WGU C706 Secure Software Design Exam Guide Questions & Verified Answers 2024 Updated

WGU C706 Secure Software Design Exam Guide Questions & Verified Answers 2024 Confidentiality - Information is not made available or disclosed to unauthorized individuals, entities, or processes. Ensures unauthorized persons are not able to read private and sensitive data. It is achieved through cryptography. 1. Integrity - Ensures unauthorized persons or channels are not able to modify the data. It is accomplished through the use of a message digest or digital signatures. 2. Availability - The computing systems used to store and process information, the security controls used to protect information, and the communication channels used to access information must be functioning correctly. Ensures system remains operational even in the event of a failure or an attack. It is achieved by providing redundancy or fault tolerance for a failure of a system and its components. 3. Ensure Confidentiality - Public Key Infrastructure (PKI) and Cryptography/Encryption 4. Ensure Availability - Offsite back-up and Redundancy 5. Ensure Integrity - Hashing, Message Digest (MD5), non repudiation and digital signatures 6. Software Architect - Moves analysis to implementation and analyzes the requirements and use cases as activities to perform as part of the development process; can also develop class diagrams. 7. Security Practitioner Roles - Release Manager, 8. Architect, Developer, Business Analyst/Project Manager quantifies total severity weights of relevant attacking paths for COTS-based systems. Its strengths lie in its ability to maintain sensitivity to an organization's business value priorities and IT environment, to prioritize and estimate security investment effectiveness and evaluate performance, and to communicate executive-friendly vulnerability details as threat profiles to help evaluate cost efficiency. 27. Trike - An open source conceptual framework, methodology, and tool set designed to auto-generate repeatable threat models. Its methodology enables the risk analyst to accurately and completely describe the security characteristics of the system, from high-level architecture to low-level implementation of details. It also requires building a defensive model of the subject system. 28. SDL Threat Modeling Tool - This free tool builds on Microsoft Visio and provides a tool for constructing graphic representations for the system without requiring expertise in security and also has the capability of graphically representing a software system and identifying vulnerabilities. 29. Vulnerability Mapping - Used to determine the most likely locations within the system in development where an attacker will strike. This is done on the design phase of the SDLC. 30. V3 - The highest level of vulnerability. This is a very likely target for an attacker, such as free text input in a form. These are the highest priory for a security plan for the system and these should all be mitigated and accounted for by established control systems in development. 31. V2 - A moderate level vulnerability. These are possible but not probable targets. These will include inter-process communications on the server or traffic within the trust boundary of the system. Eavesdropping is the most significant risk in this situation. These vulnerabilities should always be mitigated in the system, but in a trade off analysis, strict control may not be necessary as long as a procedure is in place to fail safely and protect any private or confidential data.