SECURE SOFTWARE DESIGN STUDY
GUIDE - C706 EXAM QUESTIONS AND
ANSWERS. VERIFIED 2025/2026.
Confidentiality - ANS Information is not made available or disclosed to unauthorized
individuals, entities, or processes. Ensures unauthorized persons are not able to read private
and sensitive data. It is achieved through cryptography.
Integrity - ANS Ensures unauthorized persons or channels are not able to modify the data. It
is accomplished through the use of a message digest or digital signatures.
Availability - ANS The computing systems used to store and process information, the security
controls used to protect information, and the communication channels used to access
information must be functioning correctly. Ensures system remains operational even in the
event of a failure or an attack. It is achieved by providing redundancy or fault tolerance for a
failure of a system and its components.
Ensure Confidentiality - ANS Public Key Infrastructure (PKI) and Cryptography/Encryption
Ensure Availability - ANS Offsite back-up and Redundancy
Ensure Integrity - ANS Hashing, Message Digest (MD5), non repudiation and digital signatures
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,Software Architect - ANS Moves analysis to implementation and analyzes the requirements
and use cases as activities to perform as part of the development process; can also develop
class diagrams.
Security Practitioner Roles - ANS Release Manager,
Architect, Developer, Business Analyst/Project Manager
Release Manager - ANS Deployment
Architect - ANS Design
Developer - ANS Coding
Business Analyst/Project Manager - ANS Requirements Gathering
Red Team - ANS Teams of people familiar with the infrastructure of the company and the
languages of the software being developed. Their mission is to kill the system as the developers
build it.
Static Analysis - ANS A method of computer program debugging that is done by examining
the code without executing the program. The process provides an understanding of the code
structure, and can help to ensure that the code adheres to industry standards. It's also referred
as code review.
MD5 Hash - ANS A widely used hash function producing a 128-bit hash value. Initially
designed to be used as a cryptographic hash function, it has been found to suffer from extensive
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, vulnerabilities. It can still be used as a checksum to verify data integrity, but only against
unintentional corruption.
SHA-256 (Secure Hash Algorithm) - ANS One of a number of cryptographic hash functions. A
cryptographic hash is like a signature for a text or a data file. Generates an almost-unique, fixed
size 32-byte
(32 X 8) hash. Hash is a one-way function - it cannot be decrypted.
Advanced Encryption Standard (AES) - ANS A symmetric encryption algorithm. The algorithm
was developed by two Belgian cryptographers Joan Daemen and Vincent Rijmen. Designed to
be efficient in both hardware and software, and supports a block length of 128 bits and key
lengths of 128, 192, and 256 bits.
Algorithms used to verify integrity - ANS MD5 Hash, SHA-256
Algorithm used to verify confidentiality - ANS Advanced Encryption Standard (AES)
Stochastic - ANS unintentional or accidental
safety-relevant faults - ANS stochastic (i.e., unintentional or accidental)
security-relevant faults - ANS "Sponsored," i.e., intentionally created and activated through
conscious and intentional human agency.
Fuzz Testing - ANS Used to see if the system has solid exception handling to the input it
receives. Is the use of malformed or random input into a system in order to intentionally
produce failure. This is a very easy process of feeding garbage to the system when it expects a
formatted input, and it is always a good idea to feed as much garbage as possible to an input
field.
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
GUIDE - C706 EXAM QUESTIONS AND
ANSWERS. VERIFIED 2025/2026.
Confidentiality - ANS Information is not made available or disclosed to unauthorized
individuals, entities, or processes. Ensures unauthorized persons are not able to read private
and sensitive data. It is achieved through cryptography.
Integrity - ANS Ensures unauthorized persons or channels are not able to modify the data. It
is accomplished through the use of a message digest or digital signatures.
Availability - ANS The computing systems used to store and process information, the security
controls used to protect information, and the communication channels used to access
information must be functioning correctly. Ensures system remains operational even in the
event of a failure or an attack. It is achieved by providing redundancy or fault tolerance for a
failure of a system and its components.
Ensure Confidentiality - ANS Public Key Infrastructure (PKI) and Cryptography/Encryption
Ensure Availability - ANS Offsite back-up and Redundancy
Ensure Integrity - ANS Hashing, Message Digest (MD5), non repudiation and digital signatures
1 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
,Software Architect - ANS Moves analysis to implementation and analyzes the requirements
and use cases as activities to perform as part of the development process; can also develop
class diagrams.
Security Practitioner Roles - ANS Release Manager,
Architect, Developer, Business Analyst/Project Manager
Release Manager - ANS Deployment
Architect - ANS Design
Developer - ANS Coding
Business Analyst/Project Manager - ANS Requirements Gathering
Red Team - ANS Teams of people familiar with the infrastructure of the company and the
languages of the software being developed. Their mission is to kill the system as the developers
build it.
Static Analysis - ANS A method of computer program debugging that is done by examining
the code without executing the program. The process provides an understanding of the code
structure, and can help to ensure that the code adheres to industry standards. It's also referred
as code review.
MD5 Hash - ANS A widely used hash function producing a 128-bit hash value. Initially
designed to be used as a cryptographic hash function, it has been found to suffer from extensive
2 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
, vulnerabilities. It can still be used as a checksum to verify data integrity, but only against
unintentional corruption.
SHA-256 (Secure Hash Algorithm) - ANS One of a number of cryptographic hash functions. A
cryptographic hash is like a signature for a text or a data file. Generates an almost-unique, fixed
size 32-byte
(32 X 8) hash. Hash is a one-way function - it cannot be decrypted.
Advanced Encryption Standard (AES) - ANS A symmetric encryption algorithm. The algorithm
was developed by two Belgian cryptographers Joan Daemen and Vincent Rijmen. Designed to
be efficient in both hardware and software, and supports a block length of 128 bits and key
lengths of 128, 192, and 256 bits.
Algorithms used to verify integrity - ANS MD5 Hash, SHA-256
Algorithm used to verify confidentiality - ANS Advanced Encryption Standard (AES)
Stochastic - ANS unintentional or accidental
safety-relevant faults - ANS stochastic (i.e., unintentional or accidental)
security-relevant faults - ANS "Sponsored," i.e., intentionally created and activated through
conscious and intentional human agency.
Fuzz Testing - ANS Used to see if the system has solid exception handling to the input it
receives. Is the use of malformed or random input into a system in order to intentionally
produce failure. This is a very easy process of feeding garbage to the system when it expects a
formatted input, and it is always a good idea to feed as much garbage as possible to an input
field.
3 @COPYRIGHT 2025/2026 ALLRIGHTS RESERVED.
