WGU MASTER'S COURSE C706 - SECURE
SOFTWARE DESIGN EXAM LATEST 2024 ACTUAL
EXAM 300 QUESTIONS AND CORRECT DETAILED
ANSWERS WITH RATIONALES (VERIFIED
ANSWERS) |ALREADY GRADED A+
Which phase of the software development life cycle (SDL/SDLC)
would be used to determine the minimum set of privileges required to
perform the targeted task and restrict the user to a domain with those
privileges?
A Design
B Deploy
C Development
D Implementation - ...ANSWER..A
Which least privilege method is more granular in scope and grants
specific processes only the privileges necessary to perform certain
required functions, instead of granting them unrestricted access to the
system?
A Entitlement privilege
B Separation of privilege
C Aggregation of privileges
D Segregation of responsibilities - ...ANSWER..B
Why does privilege creep pose a potential security risk?
A User privileges do not match their job role.
B With more privileges, there are more responsibilities.
C Auditing will show a mismatch between individual responsibilities
and their access rights.
,D Users have more privileges than they need and may perform actions
outside their job description. - ...ANSWER..D
A system developer is implementing a new sales system. The system
developer is concerned that unauthorized individuals may be able to
view sensitive customer financial data.
Which family of nonfunctional requirements should be considered as
part of the acceptance criteria?
A Integrity
B Availability
C Nonrepudition
D Confidentiality - ...ANSWER..D
A project manager is given the task to come up with nonfunctional
acceptance criteria requirements for business owners as part of a
project delivery.
Which nonfunctional requirement should be applied to the acceptance
criteria?
A Give search options to users
B Evaluate test execution results
C Divide users into groups and give them separate rights
D Develop software that keeps downward compatibility intact -
...ANSWER..B
A user was given a task to identify a nonfunctional acceptance
criteria.
Which nonfunctional requirement should be applied to the acceptance
criteria?
A Encryption used during data transfer
B Review of the most recent test results
C Software developed keeping downward compatibility intact
,D Users divided into groups and the groups given separate rights -
...ANSWER..B
Which technique can be used by an attacker to compromise password
security when a password such as "123456" is used by an
organization?
A Denial-of-service attack
B Brute-force attack
C Blind SQL injection
D Blind XPath injection - ...ANSWER..B
Which type of password attack tests for every possible value of a
parameter?
A Phishing
B Brute force
C DNS poisoning
D Cache poisoning - ...ANSWER..B
Which type of attack allows the complete disclosure or destruction of
all data on a system and allows attackers to spoof identity, tamper
with existing data, and cause repudiation issues such as voiding
transactions or changing balances?
A SQL injection
B Code injection
C Command injection
D Special element injection - ...ANSWER..A
Which threat uses malware that tricks users into believing that there is
no way out for them except to pay to get rid of a nuisance?
A Script kiddies
B Insider threats
C Ransomware
D Bitcoin malware - ...ANSWER..C
, Which type of application attack is used to harvest and steal sensitive
information?
A Whaling
B Remote access tool
C Malicious file execution
D Advanced persistent threat - ...ANSWER..B
Which type of application attack is commonly waged through the use
of rootkits?
A Backdoor
B Time of check
C Rainbow table
D Escalation of privilege - ...ANSWER..D
Which attack aims to make web service unavailable or unusable?
A Spoofing
B Tampering
C Repudiation
D Denial-of-service - ...ANSWER..D
A company is developing a new software application that requires
users to log in using a username and password. The company needs to
implement a security control that is effective at preventing spoofing
during the log-in process.
Which security control is effective at preventing this threat action?
A Integrity
B Authorization
C Authentication
D Confidentiality - ...ANSWER..C
SOFTWARE DESIGN EXAM LATEST 2024 ACTUAL
EXAM 300 QUESTIONS AND CORRECT DETAILED
ANSWERS WITH RATIONALES (VERIFIED
ANSWERS) |ALREADY GRADED A+
Which phase of the software development life cycle (SDL/SDLC)
would be used to determine the minimum set of privileges required to
perform the targeted task and restrict the user to a domain with those
privileges?
A Design
B Deploy
C Development
D Implementation - ...ANSWER..A
Which least privilege method is more granular in scope and grants
specific processes only the privileges necessary to perform certain
required functions, instead of granting them unrestricted access to the
system?
A Entitlement privilege
B Separation of privilege
C Aggregation of privileges
D Segregation of responsibilities - ...ANSWER..B
Why does privilege creep pose a potential security risk?
A User privileges do not match their job role.
B With more privileges, there are more responsibilities.
C Auditing will show a mismatch between individual responsibilities
and their access rights.
,D Users have more privileges than they need and may perform actions
outside their job description. - ...ANSWER..D
A system developer is implementing a new sales system. The system
developer is concerned that unauthorized individuals may be able to
view sensitive customer financial data.
Which family of nonfunctional requirements should be considered as
part of the acceptance criteria?
A Integrity
B Availability
C Nonrepudition
D Confidentiality - ...ANSWER..D
A project manager is given the task to come up with nonfunctional
acceptance criteria requirements for business owners as part of a
project delivery.
Which nonfunctional requirement should be applied to the acceptance
criteria?
A Give search options to users
B Evaluate test execution results
C Divide users into groups and give them separate rights
D Develop software that keeps downward compatibility intact -
...ANSWER..B
A user was given a task to identify a nonfunctional acceptance
criteria.
Which nonfunctional requirement should be applied to the acceptance
criteria?
A Encryption used during data transfer
B Review of the most recent test results
C Software developed keeping downward compatibility intact
,D Users divided into groups and the groups given separate rights -
...ANSWER..B
Which technique can be used by an attacker to compromise password
security when a password such as "123456" is used by an
organization?
A Denial-of-service attack
B Brute-force attack
C Blind SQL injection
D Blind XPath injection - ...ANSWER..B
Which type of password attack tests for every possible value of a
parameter?
A Phishing
B Brute force
C DNS poisoning
D Cache poisoning - ...ANSWER..B
Which type of attack allows the complete disclosure or destruction of
all data on a system and allows attackers to spoof identity, tamper
with existing data, and cause repudiation issues such as voiding
transactions or changing balances?
A SQL injection
B Code injection
C Command injection
D Special element injection - ...ANSWER..A
Which threat uses malware that tricks users into believing that there is
no way out for them except to pay to get rid of a nuisance?
A Script kiddies
B Insider threats
C Ransomware
D Bitcoin malware - ...ANSWER..C
, Which type of application attack is used to harvest and steal sensitive
information?
A Whaling
B Remote access tool
C Malicious file execution
D Advanced persistent threat - ...ANSWER..B
Which type of application attack is commonly waged through the use
of rootkits?
A Backdoor
B Time of check
C Rainbow table
D Escalation of privilege - ...ANSWER..D
Which attack aims to make web service unavailable or unusable?
A Spoofing
B Tampering
C Repudiation
D Denial-of-service - ...ANSWER..D
A company is developing a new software application that requires
users to log in using a username and password. The company needs to
implement a security control that is effective at preventing spoofing
during the log-in process.
Which security control is effective at preventing this threat action?
A Integrity
B Authorization
C Authentication
D Confidentiality - ...ANSWER..C
