WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2026 ACTUAL EXAM 250
QUESTIONS AND CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS) |ALREADY GRADED A+
Your company implements several databases. You are concerned with
the security of the data in the databases. Which statement is correct
for database security? A Data control language (DCL) implements
security through access control and granular restrictions. B Bind
variables provide access control through implementing granular
restrictions. C Data manipulation language (DML) implements access
control through authorization. D Data identification language
implements security on data components. - ANSWER//A Which
statement is true of a salami attack? A type of passive attack. B social
engineering technique. C not an example of data diddling. D involves
stealing small amounts of money from multiple accounts. -
ANSWER//D Your company decides that a new software product must
be purchased to help the marketing staff manage their marketing
campaigns and the resources used. During which phase of the
software acquisition process do you document the software
requirements? A Monitoring phase B Maintaining phase C Planning
phase D Contracting phase - ANSWER//C You have been tasked with
the development of a new application for your organization. You are
engaged in the project initiation phase. Which activity should you
implement during this phase? A certification and accreditation B
defining formal functional baseline C functionality and performance
tests D identification of threats and vulnerabilities - ANSWER//D
Which Web browser add-in uses Authenticode for security? A
Common Gateway Interface (CGI) B ActiveX C Cross-site scripting (XSS)
D Java - ANSWER//B Which statement correctly defines the multipart
virus? A multipart virus is coded in macro language. B multipart virus
can change some of its characteristics while it replicates. C multipart
virus can hide itself from antivirus software by distorting its code. D
multipart virus can infect both executable files and boot sectors of
1|Pag e
,hard disk drives. - ANSWER//D Which malicious software relies upon
other applications to execute and infect the system?Each correct
answer represents a complete solution. Choose two. A worm B logic
bomb C Trojan horse D virus - ANSWER//CD What is the primary
function of COCOMO? A cost estimation B time estimation C risk
estimation D threat analysis - ANSWER//A You have implemented a
new network for a customer. Management has requested that you
implement anti-virus software that is capable of detecting all types of
malicious code, including unknown malware. Which type of anti-virus
software should you implement? A heuristic detection B behavior
blocking C immunization D signature-based detection - ANSWER//A
During a recent security assessment, you discover that a computer on
your network has been compromised. An application has been
inadvertently installed on the computer. This application allows a
criminal to use the compromised computer to carry out an attack.
What is the term for this compromised computer? A victim B botnet C
bot D zombie - ANSWER//D Recently, your company's file server was
the victim of a hacker attack. After researching the attack, you
discover that multiple computers were used to implement the attack,
which eventually caused the file server to overload. Which attack
occurred? A ping of death attack B land attack C distributed denial-of-
service (DDoS) attack D denial-of-service (DoS) attack - ANSWER//C
Which pair of processes should be separated from each other to
manage the stability of the test environment? A testing and validity B
testing and development C validity and production D validity and
security - ANSWER//B A custom application is used to manage your
company's human resources files. A manager reports that certain
users are able to perform actions that should not be permitted. When
you research this issue, you discover that the users have been granted
an inappropriate permission. Which type of security threat has
occurred? A privilege escalation B virus C logic bomb D worm -
ANSWER//A After a software development project is completed,
management decides to reassign its physical resources, after first
ensuring that there is no residual data left on the medium. Which
term is used to describe this practice? A dynamic data exchange B
polymorphism C metadata D object reuse - ANSWER//D Your
2|Pag e
,organization has recently implemented an artificial neural network
(ANN). The ANN enabled the network to make decisions based on the
experience provided to them. Which characteristic of the ANN is
described? A adaptability B fault tolerance C neural integrity D
retention capability - ANSWER//A What is used in evolutionary
computing? A characteristics of living organisms B knowledge from an
expert C mathematical or computational models D genetic algorithms
- ANSWER//D Which statement correctly defines the object-oriented
database model? A The relationship between data elements is in the
form of a logical tree. B It is a hybrid between relational and object-
based databases. C It logically interconnects remotely located
databases. D It can store data that includes multimedia clips, images,
video, and graphics. - ANSWER//D You need to view events on host
name registrations. Which log in Event Viewer should you view? A
Security B System C DNS D Application - ANSWER//C A developer has
requested a particular change in the configuration of a file server.
