WGU Master's Course C706 - Secure Software Design EXAM 250 QUESTIONS AND ANSWERS LATEST 2023.

WGU Master's Course C706 - Secure Software Design EXAM 250 QUESTIONS AND ANSWERS LATEST 2023. WGU Master's Course C706 - Secure Software Design 1. Which due diligence activity for supply chain security should occur in the initiation phase of the software acquisition life cycle? A Developing a request for proposal (RFP) that includes supply chain security risk management B Lessening the risk of disseminating information during disposal C Facilitating knowledge transfer between suppliers D Mitigating supply chain security risk by providing user guidance: A 2. Which due diligence activity for supply chain security investigates the means by which data sets are shared and assessed? A on-site assessment B process policy review C third-party assessment D document exchange and review: D 3. Consider these characteristics: -Identification of the entity making the access request -Verification that the request has not changed since its initiation -Application of the appropriate authorization procedures -Reexamination of previously authorized requests by the same entity Which security design analysis is being described? A Open design B Complete mediation C Economy of mechanism D Least common mechanism: B 4. Which software security principle guards against the improper modification or destruction of information and ensures the nonrepudiation and authenticity of information? A Quality B Integrity C Availability D Confidentiality: B 5. What type of functional security requirement involves receiving, processing, storing, transmitting, and delivering in report form? 1 / 50 WGU Master's Course C706 - Secure Software Design A Logging B Error handling C Primary dataflow D Access control flow: C 6. Which nonfunctional security requirement provides a way to capture information correctly and a way to store that information to help support later audits? A Logging B Error handling C Primary dataflow D Access control flow: A 7. Which security concept refers to the quality of information that could cause harm or damage if disclosed? A Isolation B Discretion C Seclusion D Sensitivity: D 8. Which technology would be an example of an injection flaw, according to the OWASP Top 10? A SQL B API C XML D XSS: A 9. A company is creating a new software to track customer balance and wants to design a secure application. Which best practice should be applied? A Develop a secure authentication method that has a closed design B Allow mediation bypass or suspension for software testing and emergency planning C Ensure there is physical acceptability to ensure software is intuitive for the users to do their jobs 2 / 50 WGU Master's Course C706 - Secure Software Design D Create multiple layers of protection so that a subsequent layer provides protection if a layer is breached: D 10. A company is developing a secure software that has to be evaluated and tested by a large number of experts. Which security principle should be applied? A Fail safe B Open design C Defense in depth D Complete mediation: B 11. Which type of TCP scanning indicates that a system is moving to the second phase in a three-way TCP handshake? A TCP SYN scanning B TCP ACK scanning C TCP XMAS scanning D TCP Connect scanning: A 12. Which evaluation technique provides invalid, unexpected, or random data to the inputs of a computer software program? A Fuzz testing B Static analysis C Dynamic analysis D Regression testing: A 13. Which approach provides an opportunity to improve the software development life cycle by tailoring the process to the specific risks facing the organization? A Agile methodology B Waterfall methodology C Building security in maturity model (BSIMM) D Software assurance maturity model (SAMM): D 14. Which phase contains sophisticated software development processes that ensure that feedback f