WGU - C706 EXAM QUESTIONS WITH
CORRECT ANSWERS
SDL |- |CORRECT |ANSWER✔✔-Security |Development |Lifecycle
SDLC |- |CORRECT |ANSWER✔✔-Software |Development |Life |Cycle
Software |Security |- |CORRECT |ANSWER✔✔-Building |security |into |the |software |through |a |SDL |in
|an |SDLC
Application |Security |- |CORRECT |ANSWER✔✔-Protecting |the |software |and |the |systems |on |
which |it |runs |after |release
the |C.I.A |model |- |CORRECT |ANSWER✔✔-The |core |elements |of |security
PITAC |- |CORRECT |ANSWER✔✔-President's |Information |Technology |Advisory |Committee
Quality |and |Security |- |CORRECT |ANSWER✔✔-In |terms |of |coding |defects, |the |product |not |only |
has |to |work |right, |it |also |has |to |be |secure
Trustworthy |Computing(TwC) |- |CORRECT |ANSWER✔✔-The |team |which |formed |the |concept |
that |let |to |Microsoft |Security |Development |Lifecycle
Static |Analysis |Tools |- |CORRECT |ANSWER✔✔-Tools |that |look |for |a |fixed |pattern |or |rules |in |the |
code |in |a |manner |similar |to |virus |checking |programs
,Authorization |- |CORRECT |ANSWER✔✔-Ensures |that |the |user |has |the |appropriate |role |and |
privilege
Authentication |- |CORRECT |ANSWER✔✔-Ensures |that |the |user |is |who |he |or |she |claims |to |be |
and |that |data |come |from |the |appropriate |place
Threat |Modeling |- |CORRECT |ANSWER✔✔-To |understand |the |potential |security |threats |to |the |
system, |determine |risk, |and |establish |appropriate |mitigations. |Applies |principles |such |as |least |
privilege |and |defense-in-depth; |requires |human |expertise |and |not |tools |to |accomplish
Attack |Surface |- |CORRECT |ANSWER✔✔-The |entry |points |and |exit |points |of |an |application |that |
may |be |accessible |to |an |attacker
Agile |Method |- |CORRECT |ANSWER✔✔-A |time-boxed |iterative |approach |that |facilitates |a |rapid |
and |flexible |response |to |change, |which |in |turn |encourages |evolutionary |development |and |
delivery |while |promoting |adaptive |planning, |development, |teamwork, |collaboration, |and |
process |adaptability |throughout |the |lifecycle |of |the |project
Bugtraq |IDs |- |CORRECT |ANSWER✔✔-Identifiers |for |a |commercially |operated |vulnerability |that |
are |used |in |security |advisories |and |alerts, |as |well |as |for |discussions |on |the |mailing |list
Building |Security |in |Maturity |Model |(BSIMM) |- |CORRECT |ANSWER✔✔-A |study |of |real-world |
software |security |initiatives |organized |so |that |you |can |determine |where |you |stand |with |your |
software |security |initiatives |and |how |to |evolve |efforts |over |time
Common |Vulnerability |Scoring |System |(CVSS) |- |CORRECT |ANSWER✔✔-Provides |an |open |
framework |for |communicating |the |characteristics |and |impacts |of |IT |vulnerabilities
CWE |- |CORRECT |ANSWER✔✔-Common |Weakness |Enumeration
, DAST |- |CORRECT |ANSWER✔✔-Dynamic |Application |Security |Testing
Dynamic |program |analysis |- |CORRECT |ANSWER✔✔-The |analysis |of |computer |software |that |is |
performed |by |executing |programs |on |a |real |or |virtual |processor |in |real |time
GRC |- |CORRECT |ANSWER✔✔-Governance, |Risk |and |Compliance
ISMS |- |CORRECT |ANSWER✔✔-Information |Security |Management |System
ISO/IEC |- |CORRECT |ANSWER✔✔-International |Organization |for |Standardization(ISO) |/ |
International |Electrotechnical
Commission(IEC).
