WGU Master's Course C706 - Secure Software Design
Exam Newest 2026 Questions and Correct Detailed
Answers Already Graded A+
Which role is a training champion of software security, an advocate for the overall
SDL process, and a proponent for promulgating and enforcing the overall
software product security program?
A Software security user (SSU)
B Software security architect (SSA)
C Software security evangelist (SSE)
D Software security stakeholder (SSS) - CORRECT ANSWER-C
Which role requires the technical capability to be trained as a software security
architect who then assists the centralized software security group with
architecture security analysis and threat modeling?
A Software champion
B Software evangelist
C Junior software developer
D Senior software programmer - CORRECT ANSWER-A
,An application development team is designing and building an application that
interfaces with a back-end database.
Which activity should be included when constructing a threat model for the
application?
A Designate one or more primary keys for each database table in the database
B Decompose the application to understand how it interacts with external entities
C Review the relationships among the attributes to be included in the database
tables
D Create a set of performance metrics to assess the functionality of the
developed application - CORRECT ANSWER-B
What is the third step for constructing a threat model for identifying a spoofing
threat?
A Decompose threats
B Identify threats
C Identify vulnerabilities
,D Survey the application - CORRECT ANSWER-A
What is a step for constructing a threat model for a project when using practical
risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
D Make a list of what you are trying to protect - CORRECT ANSWER-D
Which cyber threats are typically surgical by nature, have highly specific targeting,
and are technologically sophisticated?
A Tactical attacks
B Criminal attacks
C Strategic attacks
D User-specific attacks - CORRECT ANSWER-A
Which due diligence activity for supply chain security should occur in the initiation
phase of the software acquisition life cycle?
, A Developing a request for proposal (RFP) that includes supply chain security risk
management
B Lessening the risk of disseminating information during disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user guidance - CORRECT
ANSWER-A
Which due diligence activity for supply chain security investigates the means by
which data sets are shared and assessed?
A on-site assessment
B process policy review
C third-party assessment
D document exchange and review - CORRECT ANSWER-D
Consider these characteristics:
-Identification of the entity making the access request
-Verification that the request has not changed since its initiation
Exam Newest 2026 Questions and Correct Detailed
Answers Already Graded A+
Which role is a training champion of software security, an advocate for the overall
SDL process, and a proponent for promulgating and enforcing the overall
software product security program?
A Software security user (SSU)
B Software security architect (SSA)
C Software security evangelist (SSE)
D Software security stakeholder (SSS) - CORRECT ANSWER-C
Which role requires the technical capability to be trained as a software security
architect who then assists the centralized software security group with
architecture security analysis and threat modeling?
A Software champion
B Software evangelist
C Junior software developer
D Senior software programmer - CORRECT ANSWER-A
,An application development team is designing and building an application that
interfaces with a back-end database.
Which activity should be included when constructing a threat model for the
application?
A Designate one or more primary keys for each database table in the database
B Decompose the application to understand how it interacts with external entities
C Review the relationships among the attributes to be included in the database
tables
D Create a set of performance metrics to assess the functionality of the
developed application - CORRECT ANSWER-B
What is the third step for constructing a threat model for identifying a spoofing
threat?
A Decompose threats
B Identify threats
C Identify vulnerabilities
,D Survey the application - CORRECT ANSWER-A
What is a step for constructing a threat model for a project when using practical
risk analysis?
A Align your business goals
B Apply engineering methods
C Estimate probability of project time
D Make a list of what you are trying to protect - CORRECT ANSWER-D
Which cyber threats are typically surgical by nature, have highly specific targeting,
and are technologically sophisticated?
A Tactical attacks
B Criminal attacks
C Strategic attacks
D User-specific attacks - CORRECT ANSWER-A
Which due diligence activity for supply chain security should occur in the initiation
phase of the software acquisition life cycle?
, A Developing a request for proposal (RFP) that includes supply chain security risk
management
B Lessening the risk of disseminating information during disposal
C Facilitating knowledge transfer between suppliers
D Mitigating supply chain security risk by providing user guidance - CORRECT
ANSWER-A
Which due diligence activity for supply chain security investigates the means by
which data sets are shared and assessed?
A on-site assessment
B process policy review
C third-party assessment
D document exchange and review - CORRECT ANSWER-D
Consider these characteristics:
-Identification of the entity making the access request
-Verification that the request has not changed since its initiation
