WGU C706 - SECURE SOFTWARE DESIGN LATEST VERSION
02/22/2026
2026/2027| QUESTIONS AND CORRECT ANSWERS
WGU C706 - Secure Software Design Latest Version
2026/2027| Questions and Correct Answers (Verified exam
Which due diligence activity for supply chain security should occur in the initiation phase of the software
acquisition life cycle?
A Developing a request for proposal (RFP) that includes supply chain security risk management
B Lessening the risk of disseminating information during disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user guidance
Which due diligence activity for supply chain security investigates the means by which data sets are
shared and assessed?
A on-site assessment
B process policy review
C third-party assessment
D document exchange and review
Consider these characteristics:
-Identification of the entity making the access request
2/22/2026
-Verification that the request has not changed since its initiation
-Application of the appropriate authorization procedures
1
, WGU C706 - SECURE SOFTWARE DESIGN LATEST VERSION
02/22/2026
2026/2027| QUESTIONS AND CORRECT ANSWERS
-Reexamination of previously authorized requests by the same entity
Which security design analysis is being described?
A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism
Which software security principle guards against the improper modification or destruction of
information and ensures the nonrepudiation and authenticity of information?
A Quality
B Integrity
C Availability
D Confidentiality
What type of functional security requirement involves receiving, processing, storing, transmitting, and
delivering in report form?
A Logging
B Error handling
C Primary dataflow
D Access control flow
2/22/2026
2
, WGU C706 - SECURE SOFTWARE DESIGN LATEST VERSION
02/22/2026
2026/2027| QUESTIONS AND CORRECT ANSWERS
Which nonfunctional security requirement provides a way to capture information correctly and a way to
store that information to help support later audits?
A Logging
B Error handling
C Primary dataflow
D Access control flow
Which security concept refers to the quality of information that could cause harm or damage if
disclosed?
A Isolation
B Discretion
C Seclusion
D Sensitivity
Which technology would be an example of an injection flaw, according to the OWASP Top 10?
A SQL
B API
C XML
D XSS
A company is creating a new software to track customer balance and wants to design a secure
2/22/2026
application.
3
, WGU C706 - SECURE SOFTWARE DESIGN LATEST VERSION
02/22/2026
2026/2027| QUESTIONS AND CORRECT ANSWERS
Which best practice should be applied?
A Develop a secure authentication method that has a closed design
B Allow mediation bypass or suspension for software testing and emergency planning
C Ensure there is physical acceptability to ensure software is intuitive for the users to do their jobs
D Create multiple layers of protection so that a subsequent layer provides protection if a layer is
breached
A company is developing a secure software that has to be evaluated and tested by a large number of
experts.
Which security principle should be applied?
A Fail safe
B Open design
C Defense in depth
D Complete mediation
Which type of TCP scanning indicates that a system is moving to the second phase in a three-way TCP
handshake?
A TCP SYN scanning
B TCP ACK scanning
C TCP XMAS scanning
D TCP Connect scanning
2/22/2026
4
02/22/2026
2026/2027| QUESTIONS AND CORRECT ANSWERS
WGU C706 - Secure Software Design Latest Version
2026/2027| Questions and Correct Answers (Verified exam
Which due diligence activity for supply chain security should occur in the initiation phase of the software
acquisition life cycle?
A Developing a request for proposal (RFP) that includes supply chain security risk management
B Lessening the risk of disseminating information during disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user guidance
Which due diligence activity for supply chain security investigates the means by which data sets are
shared and assessed?
A on-site assessment
B process policy review
C third-party assessment
D document exchange and review
Consider these characteristics:
-Identification of the entity making the access request
2/22/2026
-Verification that the request has not changed since its initiation
-Application of the appropriate authorization procedures
1
, WGU C706 - SECURE SOFTWARE DESIGN LATEST VERSION
02/22/2026
2026/2027| QUESTIONS AND CORRECT ANSWERS
-Reexamination of previously authorized requests by the same entity
Which security design analysis is being described?
A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism
Which software security principle guards against the improper modification or destruction of
information and ensures the nonrepudiation and authenticity of information?
A Quality
B Integrity
C Availability
D Confidentiality
What type of functional security requirement involves receiving, processing, storing, transmitting, and
delivering in report form?
A Logging
B Error handling
C Primary dataflow
D Access control flow
2/22/2026
2
, WGU C706 - SECURE SOFTWARE DESIGN LATEST VERSION
02/22/2026
2026/2027| QUESTIONS AND CORRECT ANSWERS
Which nonfunctional security requirement provides a way to capture information correctly and a way to
store that information to help support later audits?
A Logging
B Error handling
C Primary dataflow
D Access control flow
Which security concept refers to the quality of information that could cause harm or damage if
disclosed?
A Isolation
B Discretion
C Seclusion
D Sensitivity
Which technology would be an example of an injection flaw, according to the OWASP Top 10?
A SQL
B API
C XML
D XSS
A company is creating a new software to track customer balance and wants to design a secure
2/22/2026
application.
3
, WGU C706 - SECURE SOFTWARE DESIGN LATEST VERSION
02/22/2026
2026/2027| QUESTIONS AND CORRECT ANSWERS
Which best practice should be applied?
A Develop a secure authentication method that has a closed design
B Allow mediation bypass or suspension for software testing and emergency planning
C Ensure there is physical acceptability to ensure software is intuitive for the users to do their jobs
D Create multiple layers of protection so that a subsequent layer provides protection if a layer is
breached
A company is developing a secure software that has to be evaluated and tested by a large number of
experts.
Which security principle should be applied?
A Fail safe
B Open design
C Defense in depth
D Complete mediation
Which type of TCP scanning indicates that a system is moving to the second phase in a three-way TCP
handshake?
A TCP SYN scanning
B TCP ACK scanning
C TCP XMAS scanning
D TCP Connect scanning
2/22/2026
4
