WGU C706 (C706)

WGU-C706 Secure Software Design Pre-Assessment Questions and Answers 2024/2025 (GRADED A+) Which due diligence activity for supply chain security investigates the means by which data sets are shared and assessed? - A document exchange and review Identification of the entity making the access request Verification that the request has not changed since its initiation Application of the appropriate authorization procedures Reexamination of previously authorized requests by the same entity Whi...

WGU C706 Pre- Assessment V2 (New 2023/ 2024 Update) Secure Software Design| Questions and Verified Answers| 100% Correct| Graded A QUESTION What consists of multiple security assessments from independent parties? Answer: Third-Party Security Reviews QUESTION What requires a communication cadence with customers that should be formalized and published so that everyone in the company is aware of it and can invoke it if needed? Answer: External Vulnerability Disclo...

WGU C706 Secure Software Design Exam (New 2023/ 2024 Update) | Questions and Verified Answers| 100% Correct| Graded A Q: You have been tasked with the development of a new application for your organization. You are engaged in the project initiation phase. Which activity should you implement during this phase? A certification and accreditation B defining formal functional baseline C functionality and performance tests D identification of threats and vulnerabilities Answer: ...

WGU C706 Pre- Assessment (New 2023/ 2024 Update) Secure Software Design| Questions and Verified Answers| 100% Correct| Graded A QUESTION What is the third step for constructing a threat model for identifying a spoofing threat? -Decompose threats -Identify threats -Identify vulnerabilities -Survey the application Answer: Decompose threats QUESTION What is a step for constructing a threat model for a project when using practical risk analysis? -Align your busin...

Which one of the following tools is used primarily to perform network discovery scans? - -Nmap What type of network discovery scan only follows the first two steps of the TCP handshake? - -TCP SYN scan Which one of the following is the final step of the Fagin inspection process? - -Follow-up During what type of penetration test does the tester always have access to system configuration information? - -White box penetration test Which one of the following factors should not be taken into co...

_____ refers to keeping information confidential that is PII or might cause harm, embarrassment, or disgrace to someone if revealed. - -Privacy Which is typically not a characteristic when classifying data? - -Size of object Data classifications are used to focus security controls over all but which of the following? - -Layering Vulnerabilities and risks are evaluated based on their threats against which of the following? - -One or more of the CIA Triad principle All but which of the follo...

Which one of the following is not a principle of Agile development? - -Prioritize security over other requirements. Which one of the following key types is used to enforce referential integrity between database tables? - -Foreign key What type of chart provides a graphical illustration of a schedule that helps to plan, coordinate, and track project tasks? - -Gantt What transaction management principle ensures that two transactions do not interfere with each other as they operate on the sa...

Which one of the following types of attacks relies on the difference between the timing of two events? - -TOCTOU What technique may be used to limit the effectiveness of rainbow table attacks? - -Salting What character should always be treated carefully when encountered as user input on a web form? - -' What type of virus utilizes more than one propagation technique to maximize the number of penetrated systems? - -Multipartite virus What advanced virus technique modifies the malicious cod...

Which due diligence activity for supply chain security should occur in the initiation phase of the software acquisition life cycle? - -Developing a request for proposal (RFP) that includes supply chain security risk management Which due diligence activity for supply chain security investigates the means by which data sets are shared and assessed? - -A document exchange and review Identification of the entity making the access request Verification that the request has not changed since its ...