Which step should occur next in the change process if a change
control policy is in place? A Document the change. B Approve the
change. C Implement the change. D Test the change. - ANSWER//A An
organization's Web site includes several Java applets. The Java applets
include a security feature that limits the applet's access to certain
areas of the Web user's system. How does it do this? A by using macro
languages B by using digital and trusted certificates C by using
sandboxes D by using object codes - ANSWER//C Which statement
correctly defines the capability maturity model in the context of
software development? A It is a model based on conducting reviews
and documenting the reviews in each phase of the software
development cycle. B It is a model based on analyzing the risk and
building prototypes and simulations during the various phases of the
software development cycle. C It is a model that describes the
principles, procedures, and practices that should be followed in the
software development cycle. D It is a formal model based on the
capacity of an organization to cater to projects. - ANSWER//C What is
the process of ensuring the corporate security policies are carried out
consistently? A auditing B social engineering C footprinting D scanning
- ANSWER//A Your organization uses a relational database to store
3|Pag e
, customer contact information. You need to modify the schema of the
relational database. Which component identifies this information? A
data definition language (DDL) B query language (QL) C data control
language (DCL) D data manipulation language (DML) - ANSWER//A You
work for a company that creates customized software solutions for
customers. Recently, a customer has requested that your company
provide a software escrow. What is the purpose of this request? A to
provide a software vendor's source code in the event the vendor goes
out of business B to ensure that appropriate software licenses exist C
to provide an account to purchase software licenses D to provide a
backup copy of all software used by your company - ANSWER//A Your
organization has a fault-tolerant, clustered database that maintains
sales records. Which transactional technique is used in this
environment? A ODBC B OLE DB C OLTP D data warehousing -
ANSWER//C Which function is provided by remote procedure call
(RPC)? A allows the execution of individual routines on remote
computers across a network. B identifies components within a
distributed computing environment (DCE). C provides code that can
be transmitted across a network and executed remotely. D provides
an integrated file system that all users in the distributed environment
can share. - ANSWER//A During a software development project, you
need to ensure that the period progress of the project is monitored
appropriately. Which technique(s) can be used? a. Gantt charts b. Unit
testing c. Delphi technique d. Program Evaluation Review Technique
charts e. Prototype Evaluation Review Technique charts A option d B
option e C options a and b only D options c and d only E options c and
e only F options a and d only G option a H option b I option c -
ANSWER//F Which statement is true of data diddling? A Data diddling
is associated with the outsiders in an organization. B Data diddling is
used to extract sensitive information regarding employees. C Data
diddling refers to manipulation of the input data in an application. D A
salami attack is not an example of data diddling. - ANSWER//C Which
type of virus is specifically designed to take advantage of the
extension search order of an operating system? A resident B
nonresident C boot sector replication D companion - ANSWER//D
During the application development life cycle, your team performs
4|Pag e
DESIGN EXAM LATEST 2026 ACTUAL EXAM 250
QUESTIONS AND CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS) |ALREADY GRADED A+
Your company implements several databases. You are concerned with
the security of the data in the databases. Which statement is correct
for database security? A Data control language (DCL) implements
security through access control and granular restrictions. B Bind
variables provide access control through implementing granular
restrictions. C Data manipulation language (DML) implements access
control through authorization. D Data identification language
implements security on data components. - ANSWER//A Which
statement is true of a salami attack? A type of passive attack. B social
engineering technique. C not an example of data diddling. D involves
stealing small amounts of money from multiple accounts. -
ANSWER//D Your company decides that a new software product must
be purchased to help the marketing staff manage their marketing
campaigns and the resources used. During which phase of the
software acquisition process do you document the software
requirements? A Monitoring phase B Maintaining phase C Planning
phase D Contracting phase - ANSWER//C You have been tasked with
the development of a new application for your organization. You are
engaged in the project initiation phase. Which activity should you
implement during this phase? A certification and accreditation B
defining formal functional baseline C functionality and performance
tests D identification of threats and vulnerabilities - ANSWER//D
Which Web browser add-in uses Authenticode for security? A
Common Gateway Interface (CGI) B ActiveX C Cross-site scripting (XSS)
D Java - ANSWER//B Which statement correctly defines the multipart
virus? A multipart virus is coded in macro language. B multipart virus
can change some of its characteristics while it replicates. C multipart
virus can hide itself from antivirus software by distorting its code. D
multipart virus can infect both executable files and boot sectors of
1|Pag e
,hard disk drives. - ANSWER//D Which malicious software relies upon
other applications to execute and infect the system?Each correct
answer represents a complete solution. Choose two. A worm B logic
bomb C Trojan horse D virus - ANSWER//CD What is the primary
function of COCOMO? A cost estimation B time estimation C risk
estimation D threat analysis - ANSWER//A You have implemented a
new network for a customer. Management has requested that you
implement anti-virus software that is capable of detecting all types of
malicious code, including unknown malware. Which type of anti-virus
software should you implement? A heuristic detection B behavior
blocking C immunization D signature-based detection - ANSWER//A
During a recent security assessment, you discover that a computer on
your network has been compromised. An application has been
inadvertently installed on the computer. This application allows a
criminal to use the compromised computer to carry out an attack.
