WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2026 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
What is a step for constructing a threat model for a project when using practical risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
DAMakeAaAlistAofAwhatAyouAareAtryingAtoAprotectA- ANSWER-D
Which cyber threats are typically surgical by nature, have highly specific targeting, and are technologi
cally sophisticated?
AATacticalAattacks
B Criminal attacks
C Strategic attacks
D User-specific attacks - ANSWER-A
Which type of cyberattacks are often intended to elevate awareness of a topic?
A Cyberwarfare
B Tactical attacks
C User-specific attacks
DASociopoliticalAattacksA- ANSWER-D
,What type of attack locks a user's desktop and then requires a payment to unlockAit?
A Phishing
,B Keylogger
CARansomware
D Denial-of-service - ANSWER-C
What is a countermeasure against various forms of XML and XML path injection attacks?
A XML name wrapping
B XML unicode encoding
CAXMLAattributeAescaping
D XML distinguished name escaping - ANSWER-C
Which countermeasure is used to mitigate SQL injection attacks?
A SQLAFirewall
B Projected bijection
CAQueryAparameterization
D Progressive ColdFusion - ANSWER-C
What is an appropriate countermeasure to an escalation of privilege attack?
A Enforcing strong password policies
B Using standard encryption algorithms and correct key sizes
C Enabling the auditing and logging of all administration activities
DARestrictingAaccessAtoAspecificAoperationsAthroughArole-basedAaccessAcontrolsA-AANSWER-D
, Which configuration management security countermeasure implements least privilege access control?
A Following strong password policies to restrict access
BARestrictingAfileAaccessAtoAusersAbasedAonAauthorization
C Avoiding clear text format for credentials and sensitive data
D Using AES 256 encryption for communications of a sensitive nature - ANSWER-B
Which phase of the software development life cycle (SDL/SDLC) would be used to determine the mi
nimum set of privileges required to perform the targeted task and restrict the user to a domain wit
h those privileges?
AADesign
B Deploy
C Development
D Implementation - ANSWER-A
Which least privilege method is more granular in scope and grants specific processes only the privil
eges necessary to perform certain required functions, instead of granting them unrestricted access t
o the system?
A Entitlement privilege
BASeparationAofAprivilege
C Aggregation of privileges
D Segregation of responsibilities - ANSWER-B
Why does privilege creep pose a potential security risk?
DESIGN EXAM LATEST 2026 ACTUAL EXAM 400
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED A+
What is a step for constructing a threat model for a project when using practical risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
DAMakeAaAlistAofAwhatAyouAareAtryingAtoAprotectA- ANSWER-D
Which cyber threats are typically surgical by nature, have highly specific targeting, and are technologi
cally sophisticated?
AATacticalAattacks
B Criminal attacks
C Strategic attacks
D User-specific attacks - ANSWER-A
Which type of cyberattacks are often intended to elevate awareness of a topic?
A Cyberwarfare
B Tactical attacks
C User-specific attacks
DASociopoliticalAattacksA- ANSWER-D
,What type of attack locks a user's desktop and then requires a payment to unlockAit?
A Phishing
,B Keylogger
CARansomware
D Denial-of-service - ANSWER-C
What is a countermeasure against various forms of XML and XML path injection attacks?
A XML name wrapping
B XML unicode encoding
CAXMLAattributeAescaping
D XML distinguished name escaping - ANSWER-C
Which countermeasure is used to mitigate SQL injection attacks?
A SQLAFirewall
B Projected bijection
CAQueryAparameterization
D Progressive ColdFusion - ANSWER-C
What is an appropriate countermeasure to an escalation of privilege attack?
A Enforcing strong password policies
B Using standard encryption algorithms and correct key sizes
C Enabling the auditing and logging of all administration activities
DARestrictingAaccessAtoAspecificAoperationsAthroughArole-basedAaccessAcontrolsA-AANSWER-D
, Which configuration management security countermeasure implements least privilege access control?
A Following strong password policies to restrict access
BARestrictingAfileAaccessAtoAusersAbasedAonAauthorization
C Avoiding clear text format for credentials and sensitive data
D Using AES 256 encryption for communications of a sensitive nature - ANSWER-B
Which phase of the software development life cycle (SDL/SDLC) would be used to determine the mi
nimum set of privileges required to perform the targeted task and restrict the user to a domain wit
h those privileges?
AADesign
B Deploy
C Development
D Implementation - ANSWER-A
Which least privilege method is more granular in scope and grants specific processes only the privil
eges necessary to perform certain required functions, instead of granting them unrestricted access t
o the system?
A Entitlement privilege
BASeparationAofAprivilege
C Aggregation of privileges
D Segregation of responsibilities - ANSWER-B
Why does privilege creep pose a potential security risk?
