WGU MASTER S COURSE C706 SECURE SOFTWARE
DESIGN INFORMATION TECHNOLOGY COURSE
2025/2026 | QUESTION BANK | VERIFIED QUESTIONS
AND ANSWERS GRADED A+ | SOFTWARE SECURITY &
SYSTEM DESIGN STUDY GUIDE | GUARANTEED
SUCCESS
What is a step for constructing a threat model for a project when using
practical risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
D Make a list of what you are trying to protect - CORRECT ANSWER -D
Which cyber threats are typically surgical by nature, have highly specific
targeting, and are technologically sophisticated?
A Tactical attacks
B Criminal attacks
C Strategic attacks
,D User-specific attacks - CORRECT ANSWER -A
Which type of cyberattacks are often intended to elevate awareness of a
topic?
A Cyberwarfare
B Tactical attacks
C User-specific attacks
D Sociopolitical attacks - CORRECT ANSWER -D
What type of attack locks a user's desktop and then requires a payment to
unlock it?
A Phishing
B Keylogger
C Ransomware
D Denial-of-service - CORRECT ANSWER -C
What is a countermeasure against various forms of XML and XML path
injection attacks?
,A XML name wrapping
B XML unicode encoding
C XML attribute escaping
D XML distinguished name escaping - CORRECT ANSWER -C
Which countermeasure is used to mitigate SQL injection attacks?
A SQL Firewall
B Projected bijection
C Query parameterization
D Progressive ColdFusion - CORRECT ANSWER -C
What is an appropriate countermeasure to an escalation of privilege attack?
A Enforcing strong password policies
B Using standard encryption algorithms and correct key sizes
C Enabling the auditing and logging of all administration activities
, D Restricting access to specific operations through role-based access
controls - CORRECT ANSWER -D
Which configuration management security countermeasure implements least
privilege access control?
A Following strong password policies to restrict access
B Restricting file access to users based on authorization
C Avoiding clear text format for credentials and sensitive data
D Using AES 256 encryption for communications of a sensitive nature -
CORRECT ANSWER -B
Which phase of the software development life cycle (SDL/SDLC) would be
used to determine the minimum set of privileges required to perform the
targeted task and restrict the user to a domain with those privileges?
A Design
B Deploy
C Development
D Implementation - CORRECT ANSWER -A
DESIGN INFORMATION TECHNOLOGY COURSE
2025/2026 | QUESTION BANK | VERIFIED QUESTIONS
AND ANSWERS GRADED A+ | SOFTWARE SECURITY &
SYSTEM DESIGN STUDY GUIDE | GUARANTEED
SUCCESS
What is a step for constructing a threat model for a project when using
practical risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
D Make a list of what you are trying to protect - CORRECT ANSWER -D
Which cyber threats are typically surgical by nature, have highly specific
targeting, and are technologically sophisticated?
A Tactical attacks
B Criminal attacks
C Strategic attacks
,D User-specific attacks - CORRECT ANSWER -A
Which type of cyberattacks are often intended to elevate awareness of a
topic?
A Cyberwarfare
B Tactical attacks
C User-specific attacks
D Sociopolitical attacks - CORRECT ANSWER -D
What type of attack locks a user's desktop and then requires a payment to
unlock it?
A Phishing
B Keylogger
C Ransomware
D Denial-of-service - CORRECT ANSWER -C
What is a countermeasure against various forms of XML and XML path
injection attacks?
,A XML name wrapping
B XML unicode encoding
C XML attribute escaping
D XML distinguished name escaping - CORRECT ANSWER -C
Which countermeasure is used to mitigate SQL injection attacks?
A SQL Firewall
B Projected bijection
C Query parameterization
D Progressive ColdFusion - CORRECT ANSWER -C
What is an appropriate countermeasure to an escalation of privilege attack?
A Enforcing strong password policies
B Using standard encryption algorithms and correct key sizes
C Enabling the auditing and logging of all administration activities
, D Restricting access to specific operations through role-based access
controls - CORRECT ANSWER -D
Which configuration management security countermeasure implements least
privilege access control?
A Following strong password policies to restrict access
B Restricting file access to users based on authorization
C Avoiding clear text format for credentials and sensitive data
D Using AES 256 encryption for communications of a sensitive nature -
CORRECT ANSWER -B
Which phase of the software development life cycle (SDL/SDLC) would be
used to determine the minimum set of privileges required to perform the
targeted task and restrict the user to a domain with those privileges?
A Design
B Deploy
C Development
D Implementation - CORRECT ANSWER -A
