WGU-C706 EXAM PREP: COMPLETE
QUESTIONS AND ANSWERS FOR THE FINAL
PAPER 2026.
◍ Three core elements of security. Ans: Confidentiality, integrity,
and availability (the C.I.A. model
◍ Tools that look for a fixed set of patterns or rules in the code in a
manner similar to virus-checking programs. Ans: Static analysis tools
◍ Ensures that the user has the appropriate role and privilege to
view data. Ans: Authorization
◍ Ensures that the user is who he or she claims to be and that the
data come from the appropriate place. Ans: Authentication
◍ Question 4 :
What is responsible for preserving authorized restrictions on
information access and disclosure, including means for protecting
personal privacy and proprietary information?. Ans: Question 4
Confidentiality
,◍ Q5:
What is responsible for guarding against improper information
modification or destruction, and includes ensuring information non-
repudiation and authenticity?. Ans: Q5:
Integrity
◍ Q6:
Which concept in the software life cycle understands the potential
security threats to the system, determines risk, and establishes
appropriate mitigations?. Ans: Q6:
Threat modeling
◍ Q7:
The idea behind is simply to understand the potential security threats
to the system, determine risk, and establish appropriate mitigations.
When it is performed correctly, it occurs early in the project life cycle
and can be used to find security design issues before code is
committed.. Ans: Q7:
threat modeling
,◍ _Q8:
____________is about building secure software: designing software
to be secure; making sure that software is secure; and educating
software developers, architects, and users about how to build security
in.. Ans: Q8:
software security
◍ Q9:
__________, as the name suggests, is really aimed at developing
secure software, not necessarily quality software. Ans: Q9:
SDL methodology
◍ The most well-known SDL model is the __________, a process
that Microsoft has adopted for the development of software that needs
to withstand malicious attack. This is considered the most mature of
the top three models.. Ans: Trustworthy Computing Security
Development Lifecycle
◍ _________This is a study of real-world software security
initiatives organized so that you can determine where you stand with
your software security initiative and how to evolve your efforts over
time. It is a set of best practices that Cigital developed by analyzing
real-world data from nine leading software security initiatives and
, creating a framework based on common areas of success. There are
12 practices organized into four domains. These practices are used to
organize the 109 BSIMM activities (BSIMM 4 has a total of 111
activities).. Ans: BSIMM ( short for Building Security In Maturity
Model.)
◍ _______________provides guidance to help organizations embed
security within their processes, including application lifecycle
processes, that help to secure applications running in the environment.
It is a risk-based framework to continuously improve security through
process integration and improvements in managing applications. It
takes a process approach by design.. Ans: The ISO/IEC 27034
standard
◍ _____________ is a nonprofit organization dedicated to
increasing trust in information and communications technology
products and services through the advancement of effective software
assurance methods. SAFECode is a global, industry-led effort to
identify and promote best practices for developing and delivering
more secure and reliable software, hardware, and services.. Ans: The
Software Assurance Forum for Excellence in Code (SAFECode)
◍ ______________ is dedicated to improving software assurance by
developing methods to enable software tool evaluations, measuring
the effectiveness of tools and techniques, and identifying gaps in tools
and methods.. Ans: The NIST SAMATE (Software Assurance Metrics
and Tool Evaluation) project
QUESTIONS AND ANSWERS FOR THE FINAL
PAPER 2026.
◍ Three core elements of security. Ans: Confidentiality, integrity,
and availability (the C.I.A. model
◍ Tools that look for a fixed set of patterns or rules in the code in a
manner similar to virus-checking programs. Ans: Static analysis tools
◍ Ensures that the user has the appropriate role and privilege to
view data. Ans: Authorization
◍ Ensures that the user is who he or she claims to be and that the
data come from the appropriate place. Ans: Authentication
◍ Question 4 :
What is responsible for preserving authorized restrictions on
information access and disclosure, including means for protecting
personal privacy and proprietary information?. Ans: Question 4
Confidentiality
,◍ Q5:
What is responsible for guarding against improper information
modification or destruction, and includes ensuring information non-
repudiation and authenticity?. Ans: Q5:
Integrity
◍ Q6:
Which concept in the software life cycle understands the potential
security threats to the system, determines risk, and establishes
appropriate mitigations?. Ans: Q6:
Threat modeling
◍ Q7:
The idea behind is simply to understand the potential security threats
to the system, determine risk, and establish appropriate mitigations.
When it is performed correctly, it occurs early in the project life cycle
and can be used to find security design issues before code is
committed.. Ans: Q7:
threat modeling
,◍ _Q8:
____________is about building secure software: designing software
to be secure; making sure that software is secure; and educating
software developers, architects, and users about how to build security
in.. Ans: Q8:
software security
◍ Q9:
__________, as the name suggests, is really aimed at developing
secure software, not necessarily quality software. Ans: Q9:
SDL methodology
◍ The most well-known SDL model is the __________, a process
that Microsoft has adopted for the development of software that needs
to withstand malicious attack. This is considered the most mature of
the top three models.. Ans: Trustworthy Computing Security
Development Lifecycle
◍ _________This is a study of real-world software security
initiatives organized so that you can determine where you stand with
your software security initiative and how to evolve your efforts over
time. It is a set of best practices that Cigital developed by analyzing
real-world data from nine leading software security initiatives and
, creating a framework based on common areas of success. There are
12 practices organized into four domains. These practices are used to
organize the 109 BSIMM activities (BSIMM 4 has a total of 111
activities).. Ans: BSIMM ( short for Building Security In Maturity
Model.)
◍ _______________provides guidance to help organizations embed
security within their processes, including application lifecycle
processes, that help to secure applications running in the environment.
It is a risk-based framework to continuously improve security through
process integration and improvements in managing applications. It
takes a process approach by design.. Ans: The ISO/IEC 27034
standard
◍ _____________ is a nonprofit organization dedicated to
increasing trust in information and communications technology
products and services through the advancement of effective software
assurance methods. SAFECode is a global, industry-led effort to
identify and promote best practices for developing and delivering
more secure and reliable software, hardware, and services.. Ans: The
Software Assurance Forum for Excellence in Code (SAFECode)
◍ ______________ is dedicated to improving software assurance by
developing methods to enable software tool evaluations, measuring
the effectiveness of tools and techniques, and identifying gaps in tools
and methods.. Ans: The NIST SAMATE (Software Assurance Metrics
and Tool Evaluation) project
