitigation strategies. When a security assessment reveals vulnerabilities or areas of concern, it's imperative to update the threat modeling artifacts to reflect these findings. This ensures that the threat model remains an accurate and current representation of the system's security posture.
By updating the threat modeling artifacts, the team documents the identified threats and outlines necessary coding and architectural changes to mitigate these threats. This proactive approach allows for the integration of security considerations early in the design and development phases, reducing the likelihood of vulnerabilities in the deployed system.
This practice aligns with the Design business function of the OWASP Software Assurance Maturity Model (SAMM), which emphasizes the importance of incorporating security into the software design process. Within this function, the Threat Assessment practice focuses on identifying and evaluating potential threats to inform security requirements and design decisions. Updating threat modeling artifacts is a key activity within this practice, ensuring that security assessments directly influence the system's design and architecture.
OWASP SAMM: Design - Threat Assessment
The product development team is preparing for the production deployment of recent feature enhancements. One morning, they noticed the amount of test data grew exponentially overnight. Most fields were filled with random characters, but some structured query language was discovered.
Which type of security development lifecycle (SDL) tool was likely being used?
Comprehensive and Detailed In-Depth Explanation:
The scenario described indicates that the system was subjected to inputs containing random data and some structured query language (SQL) statements, leading to an exponential increase in test data. This behavior is characteristic of fuzzing, a testing technique used to identify vulnerabilities by inputting a wide range of random or unexpected data into the system.
Fuzzing aims to discover coding errors and security loopholes by bombarding the application with malformed or unexpected inputs, observing how the system responds. The presence of random characters and SQL statements suggests that the fuzzing tool was testing for vulnerabilities such as SQL injection by injecting various payloads into the system.
This approach is part of the Verification business function in the OWASP SAMM, specifically within the Security Testing practice. Security testing involves evaluating the software to identify vulnerabilities that could be exploited, and fuzzing is a common technique employed in this practice to ensure the robustness and security of the application.
OWASP SAMM: Verification - Security Testing
In which step of the PASTA threat modeling methodology will the team capture infrastructure, application, and software dependencies?
The step of the PASTA threat modeling methodology where the team will capture infrastructure, application, and software dependencies is the Define technical scope step. This step involves detailing the technical elements of the project, which includes understanding and documenting the infrastructure, applications, and software dependencies that are critical to the system's operation and security.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Monica Hall
7 days agoAshley Perez
20 days agoGerald King
1 month agoMargaret Edwards
1 month agoDonald Gonzalez
26 days agoPaul Hernandez
1 month agoRyan Ramirez
26 days agoJohn Campbell
1 month agoFreeman
2 months agoSelma
2 months agoTuyet
2 months agoEarleen
3 months agoRebeca
3 months agoLakeesha
3 months agoLettie
3 months agoOretha
4 months agoLettie
4 months agoDenna
4 months agoGerman
4 months agoKris
5 months agoTegan
5 months agoDelbert
5 months agoDorthy
5 months agoTheola
6 months agoWillie
6 months agoCherelle
6 months agoJenelle
6 months agoCecilia
7 months ago