WGU C706 SECURE SOFTWARE DESIGN
FINAL PAPER COMPLETE QUESTIONS AND
ACCURATE SOLUTIONS STUDY GUIDE
●● Three core elements of security
Answer: Confidentiality, integrity, and availability (the C.I.A. model
●● Tools that look for a fixed set of patterns or rules in the code in a
manner similar to virus-checking programs
Answer: Static analysis tools
●● Ensures that the user has the appropriate role and privilege to view
data
Answer: Authorization
●● Ensures that the user is who he or she claims to be and that the data
come from the appropriate place
Answer: Authentication
●● Question 4 :
,What is responsible for preserving authorized restrictions on information
access and disclosure, including means for protecting personal privacy
and proprietary information?
Answer: Question 4
Confidentiality
●● Q5:
What is responsible for guarding against improper information
modification or destruction, and includes ensuring information non-
repudiation and authenticity?
Answer: Q5:
Integrity
●● Q6:
Which concept in the software life cycle understands the potential
security threats to the system, determines risk, and establishes
appropriate mitigations?
Answer: Q6:
Threat modeling
,●● Q7:
The idea behind is simply to understand the potential security threats to
the system, determine risk, and establish appropriate mitigations. When
it is performed correctly, it occurs early in the project life cycle and can
be used to find security design issues before code is committed.
Answer: Q7:
threat modeling
●● _Q8:
____________is about building secure software: designing software to
be secure; making sure that software is secure; and educating software
developers, architects, and users about how to build security in.
Answer: Q8:
software security
●● Q9:
__________, as the name suggests, is really aimed at developing secure
software, not necessarily quality software
, Answer: Q9:
SDL methodology
●● The most well-known SDL model is the __________, a process that
Microsoft has adopted for the development of software that needs to
withstand malicious attack. This is considered the most mature of the top
three models.
Answer: Trustworthy Computing Security Development Lifecycle
●● _________This is a study of real-world software security initiatives
organized so that you can determine where you stand with your software
security initiative and how to evolve your efforts over time. It is a set of
best practices that Cigital developed by analyzing real-world data from
nine leading software security initiatives and creating a framework based
on common areas of success. There are 12 practices organized into four
domains. These practices are used to organize the 109 BSIMM activities
(BSIMM 4 has a total of 111 activities).
Answer: BSIMM ( short for Building Security In Maturity Model.)
●● _______________provides guidance to help organizations embed
security within their processes, including application lifecycle processes,
that help to secure applications running in the environment. It is a risk-
based framework to continuously improve security through process
integration and improvements in managing applications. It takes a
process approach by design.
FINAL PAPER COMPLETE QUESTIONS AND
ACCURATE SOLUTIONS STUDY GUIDE
●● Three core elements of security
Answer: Confidentiality, integrity, and availability (the C.I.A. model
●● Tools that look for a fixed set of patterns or rules in the code in a
manner similar to virus-checking programs
Answer: Static analysis tools
●● Ensures that the user has the appropriate role and privilege to view
data
Answer: Authorization
●● Ensures that the user is who he or she claims to be and that the data
come from the appropriate place
Answer: Authentication
●● Question 4 :
,What is responsible for preserving authorized restrictions on information
access and disclosure, including means for protecting personal privacy
and proprietary information?
Answer: Question 4
Confidentiality
●● Q5:
What is responsible for guarding against improper information
modification or destruction, and includes ensuring information non-
repudiation and authenticity?
Answer: Q5:
Integrity
●● Q6:
Which concept in the software life cycle understands the potential
security threats to the system, determines risk, and establishes
appropriate mitigations?
Answer: Q6:
Threat modeling
,●● Q7:
The idea behind is simply to understand the potential security threats to
the system, determine risk, and establish appropriate mitigations. When
it is performed correctly, it occurs early in the project life cycle and can
be used to find security design issues before code is committed.
Answer: Q7:
threat modeling
●● _Q8:
____________is about building secure software: designing software to
be secure; making sure that software is secure; and educating software
developers, architects, and users about how to build security in.
Answer: Q8:
software security
●● Q9:
__________, as the name suggests, is really aimed at developing secure
software, not necessarily quality software
, Answer: Q9:
SDL methodology
●● The most well-known SDL model is the __________, a process that
Microsoft has adopted for the development of software that needs to
withstand malicious attack. This is considered the most mature of the top
three models.
Answer: Trustworthy Computing Security Development Lifecycle
●● _________This is a study of real-world software security initiatives
organized so that you can determine where you stand with your software
security initiative and how to evolve your efforts over time. It is a set of
best practices that Cigital developed by analyzing real-world data from
nine leading software security initiatives and creating a framework based
on common areas of success. There are 12 practices organized into four
domains. These practices are used to organize the 109 BSIMM activities
(BSIMM 4 has a total of 111 activities).
Answer: BSIMM ( short for Building Security In Maturity Model.)
●● _______________provides guidance to help organizations embed
security within their processes, including application lifecycle processes,
that help to secure applications running in the environment. It is a risk-
based framework to continuously improve security through process
integration and improvements in managing applications. It takes a
process approach by design.
