WGU MASTER'S COURSE C706 - SECURE SOFTWARE
DESIGN EXAM LATEST 2024 ACTUAL EXAM 300
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED
A+
Software Assurance - ANSWER: Must provide a reasonable level of justifiable
confidence that the software will function correctly and predictably in a manner
consistent with its documented requirements.
Software security assurance - ANSWER: The basis for gaining justifiable confidence
that software will consistently exhibit all properties required to ensure that the
software, in operation, will continue to operate dependably despite the presence of
sponsored (intentional) faults.
Secure Software Definition - ANSWER: It cannot be intentionally subverted or forced
to fail. It is software that remains correct and predictable in spite of intentional
efforts to compromise dependability.
Application Security - ANSWER: It combines system engineering techniques, such as
defense in depth measures and secure configurations, with operational security
practices such as patch and vulnerability management.
The 3 risks of re-engineered software - ANSWER: -Modifications maybe required to
integrate the new functions with the unmodified portions.
-New vulns may be introduced by the increasing complexity of the system.
-Any unexpected behavior in the overall system may manifest itself as a new vuln
SDLC - ANSWER: Systems Development Life Cycle
SDLC requirements phase - ANSWER: Setting of compliance goals, application of
standards, and threat modeling.
SDLC Architecture and Design phase - ANSWER: Security patterns, security test
planning, security reviews.
SDLC Development phase - ANSWER: -Code review
-Use of security patterns
-Flaw and bug mitigation
-Unit security testing.
SDLC Testing phase - ANSWER: Use of attack patterns, automated black & white box
activities, 3rd party security assessments, and updating threat models.
, SDLC Deployment phase - ANSWER: Patch & incident management, updating of
threat models and security measurements.
OSI Physical layer - ANSWER: Transmits bits from one device to another and
determines the type of connection, such as copper wire, fiber optic, or air.
OSI Data link layer - ANSWER: Converts raw signal transmissions into frames. It adds
identifying characteristics to each machines such as MAC addresses to each device
on the network.
OSI Network layer - ANSWER: Provides routing between machines and
communication is largely governed by IP suite. The frames of the data link layer are
converted into datagrams, or packets, containing addressing information in the form
of IP addresses.
OSI Transport layer - ANSWER: Provides end to end transfer, errors detection, and
retransmission of data if necessary. TCP/UDP are included here.
OSI Session layer - ANSWER: Organizes connections between a network node and a
remote entity or service. It is also responsible for synchronizing communications and
providing necessary checkpoints.
OSI Presentation layer - ANSWER: Concerns with the representation of data and any
possible structure of the data for use in the application layer. It is the most common
place for encryption to occur.
OSI Application layer - ANSWER: Focuses on what data to transfer and what data to
expect in return. At this layer, the software is directly involved in directing network
communications.
Functional requirement - ANSWER: Something that the system must do; an outcome
that the system must produce as part of its useful operation
Nonfunctional requirement - ANSWER: A quality or constraint for the system
signifying something that must be upheld as it operates.
Secure requirement - ANSWER: A standard requirement having built-in security to
determine the necessary constraints to protect the system as a whole
Security requirement - ANSWER: A separate entity that supports an overall objective.
It is an associated protection that must be placed on some part of the system as a
contingency to normal operation.
Project scope - ANSWER: Work that is to be completed.
Entity relationship model - ANSWER: A relational diagram used to establish tables,
table attributes, and relationships within a system
DESIGN EXAM LATEST 2024 ACTUAL EXAM 300
QUESTIONS AND CORRECT DETAILED ANSWERS WITH
RATIONALES (VERIFIED ANSWERS) |ALREADY GRADED
A+
Software Assurance - ANSWER: Must provide a reasonable level of justifiable
confidence that the software will function correctly and predictably in a manner
consistent with its documented requirements.
Software security assurance - ANSWER: The basis for gaining justifiable confidence
that software will consistently exhibit all properties required to ensure that the
software, in operation, will continue to operate dependably despite the presence of
sponsored (intentional) faults.
Secure Software Definition - ANSWER: It cannot be intentionally subverted or forced
to fail. It is software that remains correct and predictable in spite of intentional
efforts to compromise dependability.
Application Security - ANSWER: It combines system engineering techniques, such as
defense in depth measures and secure configurations, with operational security
practices such as patch and vulnerability management.
The 3 risks of re-engineered software - ANSWER: -Modifications maybe required to
integrate the new functions with the unmodified portions.
-New vulns may be introduced by the increasing complexity of the system.
-Any unexpected behavior in the overall system may manifest itself as a new vuln
SDLC - ANSWER: Systems Development Life Cycle
SDLC requirements phase - ANSWER: Setting of compliance goals, application of
standards, and threat modeling.
SDLC Architecture and Design phase - ANSWER: Security patterns, security test
planning, security reviews.
SDLC Development phase - ANSWER: -Code review
-Use of security patterns
-Flaw and bug mitigation
-Unit security testing.
SDLC Testing phase - ANSWER: Use of attack patterns, automated black & white box
activities, 3rd party security assessments, and updating threat models.
, SDLC Deployment phase - ANSWER: Patch & incident management, updating of
threat models and security measurements.
OSI Physical layer - ANSWER: Transmits bits from one device to another and
determines the type of connection, such as copper wire, fiber optic, or air.
OSI Data link layer - ANSWER: Converts raw signal transmissions into frames. It adds
identifying characteristics to each machines such as MAC addresses to each device
on the network.
OSI Network layer - ANSWER: Provides routing between machines and
communication is largely governed by IP suite. The frames of the data link layer are
converted into datagrams, or packets, containing addressing information in the form
of IP addresses.
OSI Transport layer - ANSWER: Provides end to end transfer, errors detection, and
retransmission of data if necessary. TCP/UDP are included here.
OSI Session layer - ANSWER: Organizes connections between a network node and a
remote entity or service. It is also responsible for synchronizing communications and
providing necessary checkpoints.
OSI Presentation layer - ANSWER: Concerns with the representation of data and any
possible structure of the data for use in the application layer. It is the most common
place for encryption to occur.
OSI Application layer - ANSWER: Focuses on what data to transfer and what data to
expect in return. At this layer, the software is directly involved in directing network
communications.
Functional requirement - ANSWER: Something that the system must do; an outcome
that the system must produce as part of its useful operation
Nonfunctional requirement - ANSWER: A quality or constraint for the system
signifying something that must be upheld as it operates.
Secure requirement - ANSWER: A standard requirement having built-in security to
determine the necessary constraints to protect the system as a whole
Security requirement - ANSWER: A separate entity that supports an overall objective.
It is an associated protection that must be placed on some part of the system as a
contingency to normal operation.
Project scope - ANSWER: Work that is to be completed.
Entity relationship model - ANSWER: A relational diagram used to establish tables,
table attributes, and relationships within a system
