WGU MASTER'S COURSE C706 (SECURE SOFTWARE DESIGN EXAM LATEST 2024). 400 QUESTIONS WITH CORRECT & VERIFIED ANSWERS + RATIONALES.

WGU MASTER'S COURSE C706 (SECURE SOFTWARE DESIGN EXAM LATEST 2024). 400 QUESTIONS WITH CORRECT & VERIFIED ANSWERS + RATIONALES. GRADED A+. What is a step for constructing a threat model for a project when using practical risk analysis? A Align your business goals B Apply engineering methods C Estimate probability of project time D Make a list of what you are trying to protect - ANSWER-D Which cyber threats are typically surgical by nature, have highly specific targeting, and are technologically sophisticated? A Tactical attacks B Criminal attacks C Strategic attacks D User-specific attacks - ANSWER-A Which type of cyberattacks are often intended to elevate awareness of a topic? A Cyberwarfare B Tactical attacks C User-specific attacks D Sociopolitical attacks - ANSWER-D What type of attack locks a user's desktop and then requires a payment to unlock it? A Phishing B Keylogger C Ransomware D Denial-of-service - ANSWER-C What is a countermeasure against various forms of XML and XML path injection attacks? A XML name wrapping B XML unicode encoding C XML attribute escaping D XML distinguished name escaping - ANSWER-C Which countermeasure is used to mitigate SQL injection attacks? A SQL Firewall B Projected bijection C Query parameterization D Progressive ColdFusion - ANSWER-C What is an appropriate countermeasure to an escalation of privilege attack? A Enforcing strong password policies B Using standard encryption algorithms and correct key sizes C Enabling the auditing and logging of all administration activities D Restricting access to specific operations through role-based access controls - ANSWER-D Which configuration management security countermeasure implements least privilege access control? A Following strong password policies to restrict access B Restricting file access to users based on authorization C Avoiding clear text format for credentials and sensitive data D Using AES 256 encryption for communications of a sensitive nature - ANSWER-B Which phase of the software development life cycle (SDL/SDLC) would be used to determine the minimum set of privileges required to perform the targeted task and restrict the user to a domain with those privileges? A Design B Deploy C Development D Implementation - ANSWER-A Which least privilege method is more granular in scope and grants specific processes only the privileges necessary to perform certain required functions, instead of granting them unrestricted access to the system? A Entitlement privilege B Separation of privilege C Aggregation of privileges D Segregation of responsibilities - ANSWER-B Why does privilege creep pose a potential security risk? A User privileges do not match their job role. B With more privileges, there are more responsibilities. C Auditing will show a mismatch between individual responsibilities and their access rights. D Users have more privileges than they need and may perform actions outside their job description. - ANSWER-D A system developer is implementing a new sales system. The system developer is concerned that unauthorized individuals may be able to view sensitive customer financial data. Which family of nonfunctional requirements should be considered as part of the acceptance criteria? A Integrity B Availability C Nonrepudition D Confidentiality - ANSWER-D A project manager is given the task to come up with nonfunctional acceptance criteria requirements for business owners as part of a project delivery. Which nonfunctional requirement should be applied to the acceptance criteria? A Give search options to users B Evaluate test execution results C Divide users into groups and give them separate rights D Develop software that keeps downward compatibility intact - ANSWER-B A user was given a task to identify a nonfunctional acceptance criteria. Which nonfunctional requirement should be applied to the acceptance criteria? A Encryption used during data transfer B Review of the most recent test results C Software developed keeping downward compatibility intact D Users divided into groups and the groups given separate rights - ANSWER-B Which technique can be used by an attacker to compromise password security when a password such as "123456" is used by an organization? A Denial-of-service attack B Brute-force attack C Blind SQL injection D Blind XPath injection - ANSWER-B Which type of password attack tests for every possible value of a parameter? A Phishing B Brute force C DNS poisoning D Cache poisoning - ANSWER-B Which type of attack allows the complete disclosure or destruction of all data on a system and allows attackers to spoof identity, tamper with existing data, and cause repudiation issues such as voiding transactions or changing balances? A SQL injection B Code injection C Command injection D Special element injection - ANSWER-A Which threat uses malware that tricks users into believing that there is no way out for them except to pay to get rid of a nuisance? A Script kiddies B Insider threats C Ransomware D Bitcoin malware - ANSWER-C