WGU D487 – Secure Software Design
Q1. What is Secure Software Design?
ANSWER Secure Software Design is the practice of integrating security
principles and best practices into every phase of the software development
lifecycle (SDLC) to minimize vulnerabilities and protect systems from
attack.
Q2. What are the core principles of secure software design?
ANSWER The core principles include Confidentiality, Integrity, Availability
(CIA triad), Least Privilege, Defense in Depth, Fail Securely, Separation of
Duties, and Don't Trust User Input.
Q3. What is the CIA Triad?
ANSWER CIA Triad stands for Confidentiality (preventing unauthorized
disclosure), Integrity (preventing unauthorized modification), and
Availability (ensuring systems are accessible when needed).
Q4. What does 'Least Privilege' mean in software design?
ANSWER Least Privilege means every component, user, or process
should have only the minimum access rights needed to perform its function,
reducing the attack surface if that component is compromised.
Q5. What is 'Defense in Depth'?
ANSWER Defense in Depth is a layered security strategy where multiple
independent security controls are employed so that if one layer fails, others
continue to protect the system.
Q6. What does 'Fail Securely' mean?
ANSWER Fail Securely means that when a system encounters an error or
failure, it should default to a secure state (e.g., deny access rather than
allow it) rather than expose sensitive data or grant unauthorized access.
Q7. What is 'Separation of Duties' in secure design?
Page 1
, WGU D487 – Secure Software Design
ANSWER Separation of Duties ensures no single user, process, or
component can complete a critical task alone, requiring collaboration to
reduce fraud and error risks.
Q8. What is an attack surface?
ANSWER An attack surface is the sum of all possible points (vectors)
where an attacker could attempt to enter, extract data, or disrupt a system.
Q9. How can developers reduce the attack surface?
ANSWER Developers can reduce the attack surface by minimizing
exposed interfaces, disabling unused features, applying least privilege,
removing unnecessary code, and validating all inputs.
Q10. What is Security by Design?
ANSWER Security by Design is an approach where security is proactively
built into a system from the ground up, rather than retrofitted after
development.
Q11. What is the difference between a vulnerability and a threat?
ANSWER A vulnerability is a weakness in a system; a threat is a potential
event that could exploit that vulnerability. A risk is the combination of threat
likelihood and impact.
Q12. What is non-repudiation in security?
ANSWER Non-repudiation ensures that a party cannot deny the
authenticity of their signature or message; it provides proof of origin and
delivery of data.
Q13. What is the principle of 'Open Design'?
ANSWER Open Design means security should not rely on the secrecy of
the design or implementation; the security must hold even if the design is
known publicly.
Q14. What is 'Economy of Mechanism'?
ANSWER Economy of Mechanism advises keeping the design and
implementation as simple as possible, since complexity increases the
chance of security flaws.
Q15. What is 'Complete Mediation' in secure design?
Page 2
, WGU D487 – Secure Software Design
ANSWER Complete Mediation means every access to a resource must be
checked for authorization; caching authorization results should be avoided
or handled carefully.
Q16. What is 'Psychological Acceptability'?
ANSWER Psychological Acceptability means security mechanisms should
be user-friendly so users do not circumvent them; if security is too
burdensome, users will find workarounds.
Q17. What is a security control?
ANSWER A security control is any safeguard or countermeasure—
technical, administrative, or physical—used to reduce risk, protect assets,
or detect/respond to security events.
Q18. What are the three types of security controls?
ANSWER The three types are: Preventive (stop attacks before they
occur), Detective (identify attacks in progress or after), and Corrective
(respond and recover after an incident).
Q19. What is a security policy?
ANSWER A security policy is a formal document stating an organization's
rules, expectations, and procedures for protecting information systems and
assets.
Q20. What is the principle of 'Least Common Mechanism'?
ANSWER Least Common Mechanism states that mechanisms shared
among different users should be minimized because shared mechanisms
can become channels for information leakage.
Threat Modeling
Q21. What is threat modeling?
ANSWER Threat modeling is a structured process for identifying,
quantifying, and addressing security risks in a system. It helps developers
proactively find and mitigate threats during the design phase.
