WGU C706 CH2 Exam Questions With Complete Solutions

WGU C706 CH2 Exam Questions With Complete Solutions Techniques used in penetrating valid channels of authentication - CORRECT ANSWER Cross-Site Scripting (XSS), Structured Query Language (SQL) injection, buffer overflow exploitation The most well-known SDL model - CORRECT ANSWER Trustworthy Computing Security Development Lifecycle (SDL) Other popular SDL models - CORRECT ANSWER Cigital Software Security Touchpoints model, OWASP SDL, Cisco Secure Development Lifecycle (CSDL) SDL Optimization Model - CORRECT ANSWER Enables development managers and IT policymakers to assess the state of the security in development Two very popular software security maturity models that have been developed and continue to mature at a rapid rate - CORRECT ANSWER Cigital BSIMM, OWASP Open SAMM Building Security In Maturity Model (BSIMM) - CORRECT ANSWER A study of real-world software security initiatives organized so that you can determine where you stand with your software security initiative and how to evolve your efforts over time OWASP Software Assurance Maturity Model (SAMM) - CORRECT ANSWER A flexible and prescriptive framework for building security into a software development organization ISO/IEC - CORRECT ANSWER International Standards Organization (ISO) / International Electrotechnical Commission (IEC) ISO/IEC 27034-1:2011 - CORRECT ANSWER A standard for application security which offers a concise, internationally recognized way to get transparency into a vendor/supplier's software security management process ISMS - CORRECT ANSWER Information Security Management System ISO/IEC 27001 - CORRECT ANSWER A standard that specifies a management system intended to bring information security under formal management control ISO/IEC 27034 - CORRECT ANSWER A standard that provides guidance to help organizations embed security within their processes that help secure applications running in the environment, including application lifecycle processes SAFECode - CORRECT ANSWER A global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware, and services NCSD - CORRECT ANSWER Department of Homeland Security National Cyber Security Division Software Assurance Program - CORRECT ANSWER The SwA Program seeks to reduce software vulnerabilities, minimize exploitation, and address ways to improve the routine development and deployment of trustworthy software products NIST - CORRECT ANSWER National Institute of Standards and Technology NSA - CORRECT ANSWER National Security Agency CWE - CORRECT ANSWER Common Weakness Enumeration Software Assurance Metrics And Tool Evaluation (SAMATE) - CORRECT ANSWER The project dedicated to improving software assurance by developing methods to enable software tool evaluations, measuring the effectiveness of tools and techniques, and identifying gaps in tools and methods