Page 1 of 189
WGU C706 SECURE SOFTWARE DESIGN (PRE-
ASSESSMENT) AND OA EXAM TEST BANK WITH
PRACTICE TEST ALL 500 QUESTIONS AND DETAILED
SOLUTIONS LATEST UPDATE THIS YEAR
WGU-C706 Secure Software Design (Pre-Assessment)
QUESTION: Which security concept refers to the quality of information that could cause harm
or damage if disclosed?
A Isolation
B Discretion
C Seclusion
D Sensitivity - ANSWER-D
QUESTION: Which technology would be an example of an injection flaw, according to the
OWASP Top 10?
A SQL
B API
C XML
D XSS - ANSWER-A
1
,Page 2 of 189
QUESTION: A company is creating a new software to track customer balance and wants to
design a secure application.
Which best practice should be applied?
A Develop a secure authentication method that has a closed design
B Allow mediation bypass or suspension for software testing and emergency planning
C Ensure there is physical acceptability to ensure software is intuitive for the users to do their
jobs
D Create multiple layers of protection so that a subsequent layer provides protection if a layer
is breached - ANSWER-D
QUESTION: A company is developing a secure software that has to be evaluated and tested by a
large number of experts.
Which security principle should be applied?
A Fail safe
B Open design
2
,Page 3 of 189
C Defense in depth
D Complete mediation - ANSWER-B
Which due diligence activity for supply chain security should occur in the initiation phase of the
software acquisition life cycle?
A Developing a request for proposal (RFP) that includes supply chain security risk management
B Lessening the risk of disseminating information during disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user guidance - ANSWER-A
QUESTION: Which due diligence activity for supply chain security investigates the means by
which data sets are shared and assessed?
A on-site assessment
B process policy review
C third-party assessment
D document exchange and review - ANSWER-D
QUESTION: Consider these characteristics:
3
, Page 4 of 189
-Identification of the entity making the access request
-Verification that the request has not changed since its initiation
-Application of the appropriate authorization procedures
-Reexamination of previously authorized requests by the same entity
Which security design analysis is being described?
A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism - ANSWER-B
QUESTION: Which software security principle guards against the improper modification or
destruction of information and ensures the nonrepudiation and authenticity of information?
A Quality
B Integrity
C Availability
D Confidentiality - ANSWER-B
4
WGU C706 SECURE SOFTWARE DESIGN (PRE-
ASSESSMENT) AND OA EXAM TEST BANK WITH
PRACTICE TEST ALL 500 QUESTIONS AND DETAILED
SOLUTIONS LATEST UPDATE THIS YEAR
WGU-C706 Secure Software Design (Pre-Assessment)
QUESTION: Which security concept refers to the quality of information that could cause harm
or damage if disclosed?
A Isolation
B Discretion
C Seclusion
D Sensitivity - ANSWER-D
QUESTION: Which technology would be an example of an injection flaw, according to the
OWASP Top 10?
A SQL
B API
C XML
D XSS - ANSWER-A
1
,Page 2 of 189
QUESTION: A company is creating a new software to track customer balance and wants to
design a secure application.
Which best practice should be applied?
A Develop a secure authentication method that has a closed design
B Allow mediation bypass or suspension for software testing and emergency planning
C Ensure there is physical acceptability to ensure software is intuitive for the users to do their
jobs
D Create multiple layers of protection so that a subsequent layer provides protection if a layer
is breached - ANSWER-D
QUESTION: A company is developing a secure software that has to be evaluated and tested by a
large number of experts.
Which security principle should be applied?
A Fail safe
B Open design
2
,Page 3 of 189
C Defense in depth
D Complete mediation - ANSWER-B
Which due diligence activity for supply chain security should occur in the initiation phase of the
software acquisition life cycle?
A Developing a request for proposal (RFP) that includes supply chain security risk management
B Lessening the risk of disseminating information during disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user guidance - ANSWER-A
QUESTION: Which due diligence activity for supply chain security investigates the means by
which data sets are shared and assessed?
A on-site assessment
B process policy review
C third-party assessment
D document exchange and review - ANSWER-D
QUESTION: Consider these characteristics:
3
, Page 4 of 189
-Identification of the entity making the access request
-Verification that the request has not changed since its initiation
-Application of the appropriate authorization procedures
-Reexamination of previously authorized requests by the same entity
Which security design analysis is being described?
A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism - ANSWER-B
QUESTION: Which software security principle guards against the improper modification or
destruction of information and ensures the nonrepudiation and authenticity of information?
A Quality
B Integrity
C Availability
D Confidentiality - ANSWER-B
4
