WGU C706 Secure Software Design Study Guide Questions and Answers (2022/2023) (Verified Answers)

WGU C706 Secure Software Design Study Guide Questions and Answers (2022/2023) (Verified Answers) Confidentiality Information is not made available or disclosed to unauthorized individuals, entities, or processes. Ensures unauthorized persons are not able to read private and sensitive data. It is achieved through cryptography. Integrity Ensures unauthorized persons or channels are not able to modify the data. It is accomplished through the use of a message digest or digital signatures. Availability The computing systems used to store and process information, the security controls used to protect information, and the communication channels used to access information must be functioning correctly. Ensures system remains operational even in the event of a failure or an attack. It is achieved by providing redundancy or fault tolerance for a failure of a system and its components. Ensure Confidentiality Public Key Infrastructure (PKI) and Cryptography/Encryption Ensure Availability Offsite back-up and Redundancy Ensure Integrity Hashing, Message Digest (MD5), non repudiation and digital signatures Software Architect Moves analysis to implementation and analyzes the requirements and use cases as activities to perform as part of the development process; can also develop class diagrams. Security Practitioner Roles Release Manager, Architect, Developer, Business Analyst/Project Manager Release Manager Deployment Architect Design Developer Coding Business Analyst/Project Manager Requirements Gathering Red Team Teams of people familiar with the infrastructure of the company and the languages of the software being developed. Their mission is to kill the system as the developers build it. Static Analysis A method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure, and can help to ensure that the code adheres to industry standards. It's also referred as code review. MD5 Hash A widely used hash function producing a 128-bit hash value. Initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption. SHA-256 (Secure Hash Algorithm) One of a number of cryptographic hash functions. A cryptographic hash is like a signature for a text or a data file. Generates an almost-unique, fixed size 32-byte (32 X 8) hash. Hash is a one-way function - it cannot be decrypted. Advanced Encryption Standard (AES) A symmetric encryption algorithm. The algorithm was developed by two Belgian cryptographers Joan Daemen and Vincent Rijmen. Designed to be efficient in both hardware and software, and supports a block length of 128 bits and key lengths of 128, 192, and 256 bits. Algorithms used to verify integrity MD5 Hash, SHA-256 Algorithm used to verify confidentiality Advanced Encryption Standard (AES) Stochastic unintentional or accidental safety-relevant faults stochastic (i.e., unintentional or accidental) security-relevant faults "Sponsored," i.e., intentionally created and activated through conscious and intentional human agency. Fuzz Testing Used to see if the system has solid exception handling to the input it receives. Is the use of malformed or random input into a system in order to intentionally produce failure. This is a very easy process of feeding garbage to the system when it expects a formatted input, and it is always a good idea to feed as much garbage as possible to an input field. Three (3) Tier Removes the business logic from the client end of the system. It generally places the business logic on a separate server from the client. The data access portion of the system resides separately from both the client and the business logic platform. T-MAP Defines a set of threat-relevant attributes for each layer or node. These can be classified as probability-relevant, size-of-loss relevant, or descriptive. These are primarily derived from Common Vulnerability Scoring System (CVSS). USC's Threat Modeling based on Attacking Path analysis is a risk management approach that quantifies total severity weights of relevant attacking paths for COTS-based systems. Its strengths lie in its ability to maintain sensitivity to an organization's business value priorities and IT environment, to prioritize and estimate security investment effectiveness and evaluate performance, and to communicate executive-friendly vulnerability details as threat profiles to help evaluate cost efficiency. Trike An open source conceptual framework, methodology, and tool set designed to auto-generate repeatable threat models. Its methodology enables the risk analyst to accurately and completely describe the security characteristics of the system, from high-level architecture to low-level implementation of details. It also requires building a defensive model of the subject system. SDL Threat Modeling Tool This free tool builds on Microsoft Visio and provides a tool for constructing graphic representations for the system without requiring expertise in security and also has the capability of graphically representing a software system and identifying vulnerabilities. Vulnerability Mapping Used to determine the most likely locations within the system in development where an attacker will strike. This is done on the design phase of the SDLC. V3 The highest level of vulnerability. This is a very likely target for an attacker, such as free text input in a form. These are the highest priory for a security plan for the system and these should all be mitigated and accounted for by established control systems in development. V2 A moderate level vulnerability. These are possible but not probable targets. These will include inter-process communications on the server or traffic within the trust boundary of the system. Eavesdropping is the most significant risk in this situation. These vulnerabilities should always be mitigated in the system, but in a trade off analysis, strict control may not be necessary as long as a procedure is in place to fail safely and protect any private or confidential data. V1 The lowest priority level of vulnerability. These are unlikely venues of attack with little risk if they are exploited. Failing safely is the most important concern at this level, because the data associated with this vulnerability has no value, and the process involved is not mission critical, such as a transmission failure in an HTML header coming from the system; the highest risk is that the customer will not properly see the page and it would have to be reloaded. These vulnerabilities can be largely ignored, but they should be noted in the system specification in case functionality is altered by a later system update or interaction because this may allow them to become more significant. Activity Diagram Capable of expressing resolution efforts to malformed input and potential attacks in a way other documentation at the system level cannot. The caveat is that these do not contain class calls and references; they only provide a visualization of the process logic. Kiviat Diagram Provides a visual comparison of multiple attributes and can visualize and report the information on a single artifact based on monitored information. Identify the Assets A threat model process that allows the company to identify the part that needs to be protected from unauthorized users. Agile Model