1|Page
WGU MASTER'S COURSE C706 SECURE SOFTWARE DESIGN
EXAM ACTUAL QUESTIONS AND ANSWERS - LATEST AND
COMPLETE UPDATE WITH VERIFIED SOLUTIONS –
ASSURED PASS WITH ISTANT DOWNLOAD PDF.
Whatziszazstepzforzconstructingzazthreatzmodelzforzazprojectzwhenzusingzpracticalzriskzanalysis?
AzAlignzyourzbusinesszgoals
BzApplyzengineeringzmethods
CzEstimatezprobabilityzofzprojectztime
DzMakezazlistzofzwhatzyouzareztryingztozprotectz-zANSWER-D
Whichzcyberzthreatszareztypicallyzsurgicalzbyznature,zhavezhighlyzspecificztargeting,zandzareztechnological
lyzsophisticated?
AzTacticalzattacks
BzCriminalzattacks
CzStrategiczattacks
DzUser-specificzattacksz-zANSWER-A
Whichztypezofzcyberattackszarezoftenzintendedztozelevatezawarenesszofzaztopic?
AzCyberwarfare
BzTacticalzattacks
CzUser-specificzattacks
DzSociopoliticalzattacksz-zANSWER-D
,2|Page
Whatztypezofzattackzlockszazuser'szdesktopzandzthenzrequireszazpaymentztozunlockzit?
AzPhishing
BzKeylogger
CzRansomware
DzDenial-of-servicez-zANSWER-C
WhatziszazcountermeasurezagainstzvariouszformszofzXMLzandzXMLzpathzinjectionzattacks?
AzXMLznamezwrapping
BzXMLzunicodezencoding
CzXMLzattributezescaping
DzXMLzdistinguishedznamezescapingz-zANSWER-C
WhichzcountermeasureziszusedztozmitigatezSQLzinjectionzattacks?
AzSQLzFirewall
BzProjectedzbijection
CzQueryzparameterization
DzProgressivezColdFusionz-zANSWER-C
Whatziszanzappropriatezcountermeasureztozanzescalationzofzprivilegezattack?
AzEnforcingzstrongzpasswordzpolicies
,3|Page
BzUsingzstandardzencryptionzalgorithmszandzcorrectzkeyzsizes
CzEnablingzthezauditingzandzloggingzofzallzadministrationzactivities
DzRestrictingzaccessztozspecificzoperationszthroughzrole-basedzaccesszcontrolsz-zANSWER-D
Whichzconfigurationzmanagementzsecurityzcountermeasurezimplementszleastzprivilegezaccesszcontrol?
AzFollowingzstrongzpasswordzpoliciesztozrestrictzaccess
BzRestrictingzfilezaccessztozuserszbasedzonzauthorization
CzAvoidingzclearztextzformatzforzcredentialszandzsensitivezdata
DzUsingzAESz256zencryptionzforzcommunicationszofzazsensitiveznaturez-zANSWER-B
Whichzphasezofzthezsoftwarezdevelopmentzlifezcyclez(SDL/SDLC)zwouldzbezusedztozdeterminezthezmini
mumzsetzofzprivilegeszrequiredztozperformztheztargetedztaskzandzrestrictzthezuserztozazdomainzwithzthos
ezprivileges?
AzDesign
BzDeploy
CzDevelopment
DzImplementationz-zANSWER-A
Whichzleastzprivilegezmethodziszmorezgranularzinzscopezandzgrantszspecificzprocesseszonlyzthezprivilege
sznecessaryztozperformzcertainzrequiredzfunctions,zinsteadzofzgrantingzthemzunrestrictedzaccessztozthezs
ystem?
AzEntitlementzprivilege
BzSeparationzofzprivilege
CzAggregationzofzprivileges
DzSegregationzofzresponsibilitiesz-zANSWER-B
, 4|Page
Whyzdoeszprivilegezcreepzposezazpotentialzsecurityzrisk?
AzUserzprivilegeszdoznotzmatchztheirzjobzrole.
BzWithzmorezprivileges,ztherezarezmorezresponsibilities.
CzAuditingzwillzshowzazmismatchzbetweenzindividualzresponsibilitieszandztheirzaccesszrights.
DzUserszhavezmorezprivilegeszthanztheyzneedzandzmayzperformzactionszoutsideztheirzjobzdescription.zzAN
SWER-D
Azsystemzdeveloperziszimplementingzaznewzsaleszsystem.zThezsystemzdeveloperziszconcernedzthatzunaut
horizedzindividualszmayzbezableztozviewzsensitivezcustomerzfinancialzdata.
Whichzfamilyzofznonfunctionalzrequirementszshouldzbezconsideredzaszpartzofzthezacceptancezcriteria?
AzIntegrity
BzAvailability
CzNonrepudition
DzConfidentialityz-zANSWER-D
Azprojectzmanagerziszgivenztheztaskztozcomezupzwithznonfunctionalzacceptancezcriteriazrequirementszfo
rzbusinesszownerszaszpartzofzazprojectzdelivery.
Whichznonfunctionalzrequirementzshouldzbezappliedztozthezacceptancezcriteria?
