WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025-2026 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
What is a step for constructing a threat model for a project when using practical risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
DAMakeAaAlistAofAwhatAyouAareAtryingAtoAprotectA- ANSWER-D
Which cyber threats are typically surgical by nature, have highly specific targeting, and are technologi
cally sophisticated?
AATacticalAattacks
B Criminal attacks
C Strategic attacks
D User-specific attacks - ANSWER-A
Which type of cyberattacks are often intended to elevate awareness of a topic?
A Cyberwarfare
B Tactical attacks
C User-specific attacks
DASociopoliticalAattacksA- ANSWER-D
What type of attack locks a user's desktop and then requires a payment to unlockAit?
A Phishing
, WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025-2026 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
B Keylogger
CARansomware
D Denial-of-service - ANSWER-C
What is a countermeasure against various forms of XML and XML path injection attacks?
A XML name wrapping
B XML unicode encoding
CAXMLAattributeAescaping
D XML distinguished name escaping - ANSWER-C
Which countermeasure is used to mitigate SQL injection attacks?
A SQLAFirewall
B Projected bijection
CAQueryAparameterization
D Progressive ColdFusion - ANSWER-C
What is an appropriate countermeasure to an escalation of privilege attack?
A Enforcing strong password policies
B Using standard encryption algorithms and correct key sizes
C Enabling the auditing and logging of all administration activities
DARestrictingAaccessAtoAspecificAoperationsAthroughArole-basedAaccessAcontrolsA-AANSWER-D
, WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025-2026 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
Which configuration management security countermeasure implements least privilege access control?
A Following strong password policies to restrict access
BARestrictingAfileAaccessAtoAusersAbasedAonAauthorization
C Avoiding clear text format for credentials and sensitive data
D Using AES 256 encryption for communications of a sensitive nature - ANSWER-B
Which phase of the software development life cycle (SDL/SDLC) would be used to determine the mi
nimum set of privileges required to perform the targeted task and restrict the user to a domain wit
h those privileges?
AADesign
B Deploy
C Development
D Implementation - ANSWER-A
Which least privilege method is more granular in scope and grants specific processes only the privil
eges necessary to perform certain required functions, instead of granting them unrestricted access t
o the system?
A Entitlement privilege
BASeparationAofAprivilege
C Aggregation of privileges
D Segregation of responsibilities - ANSWER-B
Why does privilege creep pose a potential security risk?
, WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025-2026 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
A User privileges do not match their job role.
B With more privileges, there are more responsibilities.
C Auditing will show a mismatch between individual responsibilities and their access rights.
DAUsersAhaveAmoreAprivilegesAthanAtheyAneedAandAmayAperformAactionsAoutsideAtheirAjobAdescription.
A-AANSWER-D
A system developer is implementing a new sales system. The system developer is concerned that un
authorized individuals may be able to view sensitive customer financial data.
Which family of nonfunctional requirements should be considered as part of the acceptance criteria?
A Integrity
B Availability
C Nonrepudition
DAConfidentialityA- ANSWER-D
A project manager is given the task to come up with nonfunctional acceptance criteria requirements
for business owners as part of a project delivery.
Which nonfunctional requirement should be applied to the acceptance criteria?
A Give search options to users
BAEvaluateAtestAexecutionAresults
C Divide users into groups and give them separate rights
D Develop software that keeps downward compatibility intact - ANSWER-B
DESIGN EXAM LATEST 2025-2026 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
What is a step for constructing a threat model for a project when using practical risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
DAMakeAaAlistAofAwhatAyouAareAtryingAtoAprotectA- ANSWER-D
Which cyber threats are typically surgical by nature, have highly specific targeting, and are technologi
cally sophisticated?
AATacticalAattacks
B Criminal attacks
C Strategic attacks
D User-specific attacks - ANSWER-A
Which type of cyberattacks are often intended to elevate awareness of a topic?
A Cyberwarfare
B Tactical attacks
C User-specific attacks
DASociopoliticalAattacksA- ANSWER-D
What type of attack locks a user's desktop and then requires a payment to unlockAit?
A Phishing
, WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025-2026 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
B Keylogger
CARansomware
D Denial-of-service - ANSWER-C
What is a countermeasure against various forms of XML and XML path injection attacks?
A XML name wrapping
B XML unicode encoding
CAXMLAattributeAescaping
D XML distinguished name escaping - ANSWER-C
Which countermeasure is used to mitigate SQL injection attacks?
A SQLAFirewall
B Projected bijection
CAQueryAparameterization
D Progressive ColdFusion - ANSWER-C
What is an appropriate countermeasure to an escalation of privilege attack?
A Enforcing strong password policies
B Using standard encryption algorithms and correct key sizes
C Enabling the auditing and logging of all administration activities
DARestrictingAaccessAtoAspecificAoperationsAthroughArole-basedAaccessAcontrolsA-AANSWER-D
, WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025-2026 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
Which configuration management security countermeasure implements least privilege access control?
A Following strong password policies to restrict access
BARestrictingAfileAaccessAtoAusersAbasedAonAauthorization
C Avoiding clear text format for credentials and sensitive data
D Using AES 256 encryption for communications of a sensitive nature - ANSWER-B
Which phase of the software development life cycle (SDL/SDLC) would be used to determine the mi
nimum set of privileges required to perform the targeted task and restrict the user to a domain wit
h those privileges?
AADesign
B Deploy
C Development
D Implementation - ANSWER-A
Which least privilege method is more granular in scope and grants specific processes only the privil
eges necessary to perform certain required functions, instead of granting them unrestricted access t
o the system?
A Entitlement privilege
BASeparationAofAprivilege
C Aggregation of privileges
D Segregation of responsibilities - ANSWER-B
Why does privilege creep pose a potential security risk?
, WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025-2026 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
A User privileges do not match their job role.
B With more privileges, there are more responsibilities.
C Auditing will show a mismatch between individual responsibilities and their access rights.
DAUsersAhaveAmoreAprivilegesAthanAtheyAneedAandAmayAperformAactionsAoutsideAtheirAjobAdescription.
A-AANSWER-D
A system developer is implementing a new sales system. The system developer is concerned that un
authorized individuals may be able to view sensitive customer financial data.
Which family of nonfunctional requirements should be considered as part of the acceptance criteria?
A Integrity
B Availability
C Nonrepudition
DAConfidentialityA- ANSWER-D
A project manager is given the task to come up with nonfunctional acceptance criteria requirements
for business owners as part of a project delivery.
Which nonfunctional requirement should be applied to the acceptance criteria?
A Give search options to users
BAEvaluateAtestAexecutionAresults
C Divide users into groups and give them separate rights
D Develop software that keeps downward compatibility intact - ANSWER-B
