WGU C706 SECURE SOFTWARE DESIGN
COMPREHENSIVE TEST PAPER QUESTIONS
AND ANSWERS VERIFIED GRADED A+
●● Which due diligence activity for supply chain security investigates
the means by which data sets are shared and assessed?
A on-site assessment
B process policy review
C third-party assessment
D document exchange and review
Answer: D
●● Consider these characteristics:
-Identification of the entity making the access request
-Verification that the request has not changed since its initiation
-Application of the appropriate authorization procedures
-Reexamination of previously authorized requests by the same entity
Which security design analysis is being described?
,A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism
Answer: B
●● Which software security principle guards against the improper
modification or destruction of information and ensures the
nonrepudiation and authenticity of information?
A Quality
B Integrity
C Availability
D Confidentiality
Answer: B
●● What type of functional security requirement involves receiving,
processing, storing, transmitting, and delivering in report form?
A Logging
B Error handling
C Primary dataflow
D Access control flow
,Answer: C
●● Which nonfunctional security requirement provides a way to capture
information correctly and a way to store that information to help support
later audits?
A Logging
B Error handling
C Primary dataflow
D Access control flow
Answer: A
●● Which security concept refers to the quality of information that could
cause harm or damage if disclosed?
A Isolation
B Discretion
C Seclusion
D Sensitivity
Answer: D
●● Which technology would be an example of an injection flaw,
according to the OWASP Top 10?
, A SQL
B API
C XML
D XSS
Answer: A
●● A company is creating a new software to track customer balance and
wants to design a secure application.
Which best practice should be applied?
A Develop a secure authentication method that has a closed design
B Allow mediation bypass or suspension for software testing and
emergency planning
C Ensure there is physical acceptability to ensure software is intuitive
for the users to do their jobs
D Create multiple layers of protection so that a subsequent layer
provides protection if a layer is breached
Answer: D
●● A company is developing a secure software that has to be evaluated
and tested by a large number of experts.
COMPREHENSIVE TEST PAPER QUESTIONS
AND ANSWERS VERIFIED GRADED A+
●● Which due diligence activity for supply chain security investigates
the means by which data sets are shared and assessed?
A on-site assessment
B process policy review
C third-party assessment
D document exchange and review
Answer: D
●● Consider these characteristics:
-Identification of the entity making the access request
-Verification that the request has not changed since its initiation
-Application of the appropriate authorization procedures
-Reexamination of previously authorized requests by the same entity
Which security design analysis is being described?
,A Open design
B Complete mediation
C Economy of mechanism
D Least common mechanism
Answer: B
●● Which software security principle guards against the improper
modification or destruction of information and ensures the
nonrepudiation and authenticity of information?
A Quality
B Integrity
C Availability
D Confidentiality
Answer: B
●● What type of functional security requirement involves receiving,
processing, storing, transmitting, and delivering in report form?
A Logging
B Error handling
C Primary dataflow
D Access control flow
,Answer: C
●● Which nonfunctional security requirement provides a way to capture
information correctly and a way to store that information to help support
later audits?
A Logging
B Error handling
C Primary dataflow
D Access control flow
Answer: A
●● Which security concept refers to the quality of information that could
cause harm or damage if disclosed?
A Isolation
B Discretion
C Seclusion
D Sensitivity
Answer: D
●● Which technology would be an example of an injection flaw,
according to the OWASP Top 10?
, A SQL
B API
C XML
D XSS
Answer: A
●● A company is creating a new software to track customer balance and
wants to design a secure application.
Which best practice should be applied?
A Develop a secure authentication method that has a closed design
B Allow mediation bypass or suspension for software testing and
emergency planning
C Ensure there is physical acceptability to ensure software is intuitive
for the users to do their jobs
D Create multiple layers of protection so that a subsequent layer
provides protection if a layer is breached
Answer: D
●● A company is developing a secure software that has to be evaluated
and tested by a large number of experts.
