WGU C706 Secure Software Design Study Guide Questions and Answers (2024/2025) (Verified Answers)
1 view 0 purchase
Course
WGU C706 Secure Software Design
Institution
WGU C706 Secure Software Design
WGU C706 Secure Software Design Study Guide
Questions and Answers (2024/2025) (Verified Answers)
Confidentiality - -In information security, confidentiality "is the property, that
information is not made available or
disclosed to unauthorized individuals, entities, or processes"
Integrity - -I...
WGU C706 Secure Software Design Study Guide
Questions and Answers (2024/2025) (Verified Answers)
Confidentiality - -In information security, confidentiality "is the property, that
information is not made available or
disclosed to unauthorized individuals, entities, or processes"
Integrity - -In information security, data integrity means maintaining and assuring the
accuracy and completeness of data over its entire life-cycle. This means that data cannot
be modified in an unauthorized or undetected manner. This can be also used to validate
databases to make sure none of the data is corrupt or modified in an unauthorized matter.
Availability - -For any information system to serve its purpose, the information must
be available when it is needed. This means that the computing systems used to store and
process the information, the security controls used to protect it, and the communication
channels used to access it must be functioning correctly.
Secure Software Design Features - -Confidentiality: Public Key Infrastructure (PKI)
and Cryptography/Encryption
Availability: Offsite back-up and Redundancy
Integrity: Hashing, Message Digest (MD5), non repudiation and digital signatures
Software
Software Architect - -The software architect moves analysis to implementation and
analyzes the requirements and use cases as activities to perform as part of the
development process. That person can also develop class diagrams.
Red Team - -These are teams of people familiar with the infrastructure of the
company and the languages of the software being developed. Their mission is to kill the
system as the developers build it.
Static Analysis - -Static analysis, also called static code analysis, is a method of
computer program debugging that is done by examining the code without executing the
program. The process provides an understanding of the code structure, and can help to
ensure that the code adheres to industry standards. It's also referred as code review.
MD5 Hash - -The MD5 algorithm is a widely used hash function producing a 128-bit
hash value. Although MD5 was initially designed to be used as a cryptographic hash
, WGU C706 Secure Software Design Study Guide
Questions and Answers (2024/2025) (Verified Answers)
function, it has been found to suffer from extensive vulnerabilities. It can still be used as a
checksum to verify data integrity, but only against unintentional corruption. (Integrity)
SHA-256 - -The SHA (Secure Hash Algorithm) is one of a number of cryptographic
hash functions. A cryptographic hash is like a signature for a text or a data file. SHA-256
algorithm generates an almost-unique, fixed size 256-bit (32-byte) hash. Hash is a one way
function - it cannot be decrypted back. (Integrity)
Advanced Encryption Standard (AES) - -AES (acronym of Advanced Encryption
Standard) is a symmetric encryption algorithm. The algorithm was developed by two
Belgian cryptographer Joan Daemen and Vincent Rijmen. AES was
designed to be efficient in both hardware and software, and supports a block length of 128
bits and key lengths of 128, 192, and 256 bits. (Confidentiality)
Stochastic - -The analogy between safety and security is particularly close. The main
difference is that safety-relevant faults are stochastic (i.e., unintentional or accidental),
whereas security-relevant faults are "sponsored," i.e., intentionally created and activated
through conscious and intentional human agency.
Fuzz Testing - -Is used to see if the system has solid exception handling to the input it
receives. Is the use of malformed or random input into a system in order to intentionally
produce failure. This is a very easy process of feeding garbage to the system when it
expects a formatted input, and it is always a good idea to feed as much garbage as possible
to an input field
Three (3) Tier - -The 3 tier architecture model removes the business logic from the
client end of the system. It generally places the business logic on a separate server from
the client. The data access portion of the system resides on a 3rd tier, which is separate
from both the client and the business logic platform
T-MAP - -USC's Thread Modeling based on Attacking Path Analysis (T-MAP) is a risk
management approac that quantifies severity weights of relevant attacking paths for COTS-
based systems. T-MAP's strengths lie in its ability to maintain sensitivity to an organization's
business value priorities and Information Technology (IT) environment, to prioritize and
estimate security investment effectiveness and evaluate performance, and to
communicate executive-friendly vulnerability details as threat profiles to help evaluate
cost efficiency.
Trike - -Trike is an open source conceptual framework, methodology, and toolset
designed to autogenerate repeatable threat models. Its methodology enables the risk
analyst to accurately and completely describe the security characteristics of the system,
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller learndirect. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.