AzGivezsearchzoptionsztozusers
BzEvaluateztestzexecutionzresults
WGU MASTER'S COURSE C706 SECURE SOFTWARE DESIGN
EXAM ACTUAL QUESTIONS AND ANSWERS - LATEST AND
COMPLETE UPDATE WITH VERIFIED SOLUTIONS –
ASSURED PASS WITH ISTANT DOWNLOAD PDF.
Whatziszazstepzforzconstructingzazthreatzmodelzforzazprojectzwhenzusingzpracticalzriskzanalysis?
AzAlignzyourzbusinesszgoals
BzApplyzengineeringzmethods
CzEstimatezprobabilityzofzprojectztime
DzMakezazlistzofzwhatzyouzareztryingztozprotectz-zANSWER-D
Whichzcyberzthreatszareztypicallyzsurgicalzbyznature,zhavezhighlyzspecificztargeting,zandzareztechnological
lyzsophisticated?
AzTacticalzattacks
BzCriminalzattacks
CzStrategiczattacks
DzUser-specificzattacksz-zANSWER-A
Whichztypezofzcyberattackszarezoftenzintendedztozelevatezawarenesszofzaztopic?
AzCyberwarfare
BzTacticalzattacks
CzUser-specificzattacks
DzSociopoliticalzattacksz-zANSWER-D
,2|Page
Whatztypezofzattackzlockszazuser'szdesktopzandzthenzrequireszazpaymentztozunlockzit?
AzPhishing
BzKeylogger
CzRansomware
DzDenial-of-servicez-zANSWER-C
WhatziszazcountermeasurezagainstzvariouszformszofzXMLzandzXMLzpathzinjectionzattacks?
AzXMLznamezwrapping
BzXMLzunicodezencoding
CzXMLzattributezescaping
DzXMLzdistinguishedznamezescapingz-zANSWER-C
WhichzcountermeasureziszusedztozmitigatezSQLzinjectionzattacks?
AzSQLzFirewall
BzProjectedzbijection
CzQueryzparameterization
DzProgressivezColdFusionz-zANSWER-C
Whatziszanzappropriatezcountermeasureztozanzescalationzofzprivilegezattack?
AzEnforcingzstrongzpasswordzpolicies
,3|Page
BzUsingzstandardzencryptionzalgorithmszandzcorrectzkeyzsizes
CzEnablingzthezauditingzandzloggingzofzallzadministrationzactivities
DzRestrictingzaccessztozspecificzoperationszthroughzrole-basedzaccesszcontrolsz-zANSWER-D
Whichzconfigurationzmanagementzsecurityzcountermeasurezimplementszleastzprivilegezaccesszcontrol?
AzFollowingzstrongzpasswordzpoliciesztozrestrictzaccess
BzRestrictingzfilezaccessztozuserszbasedzonzauthorization
CzAvoidingzclearztextzformatzforzcredentialszandzsensitivezdata
DzUsingzAESz256zencryptionzforzcommunicationszofzazsensitiveznaturez-zANSWER-B
Whichzphasezofzthezsoftwarezdevelopmentzlifezcyclez(SDL/SDLC)zwouldzbezusedztozdeterminezthezmini
mumzsetzofzprivilegeszrequiredztozperformztheztargetedztaskzandzrestrictzthezuserztozazdomainzwithzthos
ezprivileges?
AzDesign
BzDeploy
CzDevelopment
DzImplementationz-zANSWER-A
Whichzleastzprivilegezmethodziszmorezgranularzinzscopezandzgrantszspecificzprocesseszonlyzthezprivilege
sznecessaryztozperformzcertainzrequiredzfunctions,zinsteadzofzgrantingzthemzunrestrictedzaccessztozthezs
ystem?
AzEntitlementzprivilege
BzSeparationzofzprivilege
CzAggregationzofzprivileges
DzSegregationzofzresponsibilitiesz-zANSWER-B
, 4|Page
Whyzdoeszprivilegezcreepzposezazpotentialzsecurityzrisk?
AzUserzprivilegeszdoznotzmatchztheirzjobzrole.
BzWithzmorezprivileges,ztherezarezmorezresponsibilities.
CzAuditingzwillzshowzazmismatchzbetweenzindividualzresponsibilitieszandztheirzaccesszrights.
DzUserszhavezmorezprivilegeszthanztheyzneedzandzmayzperformzactionszoutsideztheirzjobzdescription.zzAN
SWER-D
Azsystemzdeveloperziszimplementingzaznewzsaleszsystem.zThezsystemzdeveloperziszconcernedzthatzunaut
horizedzindividualszmayzbezableztozviewzsensitivezcustomerzfinancialzdata.
Whichzfamilyzofznonfunctionalzrequirementszshouldzbezconsideredzaszpartzofzthezacceptancezcriteria?
AzIntegrity
BzAvailability
CzNonrepudition
DzConfidentialityz-zANSWER-D
Azprojectzmanagerziszgivenztheztaskztozcomezupzwithznonfunctionalzacceptancezcriteriazrequirementszfo
rzbusinesszownerszaszpartzofzazprojectzdelivery.
Whichznonfunctionalzrequirementzshouldzbezappliedztozthezacceptancezcriteria?
AzGivezsearchzoptionsztozusers
BzEvaluateztestzexecutionzresults
