Exam (elaborations)
WGU MASTER'S COURSE C706 - SECURE SOFTWARE DESIGN
- Course
- Institution
WGU MASTER'S COURSE C706 - SECURE SOFTWARE DESIGN
[Show more]
Content preview
WGU MASTER'S COURSE C706 -SECURE SOFTWARE DESIGN
Whichgduegdiligencegactivitygforgsupplygchaingsecuritygshouldgoccurgingtheginitiationgphase
gofgthegsoftwaregacquisitionglifegcycle?
AgDevelopinggagrequestgforgproposalg(RFP)gthatgincludesgsupplygchaingsecuritygriskgmana
gement
BgLesseninggthegriskgofgdisseminatingginformationgduringgdisposal
CgFacilitatinggknowledgegtransfergbetweengsuppliers
DgMitigatinggsupplygchaingsecuritygriskgbygprovidinggusergguidanceg-gans--A
Whichgduegdiligencegactivitygforgsupplygchaingsecurityginvestigatesgthegmeansgbygwhichgd
atagsetsgaregsharedgandgassessed?
Agon-sitegassessment
Bgprocessgpolicygreview
Cgthird-partygassessment
Dgdocumentgexchangegandgreviewg-gans--D
Considergthesegcharacteristics:
-Identificationgofgthegentitygmakinggthegaccessgrequest
-Verificationgthatgthegrequestghasgnotgchangedgsincegitsginitiation
-Applicationgofgthegappropriategauthorizationgprocedures
-Reexaminationgofgpreviouslygauthorizedgrequestsgbygthegsamegentity
Whichgsecuritygdesignganalysisgisgbeinggdescribed?
AgOpengdesign
BgCompletegmediation
CgEconomygofgmechanism
DgLeastgcommongmechanismg-gans--B
Whichgsoftwaregsecuritygprinciplegguardsgagainstgthegimpropergmodificationgorgdestructio
ngofginformationgandgensuresgthegnonrepudiationgandgauthenticitygofginformation?
AgQuality
BgIntegrity
CgAvailability
DgConfidentialityg-gans--B
,Whatgtypegofgfunctionalgsecuritygrequirementginvolvesgreceiving,gprocessing,gstoring,gtran
smitting,gandgdeliveringgingreportgform?
AgLogging
BgErrorghandling
CgPrimarygdataflow
DgAccessgcontrolgflowg-gans--C
Whichgnonfunctionalgsecuritygrequirementgprovidesgagwaygtogcaptureginformationgcorrectl
ygandgagwaygtogstoregthatginformationgtoghelpgsupportglatergaudits?
AgLogging
BgErrorghandling
CgPrimarygdataflow
DgAccessgcontrolgflowg-gans--A
Whichgsecuritygconceptgrefersgtogthegqualitygofginformationgthatgcouldgcausegharmgorgdam
agegifgdisclosed?
AgIsolation
BgDiscretion
CgSeclusion
DgSensitivityg-gans--D
Whichgtechnologygwouldgbegangexamplegofganginjectiongflaw,gaccordinggtogthegOWASPgT
opg10?
AgSQL
BgAPI
CgXML
DgXSSg-gans--A
Agcompanygisgcreatinggagnewgsoftwaregtogtrackgcustomergbalancegandgwantsgtogdesigngag
securegapplication.
Whichgbestgpracticegshouldgbegapplied?
AgDevelopgagsecuregauthenticationgmethodgthatghasgagclosedgdesign
BgAllowgmediationgbypassgorgsuspensiongforgsoftwaregtestinggandgemergencygplanning
CgEnsuregtheregisgphysicalgacceptabilitygtogensuregsoftwaregisgintuitivegforgthegusersgtogdo
gtheirgjobs
DgCreategmultipleglayersgofgprotectiongsogthatgagsubsequentglayergprovidesgprotectiongifga
glayergisgbreachedg-gans--D
,Agcompanygisgdevelopinggagsecuregsoftwaregthatghasgtogbegevaluatedgandgtestedgbygaglar
gegnumbergofgexperts.
