WGU D487 Secure Software Design || Acknowledged Answers
100%.
BSIMM correct answers Building Security In Maturity Model
Studies real-world software security initiatives for benchmarking
SAMM correct answers Software Assurance Maturity Model
BSIMM Four Domains correct answers 🏛️
Governance: Strategy, compliance, training programs
Intelligence: Attack models, security features, standards research
🔨 SSDL Touchpoints: Hands-on security activities (code review, testing)
🚀 Deployment: Configuration management, vulnerability management
STRIDE Threat Modeling correct answers Spoofing: Identity impersonation attacks
Tampering: Unauthorized data modification
Repudiation: Denial of performed actions
Information Disclosure: Unauthorized data access
Denial of Service: Service availability attacks
Elevation of Privilege: Unauthorized access escalation
Purpose - Threat Categorization
STRIDE-per-element correct answers Analyze each individual component/object
STRIDE-per-process: correct answers Focus only on processes
STRIDE-per-trust-boundary correct answers Analyze security boundary crossings
, STRIDE-per-interaction correct answers Focus on data flows between components
DREAD Stages correct answers Damage: Potential impact severity
Reproducibility: How easily attack can be repeated
Exploitability: Difficulty of executing the attack
Affected users: Scope and number of impacted users
Discoverability: How easy vulnerability is to find
DREAD Scoring System correct answers Each Stage gets 1-3 Points
13-15 points = High Risk
8-12 points = Medium Risk
5-7 points = Low Risk
PASTA correct answers Process for Attack Simulation and Threat Analysis
PASTA Seven Stages correct answers Define Objectives - Business and security requirements
Define Technical Scope - Application boundaries and components
Application Decomposition - Break down architecture and data flows
Threat Analysis - Identify potential threats and attack vectors
Vulnerability and Weakness Analysis - Design flaw analysis occurs here
Attack Modeling - Develop specific attack scenarios
Risk and Impact Analysis - Evaluate business impact and likelihood
Microsoft Threat Modeling correct answers Diagram - Create data flow diagrams
Identify - Find threats using STRIDE
Mitigate - Apply countermeasures
Validate - Verify threat mitigation effectiveness
100%.
BSIMM correct answers Building Security In Maturity Model
Studies real-world software security initiatives for benchmarking
SAMM correct answers Software Assurance Maturity Model
BSIMM Four Domains correct answers 🏛️
Governance: Strategy, compliance, training programs
Intelligence: Attack models, security features, standards research
🔨 SSDL Touchpoints: Hands-on security activities (code review, testing)
🚀 Deployment: Configuration management, vulnerability management
STRIDE Threat Modeling correct answers Spoofing: Identity impersonation attacks
Tampering: Unauthorized data modification
Repudiation: Denial of performed actions
Information Disclosure: Unauthorized data access
Denial of Service: Service availability attacks
Elevation of Privilege: Unauthorized access escalation
Purpose - Threat Categorization
STRIDE-per-element correct answers Analyze each individual component/object
STRIDE-per-process: correct answers Focus only on processes
STRIDE-per-trust-boundary correct answers Analyze security boundary crossings
, STRIDE-per-interaction correct answers Focus on data flows between components
DREAD Stages correct answers Damage: Potential impact severity
Reproducibility: How easily attack can be repeated
Exploitability: Difficulty of executing the attack
Affected users: Scope and number of impacted users
Discoverability: How easy vulnerability is to find
DREAD Scoring System correct answers Each Stage gets 1-3 Points
13-15 points = High Risk
8-12 points = Medium Risk
5-7 points = Low Risk
PASTA correct answers Process for Attack Simulation and Threat Analysis
PASTA Seven Stages correct answers Define Objectives - Business and security requirements
Define Technical Scope - Application boundaries and components
Application Decomposition - Break down architecture and data flows
Threat Analysis - Identify potential threats and attack vectors
Vulnerability and Weakness Analysis - Design flaw analysis occurs here
Attack Modeling - Develop specific attack scenarios
Risk and Impact Analysis - Evaluate business impact and likelihood
Microsoft Threat Modeling correct answers Diagram - Create data flow diagrams
Identify - Find threats using STRIDE
Mitigate - Apply countermeasures
Validate - Verify threat mitigation effectiveness
