WGU C706 Pre- Assessment Version 2 (Latest 2023/ 2024 Update) Secure Software Design| Questions and Verified Answers| 100% Correct| Grade A

WGU C706 Pre- Assessment Version 2

(Latest 2023/ 2024 Update) Secure Software

Design| Questions and Verified Answers|

100% Correct| Grade A

Q: Bringing the security team into the development process early is the most ___________ way

to enable risk identification, planning, and mitigation

Answer:

cost-effective

Q: The purpose of a __________ is to define what needs to be protected and how it will be

protected, including reviewing and incorporating policies from outside the SDL that may impact

the development proce

Answer:

software security policy

Q: Which artifact lists software requirements and business risks mapped to the three pillars of

information security?

Answer:

Formal business requirement

Q: Which assessment requires an extensive review that will be conducted by your software

security architect, a third party, or a combination of both?

Answer:

Security assessment

Q: What is the increasing trend in the software industry to draw on the strengths of various

types of software to deliver the highest value at the lowest cost?

Answer:

Mixed source

Q: During this phase, any policy that exists outside the domain of the SDL policy is reviewed

and might include policies from outside the development organization that set security and

privacy requirements and guidelines to be adhered to when developing software or applications.

Answer:

Policy compliance analysis

Q: Broad input and reviews should have been_________to ensure that the threat models are as

comprehensive as possible.

Answer:

Solicited

Q: Which risk describes the feature, product, or service that stores or transfers personally

identifiable information (PII), changes settings or file type associations, or installs software?

Answer:

High Privacy Risk

Q: A __________ means that if a system ceases to function, it moves to a state where the

security of the system and its data are not compromised.

Answer:

fail safe policy

Q: During phase __________, any policy that exists outside the domain of the SDL policy is

reviewed. This may include policies from outside the development organization.

Answer:

A4

Q: What is considered an advantage of dynamic code analysis?

Answer:

Automated tools provide flexibility on what to scan for

Q: The __________ goal of the security code review process is to improve the overall security

of the product and to provide output that can be used by the development team to make changes

and mitigations that will achieve improved software product security.

Answer:

final

Q: The basic design of a product may contain flaws, and it should be noted that all coding

errors are not actual __________

Answer:

vulnerabilities

Q: __________ is a white-box security analysis of a software system to simulate the actions of

a hacker, with the objective of uncovering potential vulnerabilities resulting from coding errors,

system configuration faults, or other operational deployment weaknesses.

Answer:

Penetration testing