WGU MASTER'S COURSE C706-SECURE
SOFTWARE DESIGN EXAM LATEST 2025-2026
ACTUAL EXAM 400 QUESTIONS AND CORRECT
DETAILED ANSWERS WITH RATIONALES
What |is |a|step |for |constructing |a|threatzmodel |for |a |project |when |using |practical |riskzanalysis?
A |Align |your |business |goals
B |Apply |engineering |methods
C |Estimate |probability |of |project |time
DzMakezazlistzofzwhatzyouzareztryingztozprotectz- | ANSWER-D
Which |cyber |threatszare |typically |surgical |by |nature, |have |highly |specific |targeting, |and |are
|technological |ly |sophisticated?
AzTacticalzattacks
B |Criminal |attacks
C |Strategic |attacks
D |User-specific |attacksz- |ANSWER-A
Which |type |of |cyberattacks |are |often|intended |to |elevate |awareness |of |a |topic?
A |Cyberwarfare
B |Tactical |attacks
C |User-specific |attacks
DzSociopoliticalzattacksz- | ANSWER-D
What |type |of |attack |locks |a |user's |desktop |and |then |requires |a |payment |to |unlock |it?
,A |Phishing
,B |Keylogger
CzRansomware
D |Denial-of-service |- |ANSWER-C
What |is |a|countermeasure |against |various |forms |of |XML |and |XML |path |injection |attacks?
A |XML |namezwrapping
B |XMLzunicode |encoding
CzXMLzattributezescaping
D |XMLzdistinguished |name |escaping |- |ANSWER-C
Which|countermeasure |is |used |to |mitigate |SQL |injection |attacks?
A |SQLzFirewall
B |Projected |bijection
CzQueryzparameterization
D |Progressive |ColdFusion |- |ANSWER-C
What |is |an |appropriate |countermeasure |tozan |escalation |of |privilege |attack?
A |Enforcingzstrong |password |policies
B |Using |standard |encryption |algorithms |and|correct |key |sizes
C |Enablingzthe |auditing |and |loggingzof |all |administration |activities
DzRestrictingzaccessztozspecificzoperationszthroughzrole-basedzaccesszcontrolsz-zANSWER-D
, Whichconfiguration |management |security |countermeasure |implements |least |privilege |access |control?
A |Following |strong |password |policies |to |restrict |access
BzRestrictingzfilezaccessztozuserszbasedzonzauthorization
C |Avoiding |clear |text |format |for |credentials |and |sensitive |data
D |Using |AES |256zencryptionzfor |communications |of |a |sensitive |nature |- |ANSWER-B
Which |phase |of |the |software |developmentzlife |cycle |(SDL/SDLC) |would |be |used |to |determine |the
|mini |mum |set |of |privilegeszrequired |to |perform |the |targeted |task |and |restrict |the |user |to |a |domain
|with |thos |ezprivileges?
AzDesign
B |Deploy
C |Development
D |Implementation |- |ANSWER-A
Which |least |privilege |method |iszmore |granular |in |scope |and |grants |specific |processeszonly |the
|privilege |sznecessary |to |perform |certain |required |functions, |instead |of |granting |them |unrestricted
|accesszto |the |s |ystem?
A |Entitlement |privilege
BzSeparationzofzprivilege
C |Aggregation |of |privileges
D |Segregation |of |responsibilities |- |ANSWER-B
Why |does |privilege |creep |poseza |potential |security |risk?
SOFTWARE DESIGN EXAM LATEST 2025-2026
ACTUAL EXAM 400 QUESTIONS AND CORRECT
DETAILED ANSWERS WITH RATIONALES
What |is |a|step |for |constructing |a|threatzmodel |for |a |project |when |using |practical |riskzanalysis?
A |Align |your |business |goals
B |Apply |engineering |methods
C |Estimate |probability |of |project |time
DzMakezazlistzofzwhatzyouzareztryingztozprotectz- | ANSWER-D
Which |cyber |threatszare |typically |surgical |by |nature, |have |highly |specific |targeting, |and |are
|technological |ly |sophisticated?
AzTacticalzattacks
B |Criminal |attacks
C |Strategic |attacks
D |User-specific |attacksz- |ANSWER-A
Which |type |of |cyberattacks |are |often|intended |to |elevate |awareness |of |a |topic?
A |Cyberwarfare
B |Tactical |attacks
C |User-specific |attacks
DzSociopoliticalzattacksz- | ANSWER-D
What |type |of |attack |locks |a |user's |desktop |and |then |requires |a |payment |to |unlock |it?
,A |Phishing
,B |Keylogger
CzRansomware
D |Denial-of-service |- |ANSWER-C
What |is |a|countermeasure |against |various |forms |of |XML |and |XML |path |injection |attacks?
A |XML |namezwrapping
B |XMLzunicode |encoding
CzXMLzattributezescaping
D |XMLzdistinguished |name |escaping |- |ANSWER-C
Which|countermeasure |is |used |to |mitigate |SQL |injection |attacks?
A |SQLzFirewall
B |Projected |bijection
CzQueryzparameterization
D |Progressive |ColdFusion |- |ANSWER-C
What |is |an |appropriate |countermeasure |tozan |escalation |of |privilege |attack?
A |Enforcingzstrong |password |policies
B |Using |standard |encryption |algorithms |and|correct |key |sizes
C |Enablingzthe |auditing |and |loggingzof |all |administration |activities
DzRestrictingzaccessztozspecificzoperationszthroughzrole-basedzaccesszcontrolsz-zANSWER-D
, Whichconfiguration |management |security |countermeasure |implements |least |privilege |access |control?
A |Following |strong |password |policies |to |restrict |access
BzRestrictingzfilezaccessztozuserszbasedzonzauthorization
C |Avoiding |clear |text |format |for |credentials |and |sensitive |data
D |Using |AES |256zencryptionzfor |communications |of |a |sensitive |nature |- |ANSWER-B
Which |phase |of |the |software |developmentzlife |cycle |(SDL/SDLC) |would |be |used |to |determine |the
|mini |mum |set |of |privilegeszrequired |to |perform |the |targeted |task |and |restrict |the |user |to |a |domain
|with |thos |ezprivileges?
AzDesign
B |Deploy
C |Development
D |Implementation |- |ANSWER-A
Which |least |privilege |method |iszmore |granular |in |scope |and |grants |specific |processeszonly |the
|privilege |sznecessary |to |perform |certain |required |functions, |instead |of |granting |them |unrestricted
|accesszto |the |s |ystem?
A |Entitlement |privilege
BzSeparationzofzprivilege
C |Aggregation |of |privileges
D |Segregation |of |responsibilities |- |ANSWER-B
Why |does |privilege |creep |poseza |potential |security |risk?