Q22. What are the steps in threat modeling?
ANSWER Steps include: (1) Decompose the system (DFDs, trust
boundaries), (2) Identify threats, (3) Rate threats, (4) Develop
countermeasures, (5) Validate.
Page 3
, WGU D487 – Secure Software Design
Q23. What is STRIDE?
ANSWER STRIDE is a threat classification model standing for Spoofing,
Tampering, Repudiation, Information Disclosure, Denial of Service, and
Elevation of Privilege.
Q24. What does 'Spoofing' mean in STRIDE?
ANSWER Spoofing refers to falsely claiming to be another user, process,
or system to gain unauthorized access (e.g., using stolen credentials).
Q25. What does 'Tampering' mean in STRIDE?
ANSWER Tampering involves maliciously modifying data or code without
authorization, violating integrity.
Q26. What does 'Repudiation' mean in STRIDE?
ANSWER Repudiation involves a user denying having performed an
action; repudiation threats target non-repudiation controls like logs and
audit trails.
Q27. What does 'Information Disclosure' mean in STRIDE?
ANSWER Information Disclosure is the exposure of data to unauthorized
individuals, violating confidentiality (e.g., data leaks, verbose error
messages).
Q28. What does 'Denial of Service' mean in STRIDE?
ANSWER Denial of Service (DoS) attacks make a system unavailable to
legitimate users by overwhelming resources or exploiting bugs.
Q29. What does 'Elevation of Privilege' mean in STRIDE?
ANSWER Elevation of Privilege occurs when a user gains higher access
rights than authorized, allowing them to perform actions beyond their
permission level.
Q30. What is DREAD?
ANSWER DREAD is a risk-rating model: Damage potential,
Reproducibility, Exploitability, Affected users, and Discoverability. Threats
are rated 1–10 on each dimension.
Q31. What is a Data Flow Diagram (DFD)?
ANSWER A DFD is a graphical representation of how data flows through a
system, showing processes, data stores, external entities, and data flows,
used in threat modeling to identify trust boundaries.
Page 4
Q1. What is Secure Software Design?
ANSWER Secure Software Design is the practice of integrating security
principles and best practices into every phase of the software development
lifecycle (SDLC) to minimize vulnerabilities and protect systems from
attack.
Q2. What are the core principles of secure software design?
ANSWER The core principles include Confidentiality, Integrity, Availability
(CIA triad), Least Privilege, Defense in Depth, Fail Securely, Separation of
Duties, and Don't Trust User Input.
Q3. What is the CIA Triad?
ANSWER CIA Triad stands for Confidentiality (preventing unauthorized
disclosure), Integrity (preventing unauthorized modification), and
Availability (ensuring systems are accessible when needed).
Q4. What does 'Least Privilege' mean in software design?
ANSWER Least Privilege means every component, user, or process
should have only the minimum access rights needed to perform its function,
reducing the attack surface if that component is compromised.
Q5. What is 'Defense in Depth'?
ANSWER Defense in Depth is a layered security strategy where multiple
independent security controls are employed so that if one layer fails, others
continue to protect the system.
Q6. What does 'Fail Securely' mean?
ANSWER Fail Securely means that when a system encounters an error or
failure, it should default to a secure state (e.g., deny access rather than
allow it) rather than expose sensitive data or grant unauthorized access.
Q7. What is 'Separation of Duties' in secure design?
Page 1
, WGU D487 – Secure Software Design
ANSWER Separation of Duties ensures no single user, process, or
component can complete a critical task alone, requiring collaboration to
reduce fraud and error risks.
Q8. What is an attack surface?
ANSWER An attack surface is the sum of all possible points (vectors)
where an attacker could attempt to enter, extract data, or disrupt a system.
Q9. How can developers reduce the attack surface?
ANSWER Developers can reduce the attack surface by minimizing
exposed interfaces, disabling unused features, applying least privilege,
removing unnecessary code, and validating all inputs.
Q10. What is Security by Design?
ANSWER Security by Design is an approach where security is proactively
built into a system from the ground up, rather than retrofitted after
development.
