Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. WGU
  5. Secure-Software-Design

WGU Secure-Software-Design Exam
WGU Secure Software Design (D487, KEO1) (Page 3 )

Updated On: 9-Feb-2026
Page 3 of 25
PDF with 118 Questions

Company leadership has discovered an untapped revenue stream within its customer base and wants to meet with IT to share its vision for the future and determine whether to move forward.
Which phase of the software development lifecycle (SDLC) is being described?

  1. Implementation
  2. Design
  3. Planning
  4. Requirements

Answer(s): C

Explanation:

The phase being described is the Planning phase of the SDLC. This initial stage involves gathering business requirements and evaluating the feasibility of the project. It's when the company leadership would typically meet with IT and other stakeholders to share visions for the future, discuss potential revenue streams, and determine the project's direction before moving forward with development. This phase is crucial for setting the groundwork for all subsequent phases of the SDLC.


Reference:

The Software Development Life Cycle (SDLC): 7 Phases and 5 Models1.
What Is the Software Development Life Cycle? SDLC Explained2. Software Development Life Cycle (SDLC) Phases & Models3.



Senior IT staff has determined that a new product will be hosted in the cloud and will support web and mobile users. Developers will need to deliver secure REST services. Android and IOS mobile apps. and a web application. Developers are currently determining how to deliver each part of the overall product.
Which phase of the software development lifecycle (SDLC) is being described?

  1. Maintenance
  2. End of life
  3. Deployment
  4. Design

Answer(s): D

Explanation:

The phase being described is the Design phase of the SDLC. During this phase, developers and IT staff determine the architectural and operational details of the product, which includes decisions on how to deliver various components such as secure REST services, mobile apps, and web applications. The Design phase is crucial for setting the foundation for the development work that will follow, ensuring that the product will be secure, scalable, and maintainable.


Reference:

The information aligns with the descriptions of the SDLC phases provided in resources such as GitHub's explanation of the SDLC1 and other industry-standard software development lifecycle resources234.



A company is moving forward with a new product. Product scope has been determined, teams have formed, and backlogs have been created. Developers are actively writing code for the new product, with one team concentrating on delivering data via REST services, one Team working on the mobile apps, and a third team writing the web application.
Which phase of the software development lifecycle (SDLC) is being described?

  1. Deployment
  2. Design
  3. Implementation
  4. Requirements

Answer(s): C

Explanation:

The phase being described is the Implementation phase of the SDLC. During this phase, the actual development starts, and the product begins to be built. The teams are actively writing code, which is a key activity of the Implementation phase. This phase involves translating the design and specifications into executable code, developing the software's features, and then integrating the various components into a full-fledged system.


Reference:

The Software Development Life Cycle (SDLC): 7 Phases and 5 Models1.
What Is the Software Development Life Cycle? SDLC Explained2. SDLC: 6 Main Stages of the Software Product Development Lifecycle3. Software Development Life Cycle (SDLC) Phases & Models4.



Which software control test examines the internal logical structures of a program and steps through the code line by line to analyze the program for potential errors?

  1. White box testing
  2. Reasonableness testing
  3. Black box testing
  4. Dynamic testing

Answer(s): A

Explanation:

White box testing, also known as clear box testing, glass box testing, transparent box testing, and structural testing, is a method of software testing where the internal structure, design, and coding of the software are tested to verify the flow of input-output and to improve the design, usability, and security. It involves looking at the structures that are internal to the system, with the tester having knowledge of the internal workings of the product. This type of testing is concerned with examining the internal logical structures of the program and is typically performed by stepping through the code line by line to analyze the program for potential errors, which aligns with the description of the control test in question.


Reference:

Control Structure Testing - GeeksforGeeks1
What is White Box Testing? - BrowserStack2
Software Testing Strategies Chapter 18 - IIT3



Which secure coding best practice says to assume all incoming data should be considered untrusted and should be validated to ensure the system only accepts valid data?

  1. General coding practices
  2. Input validation
  3. Session management
  4. System configuration

Answer(s): B

Explanation:

The secure coding best practice that emphasizes treating all incoming data as untrusted and subjecting it to validation is known as input validation. This practice is crucial for ensuring that a system only processes valid, clean data, thereby preventing many types of vulnerabilities, such as SQL injection, cross-site scripting (XSS), and buffer overflows, which can arise from maliciously crafted inputs.
Input validation involves verifying that the data meets certain criteria before it is processed by the system. This includes checking for the correct data type, length, format, and range. It also involves sanitizing the data to ensure that it does not contain any potentially harmful elements that could lead to security breaches.
A centralized input validation routine is recommended for the entire application, which helps in maintaining consistency and effectiveness in the validation process. This routine should be implemented on a trusted system, typically server-side, to prevent tampering or bypassing of the validation logic.
It's important to classify all data sources into trusted and untrusted categories and to apply rigorous validation to all data from untrusted sources, such as user input, databases, file streams, and network interfaces.
By adhering to the input validation best practice, developers can significantly reduce the attack surface of their applications and protect against a wide array of common security threats.


Reference:

The verified answer is supported by the Secure Coding Practices outlined by the OWASP Foundation1 and other reputable sources such as Coding Dojo2 and CERT Secure Coding3.






Post your Comments and Discuss WGU Secure-Software-Design exam prep with other Community members:

Join the Secure-Software-Design Discussion