WGU C706 SECURE SOFTWARE DESIGN
ACTUAL EXAM 2026 QUESTIONS WITH
ANSWERS GRADED A+
⩥ SDLC. Answer: Software Development Life Cycle
⩥ Software Security. Answer: Building security into the software
through a SDL (Security Development Life Cycle) in an SDLC
(Software Development Life Cycle)
⩥ Application Security. Answer: Protecting the software and the systems
on which it runs after release
⩥ Three core elements of security. Answer: Confidentiality, integrity,
and availability (the C.I.A. model)
⩥ PITAC. Answer: President's Information Technology Advisory
Committee
⩥ Quality and security. Answer: In terms of coding defects, the product
not only has to work right, it also has to be secure
,⩥ Trustworthy Computing (TwC). Answer: The team which formed the
concepts that led to the Microsoft Security Development Lifecycle
⩥ Static analysis tools. Answer: Tools that look for a fixed set of
patterns or rules in the code in a manner similar to virus-checking
programs
⩥ Authorization. Answer: Ensures that the user has the appropriate role
and privilege to view data
⩥ Authentication. Answer: Ensures that the user is who he or she claims
to be and that the data come from the appropriate place
⩥ Threat modeling. Answer: To understand the potential security threats
to the system, determine risk, and establish appropriate mitigations.
Applies principles such as least privilege and defense-in-depth; requires
human expertise and not tools to accomplish
⩥ Attack surface. Answer: The entry points and exit points of an
application that may be accessible to an attacker
⩥ . Answer: The majority of attacks against software take advantage of,
or exploit, some vulnerability or weakness in that software; for this
reason, "attack" is often used interchangeably with "exploit," though the
Build Security In Attack Pattern Glossary makes a clear distinction
,between the two terms, with attack referring to the action against the
targeted software and exploit referring to the mechanism (e.g., a
technique or malicious code) by which that action is carried out.
⩥ . Answer: Availability: Ensuring timely and reliable access to and use
of information.
⩥ . Answer: Confidentiality: Preserving authorized restrictions on
information access and disclosure, including means for protecting
personal privacy and proprietary information.
⩥ . Answer: Integrity: Guarding against improper information
modification or destruction, and includes ensuring information non-
repudiation and authenticity.
⩥ . Answer: Authorization and authentication are the two properties that
support confidentiality in that authorization ensures that users have the
appropriate role and privilege to view data, and authentication ensures
that users are who they claim to be and that the data come from the
appropriate place.
⩥ . Answer: Developers must take the time to code cleanly, and
eradicate every possible security flaw before the code goes into
production.
, ⩥ . Answer: The idea behind threat modeling is simply to understand the
potential security threats to the system, determine risk, and establish
appropriate mitigations. When it is performed correctly, threat modeling
occurs early in the project life cycle and can be used to find security
design issues before code is committed.
⩥ . Answer: You cannot have quality without security or security
without quality. These two attributes complement each other, and both
enhance overall software product integrity and market value.
⩥ Techniques used in penetrating valid channels of authentication.
Answer: Cross-Site Scripting (XSS), Structured Query Language (SQL)
injection, buffer overflow exploitation
⩥ The most well-known SDL model. Answer: Trustworthy Computing
Security Development Lifecycle (SDL)
⩥ Other popular SDL models. Answer: Cigital Software Security
Touchpoints model, OWASP SDL, Cisco Secure Development Lifecycle
(CSDL)
⩥ SDL Optimization Model. Answer: Enables development managers
and IT policymakers to assess the state of the security in development
ACTUAL EXAM 2026 QUESTIONS WITH
ANSWERS GRADED A+
⩥ SDLC. Answer: Software Development Life Cycle
⩥ Software Security. Answer: Building security into the software
through a SDL (Security Development Life Cycle) in an SDLC
(Software Development Life Cycle)
⩥ Application Security. Answer: Protecting the software and the systems
on which it runs after release
⩥ Three core elements of security. Answer: Confidentiality, integrity,
and availability (the C.I.A. model)
⩥ PITAC. Answer: President's Information Technology Advisory
Committee
⩥ Quality and security. Answer: In terms of coding defects, the product
not only has to work right, it also has to be secure
,⩥ Trustworthy Computing (TwC). Answer: The team which formed the
concepts that led to the Microsoft Security Development Lifecycle
⩥ Static analysis tools. Answer: Tools that look for a fixed set of
patterns or rules in the code in a manner similar to virus-checking
programs
⩥ Authorization. Answer: Ensures that the user has the appropriate role
and privilege to view data
⩥ Authentication. Answer: Ensures that the user is who he or she claims
to be and that the data come from the appropriate place
⩥ Threat modeling. Answer: To understand the potential security threats
to the system, determine risk, and establish appropriate mitigations.
Applies principles such as least privilege and defense-in-depth; requires
human expertise and not tools to accomplish
⩥ Attack surface. Answer: The entry points and exit points of an
application that may be accessible to an attacker
⩥ . Answer: The majority of attacks against software take advantage of,
or exploit, some vulnerability or weakness in that software; for this
reason, "attack" is often used interchangeably with "exploit," though the
Build Security In Attack Pattern Glossary makes a clear distinction
,between the two terms, with attack referring to the action against the
targeted software and exploit referring to the mechanism (e.g., a
technique or malicious code) by which that action is carried out.
⩥ . Answer: Availability: Ensuring timely and reliable access to and use
of information.
⩥ . Answer: Confidentiality: Preserving authorized restrictions on
information access and disclosure, including means for protecting
personal privacy and proprietary information.
⩥ . Answer: Integrity: Guarding against improper information
modification or destruction, and includes ensuring information non-
repudiation and authenticity.
⩥ . Answer: Authorization and authentication are the two properties that
support confidentiality in that authorization ensures that users have the
appropriate role and privilege to view data, and authentication ensures
that users are who they claim to be and that the data come from the
appropriate place.
⩥ . Answer: Developers must take the time to code cleanly, and
eradicate every possible security flaw before the code goes into
production.
, ⩥ . Answer: The idea behind threat modeling is simply to understand the
potential security threats to the system, determine risk, and establish
appropriate mitigations. When it is performed correctly, threat modeling
occurs early in the project life cycle and can be used to find security
design issues before code is committed.
⩥ . Answer: You cannot have quality without security or security
without quality. These two attributes complement each other, and both
enhance overall software product integrity and market value.
⩥ Techniques used in penetrating valid channels of authentication.
Answer: Cross-Site Scripting (XSS), Structured Query Language (SQL)
injection, buffer overflow exploitation
⩥ The most well-known SDL model. Answer: Trustworthy Computing
Security Development Lifecycle (SDL)
⩥ Other popular SDL models. Answer: Cigital Software Security
Touchpoints model, OWASP SDL, Cisco Secure Development Lifecycle
(CSDL)
⩥ SDL Optimization Model. Answer: Enables development managers
and IT policymakers to assess the state of the security in development
