SECURE SOFTWARE DESIGN - C706
EXAM QUESTIONS AND ANSWERS.
VERIFIED 2025/2026.
Protecting the software and the systems on which it runs after release, after dev is complete -
ANS Application security
Three core elements of security - ANS Confidentiality, integrity, and availability (the C.I.A.
model
Tools that look for a fixed set of patterns or rules in the code in a manner similar to virus-
checking programs - ANS Static analysis tools
Ensures that the user has the appropriate role and privilege to view data - ANS Authorization
Ensures that the user is who he or she claims to be and that the data come from the
appropriate place - ANS Authentication
Question 4 :
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,What is responsible for preserving authorized restrictions on information access and disclosure,
including means for protecting personal privacy and proprietary information? - ANS Question
4
Confidentiality
Q5:
What is responsible for guarding against improper information modification or destruction, and
includes ensuring information non-repudiation and authenticity? - ANS Q5:
Integrity
Q6:
Which concept in the software life cycle understands the potential security threats to the
system, determines risk, and establishes appropriate mitigations? - ANS Q6:
Threat modeling
Q7:
The idea behind is simply to understand the potential security threats to the system, determine
risk, and establish appropriate mitigations. When it is performed correctly, it occurs early in the
project life cycle and can be used to find security design issues before code is committed. -
ANS Q7:
threat modeling
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, _Q8:
____________is about building secure software: designing software to be secure; making sure
that software is secure; and educating software developers, architects, and users about how to
build security in. - ANS Q8:
software security
Q9:
__________, as the name suggests, is really aimed at developing secure software, not
necessarily quality software - ANS Q9:
SDL methodology
The most well-known SDL model is the __________, a process that Microsoft has adopted for
the development of software that needs to withstand malicious attack. This is considered the
most mature of the top three models. - ANS Trustworthy Computing Security Development
Lifecycle
_________This is a study of real-world software security initiatives organized so that you can
determine where you stand with your software security initiative and how to evolve your efforts
over time. It is a set of best practices that Cigital developed by analyzing real-world data from
nine leading software security initiatives and creating a framework based on common areas of
success. There are 12 practices organized into four domains. These practices are used to
organize the 109 BSIMM activities (BSIMM 4 has a total of 111 activities). - ANS BSIMM (
short for Building Security In Maturity Model.)
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
EXAM QUESTIONS AND ANSWERS.
VERIFIED 2025/2026.
Protecting the software and the systems on which it runs after release, after dev is complete -
ANS Application security
Three core elements of security - ANS Confidentiality, integrity, and availability (the C.I.A.
model
Tools that look for a fixed set of patterns or rules in the code in a manner similar to virus-
checking programs - ANS Static analysis tools
Ensures that the user has the appropriate role and privilege to view data - ANS Authorization
Ensures that the user is who he or she claims to be and that the data come from the
appropriate place - ANS Authentication
Question 4 :
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,What is responsible for preserving authorized restrictions on information access and disclosure,
including means for protecting personal privacy and proprietary information? - ANS Question
4
Confidentiality
Q5:
What is responsible for guarding against improper information modification or destruction, and
includes ensuring information non-repudiation and authenticity? - ANS Q5:
Integrity
Q6:
Which concept in the software life cycle understands the potential security threats to the
system, determines risk, and establishes appropriate mitigations? - ANS Q6:
Threat modeling
Q7:
The idea behind is simply to understand the potential security threats to the system, determine
risk, and establish appropriate mitigations. When it is performed correctly, it occurs early in the
project life cycle and can be used to find security design issues before code is committed. -
ANS Q7:
threat modeling
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, _Q8:
____________is about building secure software: designing software to be secure; making sure
that software is secure; and educating software developers, architects, and users about how to
build security in. - ANS Q8:
software security
Q9:
__________, as the name suggests, is really aimed at developing secure software, not
necessarily quality software - ANS Q9:
SDL methodology
The most well-known SDL model is the __________, a process that Microsoft has adopted for
the development of software that needs to withstand malicious attack. This is considered the
most mature of the top three models. - ANS Trustworthy Computing Security Development
Lifecycle
_________This is a study of real-world software security initiatives organized so that you can
determine where you stand with your software security initiative and how to evolve your efforts
over time. It is a set of best practices that Cigital developed by analyzing real-world data from
nine leading software security initiatives and creating a framework based on common areas of
success. There are 12 practices organized into four domains. These practices are used to
organize the 109 BSIMM activities (BSIMM 4 has a total of 111 activities). - ANS BSIMM (
short for Building Security In Maturity Model.)
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
