WGU C706 Secure Software Design: Questions With
Right Solutions
CIA Triad Accurate Answer:- Confidentiality, Integrity, Availability
Confidentiality Accurate Answer:- Confidentiality is the concept of the
measures used to ensure the protection of the secrecy of data, objects, or
resources.
Concepts, conditions, and aspects of confidentiality include the following:
Accurate Answer:- Sensitivity
Discretion
Criticality
Concealment
Secrecy
Privacy
Seclusion
Isolation
Integrity Accurate Answer:- Integrity is the concept of protecting the
reliability and correctness of data.
Concepts, conditions, and
aspects of integrity include the following: Accurate Answer:- Accuracy
Truthfulness
Validity
Accountability
Responsibility
Completeness
Comprehensiveness
Availability Accurate Answer:- Availability means authorized subjects
are granted timely and uninterrupted access to
objects.
Concepts, conditions, and aspects of availability
include the following: Accurate Answer:- Usability
,Accessibility
Timeliness
DAD Triad Accurate Answer:- Disclosure, Alteration, and Destruction.
The opposite of the CIA triad.
Authenticity Accurate Answer:- Authenticity is the security concept
that data is authentic or genuine and originates from its
alleged source.
Nonrepudiation Accurate Answer:- Nonrepudiation ensures that the
subject of an activity or who caused an event cannot
deny that the event occurred.
AAA Services Accurate Answer:- Refers to five elements:
Identification - Claiming an identity
Authentication - Proving identity
Authorization - Defining allows/denies for an identity
Auditing - Recording log of events
Accounting - Review log files
Defense in Depth Accurate Answer:- Employing multiple layers of
controls to avoid a single point-of-failure. Also known as layering.
Abstraction Accurate Answer:- Similar elements are put into groups,
classes, or roles that are assigned security controls, restrictions, or
permissions as a collective.
Data Hiding Accurate Answer:- Preventing data from being discovered
or accessed by a subject by positioning the data in a logical storage
compartment that is not accessible or seen by the subject.
Security Through Obscurity Accurate Answer:- Relying upon the
secrecy or complexity of an item as its security, instead of practicing solid
security practices. Different from data hiding.
Encryption Accurate Answer:- A process of encoding messages to keep
them secret, so only "authorized" parties can read it.
,Security Boundary Accurate Answer:- The line of intersection between
any two areas, subnets, or environments that have different security
requirements or needs.
Security Governance Accurate Answer:- The collection of practices
related to supporting, evaluating, defining, and directing the security efforts of
an organization.
Third-Party Governance Accurate Answer:- The system of external
entity oversight that may be mandated by law, regulation, industry standards,
contractual obligation, or licensing requirements.
Documentation Review Accurate Answer:- Process of reading the
exchanged materials and verifying them against standards and expectations.
Authorization to Operate (ATO) Accurate Answer:- A formal
declaration by a Designated Approving Authority (DAA) that authorizes
operation of a Business Product and explicitly accepts the risk to agency
operations.
Security Function Accurate Answer:- The aspect of operating a business
that focuses on the task of evaluating and improving security over time.
Security Policy Accurate Answer:- A formalized statement that defines
how
security will be implemented within a particular organization.
Business Case Accurate Answer:- To demonstrate a business-specific
need to alter an existing process or choose an approach to a business task.
Top-Down Approach Accurate Answer:- Upper, or senior, management
is responsible for initiating and defining policies for the organization.
Information Security (Infosec) Team Accurate Answer:- The team or
department responsible for security within an organization.
Chief Information Security Officer (CISO) Accurate Answer:- Typically
considered the top information security officer in an organization. The CISO is
, usually not an executive-level position, and frequently the person in this role
reports to the CIO.
Chief Information Officer (CIO) Accurate Answer:- The senior manager
responsible for the overall management of information resources in an
organization
Chief Executive Officer (CEO) Accurate Answer:- Corporate officer who
has overall responsibility for managing the business and delegates
responsibilities to other corporate officers.
Chief Technical Officer (CTO) Accurate Answer:- Focuses on ensuring
that equipment and software work properly to support the business functions.
Strategic Plan Accurate Answer:- The long-term plan for future
activities and operations, usually involving at least five years.
Tactical Plan Accurate Answer:- Midterm plan, developed to provide
more details on accomplishing the goals set forth in the strategic plan. Useful
for about a year.
Operational Plan Accurate Answer:- Short-term, highly detailed plan
based on the strategic and tactical plans. Valid only for a short time. must be
updated often.
On-Site Assessment Accurate Answer:- Visit the site of the organization
to interview personnel and observe their operating habits.
Document Exchange and Review Accurate Answer:- Investigate the
means by which datasets and documentation are exchanged as well as the
formal processes by which they perform assessments and reviews.
Process/Policy Review Accurate Answer:- Request copies of their
security policies, processes/procedures, and documentation of incidents and
responses for review.
