1
2025 WGU MASTER'S COURSE C706 - SECURE
SOFTWARE DESIGN | 250 EXAM QUESTIONS AND
ANSWERS | ALREADY GRADED A+ | LATEST EDITION
Which due diligence activity for supply chain security should occur in the initiation
phase of the software acquisition life cycle?
A Developing a request for proposal (RFP) that includes supply chain security risk
management
B Lessening the risk of disseminating information during disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user guidance - (answers)A
Which due diligence activity for supply chain security investigates the means by
which data sets are shared and assessed?
A on-site assessment
B process policy review
C third-party assessment
D document exchange and review - (answers)D
Consider these characteristics:
-Identification of the entity making the access request
, 2
-Verification that the request has not changed since its initiation
-Application of the appropriate authorization procedures
-Reexamination of previously authorized requests by the same entity
Which security design analysis is being described?
A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism - (answers)B
Which software security principle guards against the improper modification or
destruction of information and ensures the nonrepudiation and authenticity of
information?
A Quality
B Integrity
C Availability
D Confidentiality - (answers)B
What type of functional security requirement involves receiving, processing,
storing, transmitting, and delivering in report form?
, 3
A Logging
B Error handling
C Primary dataflow
D Access control flow - (answers)C
Which nonfunctional security requirement provides a way to capture information
correctly and a way to store that information to help support later audits?
A Logging
B Error handling
C Primary dataflow
D Access control flow - (answers)A
Which security concept refers to the quality of information that could cause harm
or damage if disclosed?
A Isolation
B Discretion
C Seclusion
D Sensitivity - (answers)D
Which technology would be an example of an injection flaw, according to the
OWASP Top 10?
, 4
A SQL
B API
C XML
D XSS - (answers)A
A company is creating a new software to track customer balance and wants to
design a secure application.
Which best practice should be applied?
A Develop a secure authentication method that has a closed design
B Allow mediation bypass or suspension for software testing and emergency
planning
C Ensure there is physical acceptability to ensure software is intuitive for the users
to do their jobs
D Create multiple layers of protection so that a subsequent layer provides
protection if a layer is breached - (answers)D
A company is developing a secure software that has to be evaluated and tested by
a large number of experts.
Which security principle should be applied?
2025 WGU MASTER'S COURSE C706 - SECURE
SOFTWARE DESIGN | 250 EXAM QUESTIONS AND
ANSWERS | ALREADY GRADED A+ | LATEST EDITION
Which due diligence activity for supply chain security should occur in the initiation
phase of the software acquisition life cycle?
A Developing a request for proposal (RFP) that includes supply chain security risk
management
B Lessening the risk of disseminating information during disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user guidance - (answers)A
Which due diligence activity for supply chain security investigates the means by
which data sets are shared and assessed?
A on-site assessment
B process policy review
C third-party assessment
D document exchange and review - (answers)D
Consider these characteristics:
-Identification of the entity making the access request
, 2
-Verification that the request has not changed since its initiation
-Application of the appropriate authorization procedures
-Reexamination of previously authorized requests by the same entity
Which security design analysis is being described?
A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism - (answers)B
Which software security principle guards against the improper modification or
destruction of information and ensures the nonrepudiation and authenticity of
information?
A Quality
B Integrity
C Availability
D Confidentiality - (answers)B
What type of functional security requirement involves receiving, processing,
storing, transmitting, and delivering in report form?
, 3
A Logging
B Error handling
C Primary dataflow
D Access control flow - (answers)C
Which nonfunctional security requirement provides a way to capture information
correctly and a way to store that information to help support later audits?
A Logging
B Error handling
C Primary dataflow
D Access control flow - (answers)A
Which security concept refers to the quality of information that could cause harm
or damage if disclosed?
A Isolation
B Discretion
C Seclusion
D Sensitivity - (answers)D
Which technology would be an example of an injection flaw, according to the
OWASP Top 10?
, 4
A SQL
B API
C XML
D XSS - (answers)A
A company is creating a new software to track customer balance and wants to
design a secure application.
Which best practice should be applied?
A Develop a secure authentication method that has a closed design
B Allow mediation bypass or suspension for software testing and emergency
planning
C Ensure there is physical acceptability to ensure software is intuitive for the users
to do their jobs
D Create multiple layers of protection so that a subsequent layer provides
protection if a layer is breached - (answers)D
A company is developing a secure software that has to be evaluated and tested by
a large number of experts.
Which security principle should be applied?
