Exam (elaborations)
SECURE SOFTWARE DESIGN – 1 MUST KNOWS.
SECURE SOFTWARE DESIGN – 1 MUST KNOWS.
[Show more]
Preview 3 out of 26 pages
Uploaded on
August 29, 2024
Number of pages
26
Written in
2024/2025
Type
Exam (elaborations)
Contains
Questions & answers
Institution
WGU D487
Course
WGU D487
$14.09
Also available in package deal from $45.90
100% satisfaction guarantee
Immediately available after payment
Both online and in PDF
No strings attached
Also available in package deal (1)
1. Exam (elaborations) - Secure software design practice questions with answers
2. Exam (elaborations) - Secure software design – 1 must knows.
3. Exam (elaborations) - Secure software design tests with all answers correct
4. Exam (elaborations) - D487 secure sw designing tests with all solutions.
5. Exam (elaborations) - D487 complete tests with all solutions.
6. Exam (elaborations) - D487 - secure software design test with complete solutions.
7. Exam (elaborations) - Wgu d487 exam with all answers
8. Exam (elaborations) - Wgu d487 exam with all answers.new!!!
Show more
SDLCvRoadvmapvPhasesv-vcorrectvanswer-
1.)v*Phasevzero*v(projectvinception)vorvPlanningv=vlegalvrequirementsvandvcompanyv
policies
2.)v*Systemvrequirements*v=videntifyvthreatsvandvvulnerabilities
3.)v*Systemvdesign*v=vsecurityvmeasures/controlsvneeded
4.)v*Development*v(implementation/
coding)v=vcodevscanningvvalidatevsecurityvfeatures/peervreview
5.)v*Test*v=vdynamicvanalysisvfullvsystemvtestingvtovmeasurevresultsvagainstvplan
6.)v*Deployment*v=voperationsvreadyvtovinstallvandvlaunchvapplication
7.)v*Maintenance*
SDLv=vSecurityvDevelopmentvLifecyclevPhasesv-vcorrectvanswer-
A1v=vSecurityvAssessment
A2v=vArchitecture
A3v=vDesignv&vDevelopment
A4v=vShip
A5v=vPost-ReleasevSupportv(PRSA)
Phasesvofv"ApplicationvDevelopment"v-vcorrectvanswer-
1.)v*Requirementsvgatheringvandvanalysis*v=vmapvoutvnon-
functionalvrequirementsv(mapvsecurityvandvprivacyvneeds)
2.)v*Systemsvdesignvandvdetailvdesigns*v=vthreatvmodelingvandvdesignvreviews
,3.)v*Softwarevcodingvandvreviews*
4.)v*Testingvsteps*
5.)v*Deploymentvstep*
NFR=Non-FunctionalvRequirements
ThevNFRsvarevthenvmappedvagainstvthesevcriticalvsecurityvandv*resiliencevgoals*:v-
vcorrectvanswer-1.)vConfidentialityvandvprivacy
2.)vIntegrity
3.)vAvailability
4.)vNonrepudiation
5.)vAuditing
TechnicalvThreatvModeling:v-vcorrectvanswer-
1.vFunctionalvdecompositionv=vDFDsvandvdefiningvtrustvboundaries
2.vCategorizingvthreatsv=vtypesvofvthreatsvandvtheirvimpact
3.vRankingvthreatsv
4.vMitigationvplanning
CMMv=vCapabilityvMaturityvModelingv-vcorrectvanswer-1.)vInitialv(chaosv-
vnovorganization)
2.)vRepeatablev(disciplinedvprocess)
3.)vDefinedv(standard,vconsistentvprocess)
4.)vManagedv(predictablevprocess)
5.)vOptimizingv(Continuouslyvimprovingvprocess)
PITACv-vcorrectvanswer-President'svInformationvTechnologyvAdvisoryvCommittee
TwCv-vcorrectvanswer-
TrustworthyvComputingv>>vThevteamvatvMicrosoftvthatvdevelopedvthevSDLC
SAMMv-vcorrectvanswer-SoftwarevAssurancevMaturityvModelv(OWASP)v-
vtailorsvsecurityvtovriskvforvspecificvorganization
ISO/IECv27034v-vcorrectvanswer-*EmbedsvsecurityvwithinvSDLC*
standardvprovidesvguidancevtovhelpvorganizationsvembedvsecurityvwithinvtheirvproce
sses,vincludingvapplicationvlifecyclevprocesses,vthatvhelpvtovsecurevapplicationsvrunn
ingvinvthevenvironment.
