WGU-C706 TEST PAPER QUESTIONS AND
SOLUTIONS 100% CORRECT FOR THE 2026
FINAL.
◍ SDL Threat Modeling Tool. Ans: This free tool builds on
Microsoft Visio and provides a tool for constructing graphic
representations for the system without requiring expertise in security
and also has the capability of graphically representing a software
system and identifying vulnerabilities.
◍ Vulnerability Mapping. Ans: Used to determine the most likely
locations within the system in development where an attacker will
strike. This is done on the design phase of the SDLC.
◍ V3. Ans: The highest level of vulnerability. This is a very likely
target for an attacker, such as free text input in a form. These are the
highest priory for a security plan for the system and these should all
be mitigated and accounted for by established control systems in
development.
◍ V2. Ans: A moderate level vulnerability. These are possible but not
probable targets. These will include inter-process communications on
the server or traffic within the trust boundary of the system.
Eavesdropping is the most significant risk in this situation. These
vulnerabilities should always be mitigated in the system, but in a trade
off analysis, strict control may not be necessary as long as a procedure
is in place to fail safely and protect any private or confidential data.
, ◍ V1. Ans: The lowest priority level of vulnerability. These are
unlikely venues of attack with little risk if they are exploited. Failing
safely is the most important concern at this level, because the data
associated with this vulnerability has no value, and the process
involved is not mission critical, such as a transmission failure in an
HTML header coming from the system; the highest risk is that the
customer will
not properly see the page and it would have to be reloaded. These
vulnerabilities can be largely ignored, but they should be noted in the
system specification in case functionality is altered by a later system
update or interaction because this may allow them to become more
significant.
◍ Activity Diagram. Ans: Capable of expressing resolution efforts to
malformed input and potential attacks in a way other documentation
at the system level cannot. The caveat is that these do not contain
class calls and references; they only provide a visualization of the
process logic.
◍ Kiviat Diagram. Ans: Provides a visual comparison of multiple
attributes and can visualize and report the information on a single
artifact based on monitored information.
◍ Identify the Assets. Ans: A threat model process that allows the
company to identify the part that needs to be protected from
unauthorized users.
◍ Agile Model. Ans: Describes a set of principles for software
development under which requirements and solutions evolve through
, the collaborative effort of self-organizing cross-functional teams. It
promotes adaptive planning, evolutionary development, early
delivery, and continuous improvement, and it encourages rapid and
flexible response to change. Supports the definition and continuing
evolution of many software development methods, avoids life cycle
activities, focuses on built-a- little, test-a-little and field-a-little. It also
supports informal communication and Incremental design.
◍ Types of Vulnerability Mapping. Ans: Activity Diagram, Kiviat
Diagram, Identify the Assets, Agile Model, V1, V2, V3
◍ Agile attributes. Ans: Cyclical Process. Supports quick prototyping
and limits the time spent thinking about the problem as a whole.
◍ Waterfall attributes. Ans: Similar to interactive model and main
components are planning, development and deployment.
◍ Chrystal Clear attributes. Ans: Can be applied to teams of up to 6
or 8 co-located developers working on systems that are not life-
critical. This family of methodologies focuses on efficiency and
habitability as components of project safety. Focuses on people, not
processes or artifacts. Roles may be filed by the same people,
including a project manager and a business expert.
◍ Waterfall attributes. Ans: A sequential (non-iterative / Limited
Interaction) design process, used in software development, in which
progress is seen as flowing down through the phases of conception,
initiation, analysis, design, construction, testing,
production/implementation and maintenance. All the requirements
SOLUTIONS 100% CORRECT FOR THE 2026
FINAL.
◍ SDL Threat Modeling Tool. Ans: This free tool builds on
Microsoft Visio and provides a tool for constructing graphic
representations for the system without requiring expertise in security
and also has the capability of graphically representing a software
system and identifying vulnerabilities.
◍ Vulnerability Mapping. Ans: Used to determine the most likely
locations within the system in development where an attacker will
strike. This is done on the design phase of the SDLC.
◍ V3. Ans: The highest level of vulnerability. This is a very likely
target for an attacker, such as free text input in a form. These are the
highest priory for a security plan for the system and these should all
be mitigated and accounted for by established control systems in
development.
◍ V2. Ans: A moderate level vulnerability. These are possible but not
probable targets. These will include inter-process communications on
the server or traffic within the trust boundary of the system.
Eavesdropping is the most significant risk in this situation. These
vulnerabilities should always be mitigated in the system, but in a trade
off analysis, strict control may not be necessary as long as a procedure
is in place to fail safely and protect any private or confidential data.
, ◍ V1. Ans: The lowest priority level of vulnerability. These are
unlikely venues of attack with little risk if they are exploited. Failing
safely is the most important concern at this level, because the data
associated with this vulnerability has no value, and the process
involved is not mission critical, such as a transmission failure in an
HTML header coming from the system; the highest risk is that the
customer will
not properly see the page and it would have to be reloaded. These
vulnerabilities can be largely ignored, but they should be noted in the
system specification in case functionality is altered by a later system
update or interaction because this may allow them to become more
significant.
◍ Activity Diagram. Ans: Capable of expressing resolution efforts to
malformed input and potential attacks in a way other documentation
at the system level cannot. The caveat is that these do not contain
class calls and references; they only provide a visualization of the
process logic.
◍ Kiviat Diagram. Ans: Provides a visual comparison of multiple
attributes and can visualize and report the information on a single
artifact based on monitored information.
◍ Identify the Assets. Ans: A threat model process that allows the
company to identify the part that needs to be protected from
unauthorized users.
◍ Agile Model. Ans: Describes a set of principles for software
development under which requirements and solutions evolve through
, the collaborative effort of self-organizing cross-functional teams. It
promotes adaptive planning, evolutionary development, early
delivery, and continuous improvement, and it encourages rapid and
flexible response to change. Supports the definition and continuing
evolution of many software development methods, avoids life cycle
activities, focuses on built-a- little, test-a-little and field-a-little. It also
supports informal communication and Incremental design.
◍ Types of Vulnerability Mapping. Ans: Activity Diagram, Kiviat
Diagram, Identify the Assets, Agile Model, V1, V2, V3
◍ Agile attributes. Ans: Cyclical Process. Supports quick prototyping
and limits the time spent thinking about the problem as a whole.
◍ Waterfall attributes. Ans: Similar to interactive model and main
components are planning, development and deployment.
◍ Chrystal Clear attributes. Ans: Can be applied to teams of up to 6
or 8 co-located developers working on systems that are not life-
critical. This family of methodologies focuses on efficiency and
habitability as components of project safety. Focuses on people, not
processes or artifacts. Roles may be filed by the same people,
including a project manager and a business expert.
◍ Waterfall attributes. Ans: A sequential (non-iterative / Limited
Interaction) design process, used in software development, in which
progress is seen as flowing down through the phases of conception,
initiation, analysis, design, construction, testing,
production/implementation and maintenance. All the requirements