What is the term for this compromised computer? A victim B botnet C
bot D zombie - ANSWER//D Recently, your company's file server was
the victim of a hacker attack. After researching the attack, you
discover that multiple computers were used to implement the attack,
which eventually caused the file server to overload. Which attack
occurred? A ping of death attack B land attack C distributed denial-of-
service (DDoS) attack D denial-of-service (DoS) attack - ANSWER//C
Which pair of processes should be separated from each other to
manage the stability of the test environment? A testing and validity B
testing and development C validity and production D validity and
security - ANSWER//B A custom application is used to manage your
company's human resources files. A manager reports that certain
users are able to perform actions that should not be permitted. When
you research this issue, you discover that the users have been granted
an inappropriate permission. Which type of security threat has
occurred? A privilege escalation B virus C logic bomb D worm -
ANSWER//A After a software development project is completed,
management decides to reassign its physical resources, after first
ensuring that there is no residual data left on the medium. Which
term is used to describe this practice? A dynamic data exchange B
polymorphism C metadata D object reuse - ANSWER//D Your
2|Pag e
,organization has recently implemented an artificial neural network
(ANN). The ANN enabled the network to make decisions based on the
experience provided to them. Which characteristic of the ANN is
described? A adaptability B fault tolerance C neural integrity D
retention capability - ANSWER//A What is used in evolutionary
computing? A characteristics of living organisms B knowledge from an
expert C mathematical or computational models D genetic algorithms
- ANSWER//D Which statement correctly defines the object-oriented
database model? A The relationship between data elements is in the
form of a logical tree. B It is a hybrid between relational and object-
based databases. C It logically interconnects remotely located
databases. D It can store data that includes multimedia clips, images,
video, and graphics. - ANSWER//D You need to view events on host
name registrations. Which log in Event Viewer should you view? A
Security B System C DNS D Application - ANSWER//C A developer has
requested a particular change in the configuration of a file server.
Which step should occur next in the change process if a change
control policy is in place? A Document the change. B Approve the
change. C Implement the change. D Test the change. - ANSWER//A An
organization's Web site includes several Java applets. The Java applets
include a security feature that limits the applet's access to certain
areas of the Web user's system. How does it do this? A by using macro
languages B by using digital and trusted certificates C by using
sandboxes D by using object codes - ANSWER//C Which statement
correctly defines the capability maturity model in the context of
software development? A It is a model based on conducting reviews
and documenting the reviews in each phase of the software
development cycle. B It is a model based on analyzing the risk and
building prototypes and simulations during the various phases of the
software development cycle. C It is a model that describes the
principles, procedures, and practices that should be followed in the
software development cycle. D It is a formal model based on the
capacity of an organization to cater to projects. - ANSWER//C What is
the process of ensuring the corporate security policies are carried out
consistently? A auditing B social engineering C footprinting D scanning
- ANSWER//A Your organization uses a relational database to store
3|Pag e
, customer contact information. You need to modify the schema of the
relational database. Which component identifies this information? A
data definition language (DDL) B query language (QL) C data control
language (DCL) D data manipulation language (DML) - ANSWER//A You
work for a company that creates customized software solutions for
customers. Recently, a customer has requested that your company
provide a software escrow. What is the purpose of this request? A to
provide a software vendor's source code in the event the vendor goes
out of business B to ensure that appropriate software licenses exist C
to provide an account to purchase software licenses D to provide a
backup copy of all software used by your company - ANSWER//A Your
organization has a fault-tolerant, clustered database that maintains
sales records. Which transactional technique is used in this
environment? A ODBC B OLE DB C OLTP D data warehousing -
ANSWER//C Which function is provided by remote procedure call
(RPC)? A allows the execution of individual routines on remote
computers across a network. B identifies components within a
distributed computing environment (DCE). C provides code that can
be transmitted across a network and executed remotely. D provides
an integrated file system that all users in the distributed environment
can share. - ANSWER//A During a software development project, you
need to ensure that the period progress of the project is monitored
appropriately. Which technique(s) can be used? a. Gantt charts b. Unit
testing c. Delphi technique d. Program Evaluation Review Technique
charts e. Prototype Evaluation Review Technique charts A option d B
option e C options a and b only D options c and d only E options c and
e only F options a and d only G option a H option b I option c -
ANSWER//F Which statement is true of data diddling? A Data diddling
is associated with the outsiders in an organization. B Data diddling is
used to extract sensitive information regarding employees. C Data
diddling refers to manipulation of the input data in an application. D A
salami attack is not an example of data diddling. - ANSWER//C Which
type of virus is specifically designed to take advantage of the
extension search order of an operating system? A resident B
nonresident C boot sector replication D companion - ANSWER//D
During the application development life cycle, your team performs
4|Pag e
