WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025 ACTUAL EXAM 400 QUESTIONS
AND CORRECT DETAILED ANSWERS WITH RATIONALES
(VERIFIED ANSWERS) |ALREADY GRADED A+
What is a step for constructing a threat model for a project when using practical risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
D Make a list of what you are trying to protect - ANSWER-D
Which cyber threats are typically surgical by nature, have highly specific targeting, and are
technologically sophisticated?
A Tactical attacks
B Criminal attacks
C Strategic attacks
D User-specific attacks - ANSWER-A
Which type of cyberattacks are often intended to elevate awareness of a topic?
A Cyberwarfare
B Tactical attacks
C User-specific attacks
D Sociopolitical attacks - ANSWER-D
What type of attack locks a user's desktop and then requires a payment to unlock it?
A Phishing
, WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025 ACTUAL EXAM 400 QUESTIONS
AND CORRECT DETAILED ANSWERS WITH RATIONALES
(VERIFIED ANSWERS) |ALREADY GRADED A+
B Keylogger
C Ransomware
D Denial-of-service - ANSWER-C
What is a countermeasure against various forms of XML and XML path injection attacks?
A XML name wrapping
B XML unicode encoding
C XML attribute escaping
D XML distinguished name escaping - ANSWER-C
Which countermeasure is used to mitigate SQL injection attacks?
A SQL Firewall
B Projected bijection
C Query parameterization
D Progressive ColdFusion - ANSWER-C
What is an appropriate countermeasure to an escalation of privilege attack?
A Enforcing strong password policies
B Using standard encryption algorithms and correct key sizes
C Enabling the auditing and logging of all administration activities
D Restricting access to specific operations through role-based access controls - ANSWER-D
, WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025 ACTUAL EXAM 400 QUESTIONS
AND CORRECT DETAILED ANSWERS WITH RATIONALES
(VERIFIED ANSWERS) |ALREADY GRADED A+
Which configuration management security countermeasure implements least privilege access control?
A Following strong password policies to restrict access
B Restricting file access to users based on authorization
C Avoiding clear text format for credentials and sensitive data
D Using AES 256 encryption for communications of a sensitive nature - ANSWER-B
Which fphase fof fthe fsoftware fdevelopment flife fcycle f(SDL/SDLC) fwould fbe fused fto fdetermine
fthe fminimum fset fof fprivileges frequired fto fperform fthe ftargeted ftask fand frestrict fthe fuser fto fa
fdomain fwith fthose fprivileges?
A fDesign
B fDeploy
C fDevelopment
D fImplementation f- fANSWER-A
Which fleast fprivilege fmethod fis fmore fgranular fin fscope fand fgrants fspecific fprocesses fonly fthe
fprivileges fnecessary fto fperform fcertain frequired ffunctions, finstead fof fgranting fthem funrestricted
faccess fto fthe fsystem?
A fEntitlement fprivilege
B fSeparation fof fprivilege
C fAggregation fof fprivileges
D fSegregation fof fresponsibilities f- fANSWER-B
Why fdoes fprivilege fcreep fpose fa fpotential fsecurity frisk?
, WGU fMASTER'S fCOURSE fC706 f- fSECURE fSOFTWARE
fDESIGN fEXAM fLATEST f2025 fACTUAL fEXAM f400 fQUESTIONS
fAND fCORRECT fDETAILED fANSWERS fWITH fRATIONALES
f(VERIFIED fANSWERS) f|ALREADY fGRADED fA+
A fUser fprivileges fdo fnot fmatch ftheir fjob frole.
B fWith fmore fprivileges, fthere fare fmore fresponsibilities.
C fAuditing fwill fshow fa fmismatch fbetween findividual fresponsibilities fand ftheir faccess frights.
D fUsers fhave fmore fprivileges fthan fthey fneed fand fmay fperform factions foutside ftheir fjob
fdescription. f- fANSWER-D
A fsystem fdeveloper fis fimplementing fa fnew fsales fsystem. fThe fsystem fdeveloper fis fconcerned fthat
funauthorized findividuals fmay fbe fable fto fview fsensitive fcustomer ffinancial fdata.
Which ffamily fof fnonfunctional frequirements fshould fbe fconsidered fas fpart fof fthe facceptance fcriteria?
A fIntegrity
B fAvailability
C fNonrepudition
D fConfidentiality f- fANSWER-D
A fproject fmanager fis fgiven fthe ftask fto fcome fup fwith fnonfunctional facceptance fcriteria
frequirements ffor fbusiness fowners fas fpart fof fa fproject fdelivery.
Which fnonfunctional frequirement fshould fbe fapplied fto fthe facceptance fcriteria?
