WGU MASTER'S COURSE C706 - SECURE SOFTWARE DESIGN NEW VERSION EXAM
LATEST 2024 ACTUAL EXAM 250 QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
Which role is a training champion of software security, an advocate for the
overall SDL process, and a proponent for promulgating and enforcing the
overall software product security program?
A Software security user (SSU)
B Software security architect (SSA)
C Software security evangelist (SSE)
D Software security stakeholder (SSS) - CORRECT ANSWER✔✔C
Which role requires the technical capability to be trained as a software
security architect who then assists the centralized software security group
with architecture security analysis and threat modeling?
A Software champion
B Software evangelist
C Junior software developer
D Senior software programmer - CORRECT ANSWER✔✔A
An application development team is designing and building an application
that interfaces with a back-end database.
Which activity should be included when constructing a threat model for the
application?
A Designate one or more primary keys for each database table in the
database
B Decompose the application to understand how it interacts with external
entities
C Review the relationships among the attributes to be included in the
database tables
D Create a set of performance metrics to assess the functionality of the
developed application - CORRECT ANSWER✔✔B
,What is the third step for constructing a threat model for identifying a
spoofing threat?
A Decompose threats
B Identify threats
C Identify vulnerabilities
D Survey the application - CORRECT ANSWER✔✔A
What is a step for constructing a threat model for a project when using
practical risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
D Make a list of what you are trying to protect - CORRECT ANSWER✔✔D
Which cyber threats are typically surgical by nature, have highly specific
targeting, and are technologically sophisticated?
A Tactical attacks
B Criminal attacks
C Strategic attacks
D User-specific attacks - CORRECT ANSWER✔✔A
Which type of cyberattacks are often intended to elevate awareness of a
topic?
A Cyberwarfare
B Tactical attacks
C User-specific attacks
D Sociopolitical attacks - CORRECT ANSWER✔✔D
What type of attack locks a user's desktop and then requires a payment to
unlock it?
A Phishing
B Keylogger
C Ransomware
,D Denial-of-service - CORRECT ANSWER✔✔C
What is a countermeasure against various forms of XML and XML path
injection attacks?
A XML name wrapping
B XML unicode encoding
C XML attribute escaping
D XML distinguished name escaping - CORRECT ANSWER✔✔C
Which countermeasure is used to mitigate SQL injection attacks?
A SQL Firewall
B Projected bijection
C Query parameterization
D Progressive ColdFusion - CORRECT ANSWER✔✔C
What is an appropriate countermeasure to an escalation of privilege
attack?
A Enforcing strong password policies
B Using standard encryption algorithms and correct key sizes
C Enabling the auditing and logging of all administration activities
D Restricting access to specific operations through role-based access
controls - CORRECT ANSWER✔✔D
Which configuration management security countermeasure implements
least privilege access control?
A Following strong password policies to restrict access
B Restricting file access to users based on authorization
C Avoiding clear text format for credentials and sensitive data
D Using AES 256 encryption for communications of a sensitive nature -
CORRECT ANSWER✔✔B
Which phase of the software development life cycle (SDL/SDLC) would be
used to determine the minimum set of privileges required to perform the
targeted task and restrict the user to a domain with those privileges?
, A Design
B Deploy
C Development
D Implementation - CORRECT ANSWER✔✔A
Which least privilege method is more granular in scope and grants specific
processes only the privileges necessary to perform certain required
functions, instead of granting them unrestricted access to the system?
A Entitlement privilege
B Separation of privilege
C Aggregation of privileges
D Segregation of responsibilities - CORRECT ANSWER✔✔B
Why does privilege creep pose a potential security risk?
A User privileges do not match their job role.
B With more privileges, there are more responsibilities.
C Auditing will show a mismatch between individual responsibilities and
their access rights.
D Users have more privileges than they need and may perform actions
outside their job description. - CORRECT ANSWER✔✔D
A system developer is implementing a new sales system. The system
developer is concerned that unauthorized individuals may be able to view
sensitive customer financial data.
Which family of nonfunctional requirements should be considered as part of
the acceptance criteria?
A Integrity
B Availability
C Nonrepudition
D Confidentiality - CORRECT ANSWER✔✔D
A project manager is given the task to come up with nonfunctional
acceptance criteria requirements for business owners as part of a project
delivery.