Q11. What is the difference between a vulnerability and a threat?
ANSWER A vulnerability is a weakness in a system; a threat is a potential
event that could exploit that vulnerability. A risk is the combination of threat
likelihood and impact.
Q12. What is non-repudiation in security?
ANSWER Non-repudiation ensures that a party cannot deny the
authenticity of their signature or message; it provides proof of origin and
delivery of data.
Q13. What is the principle of 'Open Design'?
ANSWER Open Design means security should not rely on the secrecy of
the design or implementation; the security must hold even if the design is
known publicly.
Q14. What is 'Economy of Mechanism'?
ANSWER Economy of Mechanism advises keeping the design and
implementation as simple as possible, since complexity increases the
chance of security flaws.
Q15. What is 'Complete Mediation' in secure design?
Page 2
, WGU D487 – Secure Software Design
ANSWER Complete Mediation means every access to a resource must be
checked for authorization; caching authorization results should be avoided
or handled carefully.
Q16. What is 'Psychological Acceptability'?
ANSWER Psychological Acceptability means security mechanisms should
be user-friendly so users do not circumvent them; if security is too
burdensome, users will find workarounds.
Q17. What is a security control?
ANSWER A security control is any safeguard or countermeasure—
technical, administrative, or physical—used to reduce risk, protect assets,
or detect/respond to security events.
Q18. What are the three types of security controls?
ANSWER The three types are: Preventive (stop attacks before they
occur), Detective (identify attacks in progress or after), and Corrective
(respond and recover after an incident).
Q19. What is a security policy?
ANSWER A security policy is a formal document stating an organization's
rules, expectations, and procedures for protecting information systems and
assets.
Q20. What is the principle of 'Least Common Mechanism'?
ANSWER Least Common Mechanism states that mechanisms shared
among different users should be minimized because shared mechanisms
can become channels for information leakage.
Threat Modeling
Q21. What is threat modeling?
ANSWER Threat modeling is a structured process for identifying,
quantifying, and addressing security risks in a system. It helps developers
proactively find and mitigate threats during the design phase.
Q22. What are the steps in threat modeling?
ANSWER Steps include: (1) Decompose the system (DFDs, trust
boundaries), (2) Identify threats, (3) Rate threats, (4) Develop
countermeasures, (5) Validate.
Page 3
, WGU D487 – Secure Software Design
Q23. What is STRIDE?
ANSWER STRIDE is a threat classification model standing for Spoofing,
Tampering, Repudiation, Information Disclosure, Denial of Service, and
Elevation of Privilege.
Q24. What does 'Spoofing' mean in STRIDE?
ANSWER Spoofing refers to falsely claiming to be another user, process,
or system to gain unauthorized access (e.g., using stolen credentials).
Q25. What does 'Tampering' mean in STRIDE?
ANSWER Tampering involves maliciously modifying data or code without
authorization, violating integrity.
Q26. What does 'Repudiation' mean in STRIDE?
ANSWER Repudiation involves a user denying having performed an
action; repudiation threats target non-repudiation controls like logs and
audit trails.
Q27. What does 'Information Disclosure' mean in STRIDE?
ANSWER Information Disclosure is the exposure of data to unauthorized
individuals, violating confidentiality (e.g., data leaks, verbose error
messages).
Q28. What does 'Denial of Service' mean in STRIDE?
ANSWER Denial of Service (DoS) attacks make a system unavailable to
legitimate users by overwhelming resources or exploiting bugs.
Q29. What does 'Elevation of Privilege' mean in STRIDE?
ANSWER Elevation of Privilege occurs when a user gains higher access
rights than authorized, allowing them to perform actions beyond their
permission level.
Q30. What is DREAD?
ANSWER DREAD is a risk-rating model: Damage potential,
Reproducibility, Exploitability, Affected users, and Discoverability. Threats
are rated 1–10 on each dimension.
Q31. What is a Data Flow Diagram (DFD)?
ANSWER A DFD is a graphical representation of how data flows through a
system, showing processes, data stores, external entities, and data flows,
used in threat modeling to identify trust boundaries.
Page 4
