WGU C706 STUDY GUIDE EXAM
QUESTIONS AND ANSWERS. VERIFIED
2025/2026.
Confidentiality - ANS In information security, confidentiality "is the property, that information
is not made available or disclosed to unauthorized individuals, entities, or processes"
Integrity - ANS In information security, data integrity means maintaining and assuring the
accuracy and completeness of data over its entire life-cycle. This means that data cannot be
modified in an unauthorized or undetected manner. This can be also used to validate databases
to make sure none of the data is corrupt or modified in an unauthorized matter.
Availability - ANS For any information system to serve its purpose, the information must be
available when it is needed. This means that the computing systems used to store and process
the information, the security controls used to protect it, and the communication channels used
to access it must be functioning correctly.
CIA Triad - ANS Confidentiality, Integrity, Availability
Secure Software Design Feature - ANS Confidentiality: Public Key Infrastructure (PKI) and
Cryptography/Encryption
Availability: Offsite back-up and Redundancy
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,Integrity: Hashing, Message Digest (MD5), non repudiation and digital signatures
Software Architect - ANS The software architect moves analysis to implementation and
analyzes the requirements and use cases as activities to perform as part of the development
process. That person can also develop class diagrams.
Security Practitioner Roles - ANS Release Manager
Architect
Developer
Business Analyst/Project Manager
Release Manager - ANS Deployment
Architect - ANS Design
Developer - ANS Coding
Business Analyst/Project Manager - ANS Requirements Gathering
Confidentiality - ANS Public Key Infrastructure (PKI) and Cryptography/Encryption
Availability - ANS Offsite back-up and Redundancy
Integrity - ANS Hashing, Message Digest (MD5), non repudiation and digital signatures
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Red Team - ANS These are teams of people familiar with the infrastructure of the company
and the languages of the software being developed. Their mission is to kill the system as the
developers build it.
Static Analysis - ANS Static analysis, also called static code analysis, is a method of computer
program debugging that is done by examining the code without executing the program. The
process provides an understanding of the code structure, and can help to ensure that the code
adheres to industry standards. It's also referred as code review.
MD5 Hash - ANS The MD5 algorithm is a widely used hash function producing a 128-bit hash
value. Although MD5 was initially designed to be used as a cryptographic hash function, it has
been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify
data integrity, but only against unintentional corruption. (Integrity)
SHA-256 - ANS The SHA (Secure Hash Algorithm) is one of a number of cryptographic hash
functions. A cryptographic hash is like a signature for a text or a data file. SHA-256 algorithm
generates an almost-unique, fixed size 256-bit (32-byte) hash. Hash is a one-way function - it
cannot be decrypted back. (Integrity)
Advanced Encryption Standard (AES) - ANS AES (acronym of Advanced Encryption Standard)
is a symmetric encryption algorithm. The algorithm was developed by two Belgian
cryptographer Joan Daemen and Vincent Rijmen. AES was
designed to be efficient in both hardware and software, and supports a block length of 128 bits
and key lengths of 128, 192, and 256 bits. (Confidentiality)
Stochastic - ANS The analogy between safety and security is particularly close. The main
difference is that safety-relevant faults are stochastic (i.e., unintentional or accidental), whereas
security-relevant faults are "sponsored," i.e., intentionally created and activated through
conscious and intentional human agency.
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
QUESTIONS AND ANSWERS. VERIFIED
2025/2026.
Confidentiality - ANS In information security, confidentiality "is the property, that information
is not made available or disclosed to unauthorized individuals, entities, or processes"
Integrity - ANS In information security, data integrity means maintaining and assuring the
accuracy and completeness of data over its entire life-cycle. This means that data cannot be
modified in an unauthorized or undetected manner. This can be also used to validate databases
to make sure none of the data is corrupt or modified in an unauthorized matter.
Availability - ANS For any information system to serve its purpose, the information must be
available when it is needed. This means that the computing systems used to store and process
the information, the security controls used to protect it, and the communication channels used
to access it must be functioning correctly.
CIA Triad - ANS Confidentiality, Integrity, Availability
Secure Software Design Feature - ANS Confidentiality: Public Key Infrastructure (PKI) and
Cryptography/Encryption
Availability: Offsite back-up and Redundancy
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,Integrity: Hashing, Message Digest (MD5), non repudiation and digital signatures
Software Architect - ANS The software architect moves analysis to implementation and
analyzes the requirements and use cases as activities to perform as part of the development
process. That person can also develop class diagrams.
Security Practitioner Roles - ANS Release Manager
Architect
Developer
Business Analyst/Project Manager
Release Manager - ANS Deployment
Architect - ANS Design
Developer - ANS Coding
Business Analyst/Project Manager - ANS Requirements Gathering
Confidentiality - ANS Public Key Infrastructure (PKI) and Cryptography/Encryption
Availability - ANS Offsite back-up and Redundancy
Integrity - ANS Hashing, Message Digest (MD5), non repudiation and digital signatures
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, Red Team - ANS These are teams of people familiar with the infrastructure of the company
and the languages of the software being developed. Their mission is to kill the system as the
developers build it.
Static Analysis - ANS Static analysis, also called static code analysis, is a method of computer
program debugging that is done by examining the code without executing the program. The
process provides an understanding of the code structure, and can help to ensure that the code
adheres to industry standards. It's also referred as code review.
MD5 Hash - ANS The MD5 algorithm is a widely used hash function producing a 128-bit hash
value. Although MD5 was initially designed to be used as a cryptographic hash function, it has
been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify
data integrity, but only against unintentional corruption. (Integrity)
SHA-256 - ANS The SHA (Secure Hash Algorithm) is one of a number of cryptographic hash
functions. A cryptographic hash is like a signature for a text or a data file. SHA-256 algorithm
generates an almost-unique, fixed size 256-bit (32-byte) hash. Hash is a one-way function - it
cannot be decrypted back. (Integrity)
Advanced Encryption Standard (AES) - ANS AES (acronym of Advanced Encryption Standard)
is a symmetric encryption algorithm. The algorithm was developed by two Belgian
cryptographer Joan Daemen and Vincent Rijmen. AES was
designed to be efficient in both hardware and software, and supports a block length of 128 bits
and key lengths of 128, 192, and 256 bits. (Confidentiality)
Stochastic - ANS The analogy between safety and security is particularly close. The main
difference is that safety-relevant faults are stochastic (i.e., unintentional or accidental), whereas
security-relevant faults are "sponsored," i.e., intentionally created and activated through
conscious and intentional human agency.
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
