Page | 1
WGU MASTER'S COURSE C706 SECURE
SOFTWARE DESIGN 2025 BRAND NEW
ACTUAL EXAM WITH ANSWERS.
Which of the four basic steps is considered a new defense
concept to combat cyberattacks as defined by the U.S.
Department of Defense?
A Implement industry standard defense operating concepts and
computing architectures
B Employ a passive cyber defense capability to prevent intrusions
C Utilize current cyber best practices to improve cyber security
D Deter and mitigate insider threats - correct answer -D
The __________ standard defines application security as a
process that an organization can perform for applying controls
and measurements to its applications in order to manage the risk
of using them.
A ISO 27034
B ISO 13485
, Page | 2
C ISO 9001
D ISO 31000 - correct answer -A
Post-release support (PRSA1-5) is typically conducted by your
internal organization.
A True
B False - correct answer -B
What is a concern of security in third-party software?
A Secure development environment
B Security implanted during development
C Digital "aluminum foil"
D Untrusted distributions of software - correct answer -A
A disadvantage of using third-party software is inflexibility.
A True
B False - correct answer -A
, Page | 3
Which term is used for software in government systems?
A COTS
B NOTS
C GOTS
D LOTS - correct answer -C
What is a challenge of using proprietary software?
A Proprietary format
B Open source nature
C Decreased license fees
D No End of Support - correct answer -A
What is one disadvantage to outsourcing software development to
a third party?
A Tailored to business needs
B Experience with technology
, Page | 4
C Ownership of code
D Available skilled resources - correct answer -C
Which of the following is a consideration when evaluating
vendors?
A Social Media Policy
B Priority Awareness
C Accreditation
D Certification - correct answer -D
Which of the following represents an example of a vendor
customization?
A Reporting components
B Incompatibility with other systems
C Access control inadherence
D Privacy regulation avoidance - correct answer -A
Which due diligence activity for supply chain security should occur
in the initiation phase of the software acquisition life cycle?
WGU MASTER'S COURSE C706 SECURE
SOFTWARE DESIGN 2025 BRAND NEW
ACTUAL EXAM WITH ANSWERS.
Which of the four basic steps is considered a new defense
concept to combat cyberattacks as defined by the U.S.
Department of Defense?
A Implement industry standard defense operating concepts and
computing architectures
B Employ a passive cyber defense capability to prevent intrusions
C Utilize current cyber best practices to improve cyber security
D Deter and mitigate insider threats - correct answer -D
The __________ standard defines application security as a
process that an organization can perform for applying controls
and measurements to its applications in order to manage the risk
of using them.
A ISO 27034
B ISO 13485
, Page | 2
C ISO 9001
D ISO 31000 - correct answer -A
Post-release support (PRSA1-5) is typically conducted by your
internal organization.
A True
B False - correct answer -B
What is a concern of security in third-party software?
A Secure development environment
B Security implanted during development
C Digital "aluminum foil"
D Untrusted distributions of software - correct answer -A
A disadvantage of using third-party software is inflexibility.
A True
B False - correct answer -A
, Page | 3
Which term is used for software in government systems?
A COTS
B NOTS
C GOTS
D LOTS - correct answer -C
What is a challenge of using proprietary software?
A Proprietary format
B Open source nature
C Decreased license fees
D No End of Support - correct answer -A
What is one disadvantage to outsourcing software development to
a third party?
A Tailored to business needs
B Experience with technology
, Page | 4
C Ownership of code
D Available skilled resources - correct answer -C
Which of the following is a consideration when evaluating
vendors?
A Social Media Policy
B Priority Awareness
C Accreditation
D Certification - correct answer -D
Which of the following represents an example of a vendor
customization?
A Reporting components
B Incompatibility with other systems
C Access control inadherence
D Privacy regulation avoidance - correct answer -A
Which due diligence activity for supply chain security should occur
in the initiation phase of the software acquisition life cycle?