LATEST 2024 ACTUAL EXAM 250 QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
Which role is a training champion of software security, an advocate for the
overall SDL process, and a proponent for promulgating and enforcing the
overall software product security program?
A Software security user (SSU)
B Software security architect (SSA)
C Software security evangelist (SSE)
D Software security stakeholder (SSS) - CORRECT ANSWER✔✔C
Which role requires the technical capability to be trained as a software
security architect who then assists the centralized software security group
with architecture security analysis and threat modeling?
A Software champion
B Software evangelist
C Junior software developer
D Senior software programmer - CORRECT ANSWER✔✔A
An application development team is designing and building an application
that interfaces with a back-end database.
Which activity should be included when constructing a threat model for the
application?
A Designate one or more primary keys for each database table in the
database
B Decompose the application to understand how it interacts with external
entities
C Review the relationships among the attributes to be included in the
database tables
D Create a set of performance metrics to assess the functionality of the
developed application - CORRECT ANSWER✔✔B
,What is the third step for constructing a threat model for identifying a
spoofing threat?
A Decompose threats
B Identify threats
C Identify vulnerabilities
D Survey the application - CORRECT ANSWER✔✔A
What is a step for constructing a threat model for a project when using
practical risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
D Make a list of what you are trying to protect - CORRECT ANSWER✔✔D
Which cyber threats are typically surgical by nature, have highly specific
targeting, and are technologically sophisticated?
A Tactical attacks
B Criminal attacks
C Strategic attacks
D User-specific attacks - CORRECT ANSWER✔✔A
Which type of cyberattacks are often intended to elevate awareness of a
topic?
A Cyberwarfare
B Tactical attacks
C User-specific attacks
D Sociopolitical attacks - CORRECT ANSWER✔✔D
What type of attack locks a user's desktop and then requires a payment to
unlock it?
A Phishing
B Keylogger
C Ransomware
,D Denial-of-service - CORRECT ANSWER✔✔C
What is a countermeasure against various forms of XML and XML path
injection attacks?
A XML name wrapping
B XML unicode encoding
C XML attribute escaping
D XML distinguished name escaping - CORRECT ANSWER✔✔C
Which countermeasure is used to mitigate SQL injection attacks?
A SQL Firewall
B Projected bijection
C Query parameterization
D Progressive ColdFusion - CORRECT ANSWER✔✔C
What is an appropriate countermeasure to an escalation of privilege
attack?
A Enforcing strong password policies
B Using standard encryption algorithms and correct key sizes
C Enabling the auditing and logging of all administration activities
D Restricting access to specific operations through role-based access
controls - CORRECT ANSWER✔✔D
Which configuration management security countermeasure implements
least privilege access control?
A Following strong password policies to restrict access
B Restricting file access to users based on authorization
C Avoiding clear text format for credentials and sensitive data
D Using AES 256 encryption for communications of a sensitive nature -
CORRECT ANSWER✔✔B
Which phase of the software development life cycle (SDL/SDLC) would be
used to determine the minimum set of privileges required to perform the
targeted task and restrict the user to a domain with those privileges?
, A Design
B Deploy
C Development
D Implementation - CORRECT ANSWER✔✔A
Which least privilege method is more granular in scope and grants specific
processes only the privileges necessary to perform certain required
functions, instead of granting them unrestricted access to the system?
A Entitlement privilege
B Separation of privilege
C Aggregation of privileges
D Segregation of responsibilities - CORRECT ANSWER✔✔B
Why does privilege creep pose a potential security risk?
A User privileges do not match their job role.
B With more privileges, there are more responsibilities.
C Auditing will show a mismatch between individual responsibilities and
their access rights.
D Users have more privileges than they need and may perform actions
outside their job description. - CORRECT ANSWER✔✔D
A system developer is implementing a new sales system. The system
developer is concerned that unauthorized individuals may be able to view
sensitive customer financial data.
Which family of nonfunctional requirements should be considered as part of
the acceptance criteria?
A Integrity
B Availability
C Nonrepudition
D Confidentiality - CORRECT ANSWER✔✔D
A project manager is given the task to come up with nonfunctional
acceptance criteria requirements for business owners as part of a project
delivery.