SAFECodev-vcorrectvanswer-
ThevSoftwarevAssurancevForumvforvExcellencevinvCodev(SAFECode)visvavnonprofitv
organizationvdedicatedvtovincreasingvtrustvinvinformationvandvcommunicationsvtechn
ologyvproductsvandvservicesvthroughvthevadvancementvofveffectivevsoftwarevassuran
cevmethods.
NCSD
, SwAv-vcorrectvanswer-
ThevDepartmentvofvHomelandvSecurityvNationalvCybervSecurityvDivision'sv(NCSD)vS
oftwarevAssurancev(SwA)vProgramvseeksvtovreducevsoftwarevvulnerabilities,vminimiz
evexploitation,vandvaddressvwaysvtovimprovevthevroutinevdevelopmentvandvdeploym
entvofvtrustworthyvsoftwarevproducts.
SwAv=vNCSD'svSoftwarevAssurancevProgram
CWEv-vcorrectvanswer-
AvkeyvinitiativevfundedvbyvthevDHSvNCSDvandvthevNationalvSecurityvAgencyv(NSA)vi
svthevCommonvWeaknessvEnumerationv(CWE).vCWEvisvavjointveffortvofvDHSvwithvN
SAvandvthevsoftwarevcommunity,vincludingvgovernment,vthevprivatevsector,vandvaca
demia,vwithvthevMITREvCorporationvprovidingvtechnicalvleadershipvandvprojectvcoor
dination.
NISTvSpecialvPublicationv(SP)v800-64,v-vcorrectvanswer-
SecurityvConsiderationsvinvthevSystemvDevelopmentvLifevCycle
NVDv-vcorrectvanswer-NationalvVulnerabilityvDatabase
NISTvSAMATEv-vcorrectvanswer-
ThevNISTvSAMATEv(SoftwarevAssurancevMetricsvandvToolvEvaluation)vprojectvisvde
dicatedvtovimprovingvsoftwarevassurancevbyvdevelopingvmethodsvtovenablevsoftware
vtoolvevaluations,v*measuringvtheveffectivenessvofvtools*vandvtechniques,vandvidentif
yingvgapsvinvtoolsvandvmethods.
SASTv-vcorrectvanswer-
Staticvanalysis,valsovknownvasvstaticvapplicationvsecurityvtestingv(SAST)
DASTv-vcorrectvanswer-
Dynamicvanalysis,valsovknownvasvdynamicvapplicationvsecurityvtestingv(DAST)
PIAv-vcorrectvanswer-
PrivacyvImpactvAssessmentv(PIA)v>>vgeneratedvduringvplanningvphasev(securityvas
sessment)
PSIRTv-vcorrectvanswer-ProductvSecurityvIncidentvResponsevTeamv(PSIRT)
Av__________visvavteamvsolelyvdedicatedvtovconductvsecurityvM&Avassessments,vth
ird-partyvreviews,vpost-
releasevcertifications,vinternalvreviewsvforvnewvproductvcombinationsvofvcloudvdeploy
ments,vandvreviewvforvlegacyvsoftwarevthatvisvstillvinvusevorvaboutvtovbevre-used.v-
vcorrectvanswer-Answer:vPSIRT
M&Av=vMonitoringv&vAssessment
ChangevManagementv-vcorrectvanswer-
1.)v*RequestvControl*:vuservrequestvmods,vmanagersvdovcost/
benefitvanalysis,vdevsvprioritizevtasks