A fGive fsearch foptions fto fusers
B fEvaluate ftest fexecution fresults
C fDivide fusers finto fgroups fand fgive fthem fseparate frights
D fDevelop fsoftware fthat fkeeps fdownward fcompatibility fintact f- fANSWER-B
DESIGN EXAM LATEST 2025 ACTUAL EXAM 400 QUESTIONS
AND CORRECT DETAILED ANSWERS WITH RATIONALES
(VERIFIED ANSWERS) |ALREADY GRADED A+
What is a step for constructing a threat model for a project when using practical risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
D Make a list of what you are trying to protect - ANSWER-D
Which cyber threats are typically surgical by nature, have highly specific targeting, and are
technologically sophisticated?
A Tactical attacks
B Criminal attacks
C Strategic attacks
D User-specific attacks - ANSWER-A
Which type of cyberattacks are often intended to elevate awareness of a topic?
A Cyberwarfare
B Tactical attacks
C User-specific attacks
D Sociopolitical attacks - ANSWER-D
What type of attack locks a user's desktop and then requires a payment to unlock it?
A Phishing
, WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025 ACTUAL EXAM 400 QUESTIONS
AND CORRECT DETAILED ANSWERS WITH RATIONALES
(VERIFIED ANSWERS) |ALREADY GRADED A+
B Keylogger
C Ransomware
D Denial-of-service - ANSWER-C
What is a countermeasure against various forms of XML and XML path injection attacks?
A XML name wrapping
B XML unicode encoding
C XML attribute escaping
D XML distinguished name escaping - ANSWER-C
Which countermeasure is used to mitigate SQL injection attacks?
A SQL Firewall
B Projected bijection
C Query parameterization
D Progressive ColdFusion - ANSWER-C
What is an appropriate countermeasure to an escalation of privilege attack?
A Enforcing strong password policies
B Using standard encryption algorithms and correct key sizes
C Enabling the auditing and logging of all administration activities
D Restricting access to specific operations through role-based access controls - ANSWER-D
, WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2025 ACTUAL EXAM 400 QUESTIONS
AND CORRECT DETAILED ANSWERS WITH RATIONALES
(VERIFIED ANSWERS) |ALREADY GRADED A+
Which configuration management security countermeasure implements least privilege access control?
A Following strong password policies to restrict access
B Restricting file access to users based on authorization
C Avoiding clear text format for credentials and sensitive data
D Using AES 256 encryption for communications of a sensitive nature - ANSWER-B
Which fphase fof fthe fsoftware fdevelopment flife fcycle f(SDL/SDLC) fwould fbe fused fto fdetermine
fthe fminimum fset fof fprivileges frequired fto fperform fthe ftargeted ftask fand frestrict fthe fuser fto fa
fdomain fwith fthose fprivileges?
A fDesign
B fDeploy
C fDevelopment
D fImplementation f- fANSWER-A
Which fleast fprivilege fmethod fis fmore fgranular fin fscope fand fgrants fspecific fprocesses fonly fthe
fprivileges fnecessary fto fperform fcertain frequired ffunctions, finstead fof fgranting fthem funrestricted
faccess fto fthe fsystem?
A fEntitlement fprivilege
B fSeparation fof fprivilege
C fAggregation fof fprivileges
D fSegregation fof fresponsibilities f- fANSWER-B
Why fdoes fprivilege fcreep fpose fa fpotential fsecurity frisk?
, WGU fMASTER'S fCOURSE fC706 f- fSECURE fSOFTWARE
fDESIGN fEXAM fLATEST f2025 fACTUAL fEXAM f400 fQUESTIONS
fAND fCORRECT fDETAILED fANSWERS fWITH fRATIONALES
f(VERIFIED fANSWERS) f|ALREADY fGRADED fA+
A fUser fprivileges fdo fnot fmatch ftheir fjob frole.
B fWith fmore fprivileges, fthere fare fmore fresponsibilities.
C fAuditing fwill fshow fa fmismatch fbetween findividual fresponsibilities fand ftheir faccess frights.
D fUsers fhave fmore fprivileges fthan fthey fneed fand fmay fperform factions foutside ftheir fjob
fdescription. f- fANSWER-D
A fsystem fdeveloper fis fimplementing fa fnew fsales fsystem. fThe fsystem fdeveloper fis fconcerned fthat
funauthorized findividuals fmay fbe fable fto fview fsensitive fcustomer ffinancial fdata.
Which ffamily fof fnonfunctional frequirements fshould fbe fconsidered fas fpart fof fthe facceptance fcriteria?
A fIntegrity
B fAvailability
C fNonrepudition
D fConfidentiality f- fANSWER-D
A fproject fmanager fis fgiven fthe ftask fto fcome fup fwith fnonfunctional facceptance fcriteria
frequirements ffor fbusiness fowners fas fpart fof fa fproject fdelivery.
Which fnonfunctional frequirement fshould fbe fapplied fto fthe facceptance fcriteria?
A fGive fsearch foptions fto fusers
B fEvaluate ftest fexecution fresults
C fDivide fusers finto fgroups fand fgive fthem fseparate frights
D fDevelop fsoftware fthat fkeeps fdownward fcompatibility fintact f- fANSWER-B
