C706 Practice Exam From Assessment/ C706 Practice Exam
C706 PRACTICE EXAM FROM ASSESSMENT/ C706 PRACTICE
EXAM WITH 150 COMPLETE QUESTIONS AND CORRECT
ANSWERS |ALREADY GRADED A+
Which phase contains sophisticated software development processes that ensure
that feedback from one phase reaches to the previous phase to improve future
results?
-Initial
-Managed
-Optimizing
-Repeatable - Correct Answer-Optimizing
The activities for compliance include ensuring collected information is only used
for intended purposes, information is timely and accurate, and the public is
aware of the information collected and how it is used.
Which well-accepted secure development standard is addressed by these
activities?
-PIA
-PA-DSS
-PCI-DSS
-PTS-DSS - Correct Answer-PIA
An organization is in the process of building an application for its banking
software.
1|Page
, C706 Practice Exam From Assessment/ C706 Practice Exam
Which security coding practice must the organization follow?
-Run a data analysis
-Conduct data validation
-Validate the data source
-Align business goals - Correct Answer-Conduct data validation
What is included in a typical job description of a software security champion
(SSC)?
-Identify software update source and sink
-Review code to identify skill-related bugs
-Develop and manage the after-SDLC stage
-Consider all possible paths of attack or exploits - Correct Answer-Consider all
possible paths of attack or exploits
Which role is a training champion of software security, an advocate for the overall
SDL process, and a proponent for promulgating and enforcing the overall software
product security program?
-Software security user (SSU)
-Software security architect (SSA)
-Software security evangelist (SSE)
-Software security stakeholder (SSS) - Correct Answer-Software security evangelist
(SSE)
2|Page
, C706 Practice Exam From Assessment/ C706 Practice Exam
Which role requires the technical capability to be trained as a software security
architect who then assists the centralized software security group with
architecture security analysis and threat modeling?
-Software champion
-Software evangelist
-Junior software developer
-Senior software programmer - Correct Answer-Software champion
An application development team is designing and building an application that
interfaces with a back-end database.
Which activity should be included when constructing a threat model for the
application?
-Designate one or more primary keys for each database table in the database
-Decompose the application to understand how it interacts with external entities
-Review the relationships among the attributes to be included in the database
tables
-Create a set of performance metrics to assess the functionality of the developed
application - Correct Answer-Decompose the application to understand how it
interacts with external entities
What is the third step for constructing a threat model for identifying a spoofing
threat?
-Decompose threats
-Identify threats
3|Page
, C706 Practice Exam From Assessment/ C706 Practice Exam
-Identify vulnerabilities
-Survey the application - Correct Answer-Decompose threats
What is a step for constructing a threat model for a project when using practical
risk analysis?
-Align your business goals
-Apply engineering methods
-Estimate probability of project time.
-Make a list of what you are trying to protect - Correct Answer-Make a list of what
you are trying to protect
Which cyber threats are typically surgical by nature, have highly specific targeting,
and are technologically sophisticated?
-Tactical attacks
-Criminal attacks
-Strategic attacks
-User-specific attacks - Correct Answer-Tactical attacks
Which type of cyberattacks are often intended to elevate awareness of a topic?
-Sociopolitical attacks
-User-specific attacks
-Tactical attacks
-Cyberwarfare - Correct Answer-Sociopolitical attacks
4|Page
C706 PRACTICE EXAM FROM ASSESSMENT/ C706 PRACTICE
EXAM WITH 150 COMPLETE QUESTIONS AND CORRECT
ANSWERS |ALREADY GRADED A+
Which phase contains sophisticated software development processes that ensure
that feedback from one phase reaches to the previous phase to improve future
results?
-Initial
-Managed
-Optimizing
-Repeatable - Correct Answer-Optimizing
The activities for compliance include ensuring collected information is only used
for intended purposes, information is timely and accurate, and the public is
aware of the information collected and how it is used.
Which well-accepted secure development standard is addressed by these
activities?
-PIA
-PA-DSS
-PCI-DSS
-PTS-DSS - Correct Answer-PIA
An organization is in the process of building an application for its banking
software.
1|Page
, C706 Practice Exam From Assessment/ C706 Practice Exam
Which security coding practice must the organization follow?
-Run a data analysis
-Conduct data validation
-Validate the data source
-Align business goals - Correct Answer-Conduct data validation
What is included in a typical job description of a software security champion
(SSC)?
-Identify software update source and sink
-Review code to identify skill-related bugs
-Develop and manage the after-SDLC stage
-Consider all possible paths of attack or exploits - Correct Answer-Consider all
possible paths of attack or exploits
Which role is a training champion of software security, an advocate for the overall
SDL process, and a proponent for promulgating and enforcing the overall software
product security program?
-Software security user (SSU)
-Software security architect (SSA)
-Software security evangelist (SSE)
-Software security stakeholder (SSS) - Correct Answer-Software security evangelist
(SSE)
2|Page
, C706 Practice Exam From Assessment/ C706 Practice Exam
Which role requires the technical capability to be trained as a software security
architect who then assists the centralized software security group with
architecture security analysis and threat modeling?
-Software champion
-Software evangelist
-Junior software developer
-Senior software programmer - Correct Answer-Software champion
An application development team is designing and building an application that
interfaces with a back-end database.
Which activity should be included when constructing a threat model for the
application?
-Designate one or more primary keys for each database table in the database
-Decompose the application to understand how it interacts with external entities
-Review the relationships among the attributes to be included in the database
tables
-Create a set of performance metrics to assess the functionality of the developed
application - Correct Answer-Decompose the application to understand how it
interacts with external entities
What is the third step for constructing a threat model for identifying a spoofing
threat?
-Decompose threats
-Identify threats
3|Page
, C706 Practice Exam From Assessment/ C706 Practice Exam
-Identify vulnerabilities
-Survey the application - Correct Answer-Decompose threats
What is a step for constructing a threat model for a project when using practical
risk analysis?
-Align your business goals
-Apply engineering methods
-Estimate probability of project time.
-Make a list of what you are trying to protect - Correct Answer-Make a list of what
you are trying to protect
Which cyber threats are typically surgical by nature, have highly specific targeting,
and are technologically sophisticated?
-Tactical attacks
-Criminal attacks
-Strategic attacks
-User-specific attacks - Correct Answer-Tactical attacks
Which type of cyberattacks are often intended to elevate awareness of a topic?
-Sociopolitical attacks
-User-specific attacks
-Tactical attacks
-Cyberwarfare - Correct Answer-Sociopolitical attacks
4|Page
