WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025-2026 ACTUAL EXAM 300
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
✅ Key Features
300 real exam-based questions with verified correct answers.
Detailed rationales/explanations for every answer.
Newest 2025–2026 edition, aligned with WGU Master’s C706 updates.
Verified accuracy and graded A+ quality.
Comprehensive coverage of secure software design concepts and
applications.
🎯 Who This Resource Is For
WGU Master’s students preparing for the C706 Secure Software Design
Exam.
Learners seeking to strengthen cybersecurity and software security
knowledge.
Mentors and educators looking for reliable WGU-aligned prep material.
Candidates aiming for exam readiness and deeper understanding with
rationales.
Which due diligence activity for supply chain security should occur in the initiation phase of the software
acquisition life cycle?
A Developing a request for proposal (RFP) that includes supply chain security risk management
B Lessening the risk of disseminating information during disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user guidance - answer-A
Which due diligence activity for supply chain security investigates the means by which data sets are
shared and assessed? A on-site assessment
B process policy review
,C third-party assessment
D document exchange and review - answer-D
Consider these characteristics:
-Identification of the entity making the access request
-Verification that the request has not changed since its initiation
-Application of the appropriate authorization procedures
-Reexamination of previously authorized requests by the same entity
Which security design analysis is being described?
A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism - answer-B
Which software security principle guards against the improper modification or destruction of
information and ensures the nonrepudiation and authenticity of information? A Quality
B Integrity
C Availability
D Confidentiality - answer-B
What is the best way to manage this vulnerability?
A Apply threat modeling
B Use a strong password
C Install the latest patches
D Create another user log-in - answer-C
Which type of attack would a hacker use to exploit a vulnerability that allows access to be increased to
the administrator level?
,A Rootkit
B Whaling
C Waterhole
D Dictionary - answer-A
Which type of attack involves exploiting a social engineering vulnerability over voice communications?
A Rootkit
B Vishing
C Waterhole
D Dictionary - answer-B
Which method provides line-of-code-level detection that enables development teams to remediate
vulnerabilities quickly?
A Dynamic Cone Pen Testing (DCPT)
B Static Application Security Testing (SAST)
C Common Weaknesses Enumeration (CWE)
D Common Vulnerabilities and Exposures (CVE) - answer-B
Which technique should be used to detect a software vulnerability that causes extra characters to
appear in data fields of a front-facing web application?
A Static analysis
B Dynamic analysis
C Binary code analysis
D Property-based testing - answer-A
What is a known SDL metric used to measure protection against vulnerabilities?
, A The number of files or objects
B findings summary report
C The number of security defects found through static analysis tools
D The progress against privacy requirements provided in earlier phases - answer-C
Which statement is true of covert channels?
A covert channels are addressed by a C2 rating provided by TCSEC.
B covert channels act a trusted path for authorized communication.
C covert channels regulate the information flow and implements the security policy. D covert channels
are not controlled by a security mechanism. - answer-D
Which security threat often uses tracking cookies to collect and report on a user's activities?
A spyware
B virus
C worm
D Trojan horse - answer-A
Which term describes a module's ability to perform its job without using other modules?
A low cohesion
B high cohesion
C high coupling
D low coupling - answer-D
Which type of virus installs itself under the anti-virus system and intercepts any calls that the anti-virus
system makes to the operating system?
DESIGN EXAM LATEST 2025-2026 ACTUAL EXAM 300
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
✅ Key Features
300 real exam-based questions with verified correct answers.
Detailed rationales/explanations for every answer.
Newest 2025–2026 edition, aligned with WGU Master’s C706 updates.
Verified accuracy and graded A+ quality.
Comprehensive coverage of secure software design concepts and
applications.
🎯 Who This Resource Is For
WGU Master’s students preparing for the C706 Secure Software Design
Exam.
Learners seeking to strengthen cybersecurity and software security
knowledge.
Mentors and educators looking for reliable WGU-aligned prep material.
Candidates aiming for exam readiness and deeper understanding with
rationales.
Which due diligence activity for supply chain security should occur in the initiation phase of the software
acquisition life cycle?
A Developing a request for proposal (RFP) that includes supply chain security risk management
B Lessening the risk of disseminating information during disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user guidance - answer-A
Which due diligence activity for supply chain security investigates the means by which data sets are
shared and assessed? A on-site assessment
B process policy review
,C third-party assessment
D document exchange and review - answer-D
Consider these characteristics:
-Identification of the entity making the access request
-Verification that the request has not changed since its initiation
-Application of the appropriate authorization procedures
-Reexamination of previously authorized requests by the same entity
Which security design analysis is being described?
A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism - answer-B
Which software security principle guards against the improper modification or destruction of
information and ensures the nonrepudiation and authenticity of information? A Quality
B Integrity
C Availability
D Confidentiality - answer-B
What is the best way to manage this vulnerability?
A Apply threat modeling
B Use a strong password
C Install the latest patches
D Create another user log-in - answer-C
Which type of attack would a hacker use to exploit a vulnerability that allows access to be increased to
the administrator level?
,A Rootkit
B Whaling
C Waterhole
D Dictionary - answer-A
Which type of attack involves exploiting a social engineering vulnerability over voice communications?
A Rootkit
B Vishing
C Waterhole
D Dictionary - answer-B
Which method provides line-of-code-level detection that enables development teams to remediate
vulnerabilities quickly?
A Dynamic Cone Pen Testing (DCPT)
B Static Application Security Testing (SAST)
C Common Weaknesses Enumeration (CWE)
D Common Vulnerabilities and Exposures (CVE) - answer-B
Which technique should be used to detect a software vulnerability that causes extra characters to
appear in data fields of a front-facing web application?
A Static analysis
B Dynamic analysis
C Binary code analysis
D Property-based testing - answer-A
What is a known SDL metric used to measure protection against vulnerabilities?
, A The number of files or objects
B findings summary report
C The number of security defects found through static analysis tools
D The progress against privacy requirements provided in earlier phases - answer-C
Which statement is true of covert channels?
A covert channels are addressed by a C2 rating provided by TCSEC.
B covert channels act a trusted path for authorized communication.
C covert channels regulate the information flow and implements the security policy. D covert channels
are not controlled by a security mechanism. - answer-D
Which security threat often uses tracking cookies to collect and report on a user's activities?
A spyware
B virus
C worm
D Trojan horse - answer-A
Which term describes a module's ability to perform its job without using other modules?
A low cohesion
B high cohesion
C high coupling
D low coupling - answer-D
Which type of virus installs itself under the anti-virus system and intercepts any calls that the anti-virus
system makes to the operating system?
