WGU MASTER'S COURSE C706 - SECURE SOFTWARE DESIGN EXAM QUESTIONS AND ANSWERS. VERIFIED 2025/2026.

WGU MASTER'S COURSE C706 -
SECURE SOFTWARE DESIGN EXAM
QUESTIONS AND ANSWERS. VERIFIED
2025/2026.




Which due diligence activity for supply chain security should occur in the initiation phase of the
software acquisition life cycle?



A Developing a request for proposal (RFP) that includes supply chain security risk management

B Lessening the risk of disseminating information during disposal

C Facilitating knowledge transfer between suppliers

D Mitigating supply chain security risk by providing user guidance - ANS A



Which due diligence activity for supply chain security investigates the means by which data sets
are shared and assessed?



A on-site assessment

B process policy review

C third-party assessment

D document exchange and review - ANS D



1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.

,Consider these characteristics:



-Identification of the entity making the access request

-Verification that the request has not changed since its initiation

-Application of the appropriate authorization procedures

-Reexamination of previously authorized requests by the same entity



Which security design analysis is being described?



A Open design

B Complete mediation

C Economy of mechanism

D Least common mechanism - ANS B



Which software security principle guards against the improper modification or destruction of
information and ensures the nonrepudiation and authenticity of information?



A Quality

B Integrity

C Availability

D Confidentiality - ANS B



What type of functional security requirement involves receiving, processing, storing,
transmitting, and delivering in report form?



A Logging


2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.

,B Error handling

C Primary dataflow

D Access control flow - ANS C



Which nonfunctional security requirement provides a way to capture information correctly and
a way to store that information to help support later audits?



A Logging

B Error handling

C Primary dataflow

D Access control flow - ANS A



Which security concept refers to the quality of information that could cause harm or damage if
disclosed?



A Isolation

B Discretion

C Seclusion

D Sensitivity - ANS D



Which technology would be an example of an injection flaw, according to the OWASP Top 10?



A SQL

B API

C XML

D XSS - ANS A


3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.

, A company is creating a new software to track customer balance and wants to design a secure
application.



Which best practice should be applied?



A Develop a secure authentication method that has a closed design

B Allow mediation bypass or suspension for software testing and emergency planning

C Ensure there is physical acceptability to ensure software is intuitive for the users to do their
jobs

D Create multiple layers of protection so that a subsequent layer provides protection if a layer is
breached - ANS D



A company is developing a secure software that has to be evaluated and tested by a large
number of experts.



Which security principle should be applied?



A Fail safe

B Open design

C Defense in depth

D Complete mediation - ANS B



Which type of TCP scanning indicates that a system is moving to the second phase in a three-
way TCP handshake?



A TCP SYN scanning


4 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.