WGU C706 Secure Software Design Exam Guide (Latest 2023/ 2024 Update) | Questions and Verified Answers| 100% Correct

WGU C706 Secure Software Design Exam Guide (Latest 2023/ 2024 Update) | Questions and Verified Answers| 100% Correct Q: Security Boundary Answer: The line of intersection between any two areas, subnets, or environments that have different security requirements or needs. Q: Security Governance Answer: The collection of practices related to supporting, evalu- ating, defining, and directing the security efforts of an organization. Q: Third-Party Governance Answer: The system of external entity oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing requirements. Q: Documentation Review Answer: Process of reading the exchanged materials and ver- ifying them against standards and expectations. Q: Authorization to Operate (ATO) Answer: A formal declaration by a Designated Approv- ing Authority (DAA) that authorizes operation of a Business Product and explicitly accepts the risk to agency operations. Q: Security Function Answer: The aspect of operating a business that focuses on the task of evaluating and improving security over time. Q: Security Policy Answer: A formalized statement that defines how security will be implemented within a particular organization. Q: Business Case Answer: To demonstrate a business-specific need to alter an existing process or choose an approach to a business task. Q: Top-Down Approach Answer: Upper, or senior, management is responsible for initiating and defining policies for the organization. Q: Information Security (Infosec) Team Answer: The team or department responsible for security within an organization. Q: Chief Information Security Officer (CISO) Answer: Typically considered the top infor- mation security officer in an organization. The CISO is usually not an executive-level position, and frequently the person in this role reports to the CIO. Q: Chief Information Officer (CIO) Answer: The senior manager responsible for the overall management of information resources in an organization Q: Chief Executive Officer (CEO) Answer: Corporate officer who has overall responsibility for managing the business and delegates responsibilities to other corporate officers. Q: Chief Technical Officer (CTO) Answer: Focuses on ensuring that equipment and soft- ware work properly to support the business functions. Q: Strategic Plan Answer: The long-term plan for future activities and operations, usually involving at least five years. Q: Tactical Plan Answer: Midterm plan, developed to provide more details on accomplish- ing the goals set forth in the strategic plan. Useful for about a year. Q: Operational Plan Answer: Short-term, highly detailed plan based on the strategic and tactical plans. Valid only for a short time. must be updated often. Q: On-Site Assessment Answer: Visit the site of the organization to interview personnel and observe their operating habits. Q: Document Exchange and Review Answer: Investigate the means by which datasets and documentation are exchanged as well as the formal processes by which they perform assessments and reviews. Q: Process/Policy Review Answer: Request copies of their security policies, process- es/procedures, and documentation of incidents and responses for review. Q: Third-Party Audit Answer: Having an independent third-party auditor, as defined by the American Institute of Certified Public Accountants (AICPA), can provide an unbiased review of an entity's security infrastructure, based on Service Organization Control (SOC) (SOC) reports. Q: Service-Level Agreement (SLA) Answer: Formal contract between customers and their