Whichgsecuritygprinciplegshouldgbegapplied?
AgFailgsafe
BgOpengdesign
CgDefensegingdepth
DgCompletegmediationg-gans--B
WhichgtypegofgTCPgscanninggindicatesgthatgagsystemgisgmovinggtogthegsecondgphaseginga
gthree-waygTCPghandshake?
AgTCPgSYNgscanning
BgTCPgACKgscanning
CgTCPgXMASgscanning
DgTCPgConnectgscanningg-gans--A
Whichgevaluationgtechniquegprovidesginvalid,gunexpected,gorgrandomgdatagtogtheginputsg
ofgagcomputergsoftwaregprogram?
AgFuzzgtesting
BgStaticganalysis
CgDynamicganalysis
DgRegressiongtestingg-gans--A
Whichgapproachgprovidesgangopportunitygtogimprovegthegsoftwaregdevelopmentglifegcycleg
bygtailoringgthegprocessgtogthegspecificgrisksgfacinggthegorganization?
AgAgilegmethodology
BgWaterfallgmethodology
CgBuildinggsecuritygingmaturitygmodelg(BSIMM)
DgSoftwaregassurancegmaturitygmodelg(SAMM)g-gans--D
Whichgphasegcontainsgsophisticatedgsoftwaregdevelopmentgprocessesgthatgensuregthatgf
eedbackgfromgonegphasegreachesgtogthegpreviousgphasegtogimprovegfuturegresults?
AgInitial
BgManaged
CgOptimizing
DgRepeatableg-gans--C
Thegactivitiesgforgcompliancegincludegensuringgcollectedginformationgisgonlygusedgforginte
ndedgpurposes,ginformationgisgtimelygandgaccurate,gandgthegpublicgisgawaregofgtheginform
ationgcollectedgandghowgitgisgused.
, Whichgwell-acceptedgsecuregdevelopmentgstandardgisgaddressedgbygthesegactivities?
AgPIA
BgPA-DSS
CgPCI-DSS
DgPTS-DSSg-gans--A
Angorganizationgisgingthegprocessgofgbuildinggangapplicationgforgitsgbankinggsoftware.
Whichgsecuritygcodinggpracticegmustgthegorganizationgfollow?
AgRungagdataganalysis
BgConductgdatagvalidation
CgValidategthegdatagsource
DgAligngbusinessggoalsg-gans--B
Whatgisgincludedgingagtypicalgjobgdescriptiongofgagsoftwaregsecuritygchampiong(SSC)?
AgIdentifygsoftwaregupdategsourcegandgsink
BgReviewgcodegtogidentifygskill-relatedgbugs
CgDevelopgandgmanagegthegafter-SDLCgstage
DgConsidergallgpossiblegpathsgofgattackgorgexploitsg-gans--D
Whichgrolegisgagtraininggchampiongofgsoftwaregsecurity,gangadvocategforgthegoverallgSDLg
process,gandgagproponentgforgpromulgatinggandgenforcinggthegoverallgsoftwaregproductgs
ecuritygprogram?
AgSoftwaregsecurityguserg(SSU)
BgSoftwaregsecuritygarchitectg(SSA)
CgSoftwaregsecuritygevangelistg(SSE)
DgSoftwaregsecuritygstakeholderg(SSS)g-gans--C
Whichgrolegrequiresgthegtechnicalgcapabilitygtogbegtrainedgasgagsoftwaregsecuritygarchitect
gwhogthengassistsgthegcentralizedgsoftwaregsecurityggroupgwithgarchitecturegsecurityganal
ysisgandgthreatgmodeling?
AgSoftwaregchampion
BgSoftwaregevangelist
CgJuniorgsoftwaregdeveloper
DgSeniorgsoftwaregprogrammerg-gans--A
Angapplicationgdevelopmentgteamgisgdesigninggandgbuildinggangapplicationgthatginterface
sgwithgagback-endgdatabase.
Whichgactivitygshouldgbegincludedgwhengconstructinggagthreatgmodelgforgthegapplication?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller AGRADEPROMASTER. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
79373 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now