Third-Party Audit Accurate Answer:- Having an independent third-
party auditor, as defined by the American Institute of Certified Public
Right Solutions
CIA Triad Accurate Answer:- Confidentiality, Integrity, Availability
Confidentiality Accurate Answer:- Confidentiality is the concept of the
measures used to ensure the protection of the secrecy of data, objects, or
resources.
Concepts, conditions, and aspects of confidentiality include the following:
Accurate Answer:- Sensitivity
Discretion
Criticality
Concealment
Secrecy
Privacy
Seclusion
Isolation
Integrity Accurate Answer:- Integrity is the concept of protecting the
reliability and correctness of data.
Concepts, conditions, and
aspects of integrity include the following: Accurate Answer:- Accuracy
Truthfulness
Validity
Accountability
Responsibility
Completeness
Comprehensiveness
Availability Accurate Answer:- Availability means authorized subjects
are granted timely and uninterrupted access to
objects.
Concepts, conditions, and aspects of availability
include the following: Accurate Answer:- Usability
,Accessibility
Timeliness
DAD Triad Accurate Answer:- Disclosure, Alteration, and Destruction.
The opposite of the CIA triad.
Authenticity Accurate Answer:- Authenticity is the security concept
that data is authentic or genuine and originates from its
alleged source.
Nonrepudiation Accurate Answer:- Nonrepudiation ensures that the
subject of an activity or who caused an event cannot
deny that the event occurred.
AAA Services Accurate Answer:- Refers to five elements:
Identification - Claiming an identity
Authentication - Proving identity
Authorization - Defining allows/denies for an identity
Auditing - Recording log of events
Accounting - Review log files
Defense in Depth Accurate Answer:- Employing multiple layers of
controls to avoid a single point-of-failure. Also known as layering.
Abstraction Accurate Answer:- Similar elements are put into groups,
classes, or roles that are assigned security controls, restrictions, or
permissions as a collective.
Data Hiding Accurate Answer:- Preventing data from being discovered
or accessed by a subject by positioning the data in a logical storage
compartment that is not accessible or seen by the subject.
Security Through Obscurity Accurate Answer:- Relying upon the
secrecy or complexity of an item as its security, instead of practicing solid
security practices. Different from data hiding.
Encryption Accurate Answer:- A process of encoding messages to keep
them secret, so only "authorized" parties can read it.
,Security Boundary Accurate Answer:- The line of intersection between
any two areas, subnets, or environments that have different security
requirements or needs.
Security Governance Accurate Answer:- The collection of practices
related to supporting, evaluating, defining, and directing the security efforts of
an organization.
Third-Party Governance Accurate Answer:- The system of external
entity oversight that may be mandated by law, regulation, industry standards,
contractual obligation, or licensing requirements.
Documentation Review Accurate Answer:- Process of reading the
exchanged materials and verifying them against standards and expectations.
Authorization to Operate (ATO) Accurate Answer:- A formal
declaration by a Designated Approving Authority (DAA) that authorizes
operation of a Business Product and explicitly accepts the risk to agency
operations.
Security Function Accurate Answer:- The aspect of operating a business
that focuses on the task of evaluating and improving security over time.
Security Policy Accurate Answer:- A formalized statement that defines
how
security will be implemented within a particular organization.
Business Case Accurate Answer:- To demonstrate a business-specific
need to alter an existing process or choose an approach to a business task.
Top-Down Approach Accurate Answer:- Upper, or senior, management
is responsible for initiating and defining policies for the organization.
Information Security (Infosec) Team Accurate Answer:- The team or
department responsible for security within an organization.
Chief Information Security Officer (CISO) Accurate Answer:- Typically
considered the top information security officer in an organization. The CISO is
, usually not an executive-level position, and frequently the person in this role
reports to the CIO.
Chief Information Officer (CIO) Accurate Answer:- The senior manager
responsible for the overall management of information resources in an
organization
Chief Executive Officer (CEO) Accurate Answer:- Corporate officer who
has overall responsibility for managing the business and delegates
responsibilities to other corporate officers.
Chief Technical Officer (CTO) Accurate Answer:- Focuses on ensuring
that equipment and software work properly to support the business functions.
Strategic Plan Accurate Answer:- The long-term plan for future
activities and operations, usually involving at least five years.
Tactical Plan Accurate Answer:- Midterm plan, developed to provide
more details on accomplishing the goals set forth in the strategic plan. Useful
for about a year.
Operational Plan Accurate Answer:- Short-term, highly detailed plan
based on the strategic and tactical plans. Valid only for a short time. must be
updated often.
On-Site Assessment Accurate Answer:- Visit the site of the organization
to interview personnel and observe their operating habits.
Document Exchange and Review Accurate Answer:- Investigate the
means by which datasets and documentation are exchanged as well as the
formal processes by which they perform assessments and reviews.
Process/Policy Review Accurate Answer:- Request copies of their
security policies, processes/procedures, and documentation of incidents and
responses for review.
Third-Party Audit Accurate Answer:- Having an independent third-
party auditor, as defined by the American Institute of Certified Public
