Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. WGU
  5. Secure-Software-Design

WGU Secure-Software-Design Exam
WGU Secure Software Design (D487, KEO1) (Page 4 )

Updated On: 9-Feb-2026
Page 4 of 25
PDF with 118 Questions

Which secure coding best practice says to require authentication before allowing any files to be uploaded and to limit the types of files to only those needed for the business purpose?

  1. File management
  2. Communication security
  3. Data protection
  4. Memory management

Answer(s): A

Explanation:

The secure coding best practice that requires authentication before allowing any files to be uploaded, and limits the types of files to only those needed for the business purpose, falls under the category of File Management. This practice is crucial for preventing unauthorized file uploads, which can be a common vector for attacks such as uploading malicious files or scripts. By enforcing authentication, the application ensures that only legitimate users can upload files. Additionally, restricting the file types to those necessary for business operations minimizes the risk of uploading potentially harmful files that could compromise the system.


Reference:

OWASP Secure Coding Practices1
File Upload Security Best Practices | CodeHandbook2
File Upload Protection ­ 10 Best Practices for Preventing ... - OPSWAT3



Which secure coding best practice says to use a single application-level authorization component that will lock down the application if it cannot access its configuration information?

  1. Access control
  2. Data protection
  3. Session management
  4. Communication security

Answer(s): A

Explanation:

The secure coding best practice that recommends using a single application-level authorization component to lock down the application if it cannot access its configuration information is known as Access Control. This practice is part of a broader set of security measures aimed at ensuring that only authorized users have access to certain functionalities or data within an application. By centralizing the authorization logic, it becomes easier to manage and enforce security policies consistently across the application. If the authorization component cannot retrieve its configuration, it defaults to a secure state, thus preventing unauthorized access1.


Reference:

1: OWASP Secure Coding Practices - Quick Reference Guide



Which SDL security goal is defined as ensuring timely and reliable access to and use of information?

  1. Information security
  2. Confidentiality
  3. Availability
  4. Integrity

Answer(s): C

Explanation:

The term `availability' in the context of Secure Software Development Lifecycle (SDL) refers to ensuring that systems, applications, and data are accessible to authorized users when needed. This means that the information must be timely and reliable, without undue delays or interruptions. Availability is a critical aspect of security, as it ensures that the software functions correctly and efficiently, providing users with the information they need to perform their tasks.


Reference:

The definition of availability as per the National Institute of Standards and Technology (NIST) Glossary1.
The Microsoft Security Development Lifecycle (SDL) which emphasizes the importance of availability in secure software design2.
General principles of Secure Software Development Life Cycle (SSDLC) that include availability as a key security goal3.



What is one of the tour core values of the agile manifesto?

  1. Communication between team members
  2. Individuals and interactions over processes and tools
  3. Business people and developers must work together daily throughout the project.
  4. Teams should have a dedicated and open workspace.

Answer(s): B

Explanation:

One of the four core values of the Agile Manifesto is prioritizing "individuals and interactions over processes and tools." This value emphasizes the importance of the human element in software development, advocating for direct communication, collaboration, and the flexibility to adapt to change over strict adherence to rigid processes or reliance on specific tools. It recognizes that while processes and tools are important, they should serve the team and the individuals within it, rather than the other way around.


Reference:

The Agile Manifesto itself, along with various interpretations and guides such as those provided by Smartsheet1 and LogRocket2, support this value as one of the central tenets of Agile methodologies. These resources offer insights into how this value, along with the other three, guide the Agile approach to efficient and effective software development.



The scrum team decided that before any change can be merged and tested, it must be looked at by the learns lead developer, who will ensure accepted coding patterns are being followed and that the code meets the team's quality standards.
Which category of secure software best practices is the team performing?

  1. Architecture analysis
  2. Penetration testing
  3. Code review
  4. Training

Answer(s): B

Explanation:

The practice described is Code review, which is a part of secure software development best practices. Code reviews are conducted to ensure that the code adheres to accepted coding patterns and meets the team's quality standards. This process involves the examination of source code by a person or a group other than the author to identify bugs, security vulnerabilities, and ensure compliance with coding standards.


Reference:

Fundamental Practices for Secure Software Development - SAFECode1.
Secure Software Development Framework | CSRC2.
Secure Software Development Best Practices - Hyperproof3.






Post your Comments and Discuss WGU Secure-Software-Design exam prep with other Community members:

Join the Secure-Software-Design Discussion