ISO/IEC |27001 |- |CORRECT |ANSWER✔✔-A |standard |that |specifies |a |management |system |
intended |to |bring |information |security |under |formal |management |control
ISO/IEC |27034 |- |CORRECT |ANSWER✔✔-A |standard |that |provides |guidance |to |help |
organizations |embed |security |within |their |processes |that |help |secure |applications |running |in |
the |environment
ISO/IEC |27034-1:2011 |- |CORRECT |ANSWER✔✔-A |standard |for |application |security |which |offers
|a |concise, |internationally |recognized |way |to |get |transparency |into |vendor/supplier's |software |
security |management |process
Iterative |Waterfall |Development |Model |- |CORRECT |ANSWER✔✔-An |approach |that |carries |less |
risk |than |traditional |approaches |but |is |more |risky |and |less |efficient |and |the |overall |project |is |
divided |into |various |phases, |each |executed |using |the |traditional |method
CORRECT ANSWERS
SDL |- |CORRECT |ANSWER✔✔-Security |Development |Lifecycle
SDLC |- |CORRECT |ANSWER✔✔-Software |Development |Life |Cycle
Software |Security |- |CORRECT |ANSWER✔✔-Building |security |into |the |software |through |a |SDL |in
|an |SDLC
Application |Security |- |CORRECT |ANSWER✔✔-Protecting |the |software |and |the |systems |on |
which |it |runs |after |release
the |C.I.A |model |- |CORRECT |ANSWER✔✔-The |core |elements |of |security
PITAC |- |CORRECT |ANSWER✔✔-President's |Information |Technology |Advisory |Committee
Quality |and |Security |- |CORRECT |ANSWER✔✔-In |terms |of |coding |defects, |the |product |not |only |
has |to |work |right, |it |also |has |to |be |secure
Trustworthy |Computing(TwC) |- |CORRECT |ANSWER✔✔-The |team |which |formed |the |concept |
that |let |to |Microsoft |Security |Development |Lifecycle
Static |Analysis |Tools |- |CORRECT |ANSWER✔✔-Tools |that |look |for |a |fixed |pattern |or |rules |in |the |
code |in |a |manner |similar |to |virus |checking |programs
,Authorization |- |CORRECT |ANSWER✔✔-Ensures |that |the |user |has |the |appropriate |role |and |
privilege
Authentication |- |CORRECT |ANSWER✔✔-Ensures |that |the |user |is |who |he |or |she |claims |to |be |
and |that |data |come |from |the |appropriate |place
Threat |Modeling |- |CORRECT |ANSWER✔✔-To |understand |the |potential |security |threats |to |the |
system, |determine |risk, |and |establish |appropriate |mitigations. |Applies |principles |such |as |least |
privilege |and |defense-in-depth; |requires |human |expertise |and |not |tools |to |accomplish
Attack |Surface |- |CORRECT |ANSWER✔✔-The |entry |points |and |exit |points |of |an |application |that |
may |be |accessible |to |an |attacker
Agile |Method |- |CORRECT |ANSWER✔✔-A |time-boxed |iterative |approach |that |facilitates |a |rapid |
and |flexible |response |to |change, |which |in |turn |encourages |evolutionary |development |and |
delivery |while |promoting |adaptive |planning, |development, |teamwork, |collaboration, |and |
process |adaptability |throughout |the |lifecycle |of |the |project
Bugtraq |IDs |- |CORRECT |ANSWER✔✔-Identifiers |for |a |commercially |operated |vulnerability |that |
are |used |in |security |advisories |and |alerts, |as |well |as |for |discussions |on |the |mailing |list
Building |Security |in |Maturity |Model |(BSIMM) |- |CORRECT |ANSWER✔✔-A |study |of |real-world |
software |security |initiatives |organized |so |that |you |can |determine |where |you |stand |with |your |
software |security |initiatives |and |how |to |evolve |efforts |over |time
Common |Vulnerability |Scoring |System |(CVSS) |- |CORRECT |ANSWER✔✔-Provides |an |open |
framework |for |communicating |the |characteristics |and |impacts |of |IT |vulnerabilities
CWE |- |CORRECT |ANSWER✔✔-Common |Weakness |Enumeration
, DAST |- |CORRECT |ANSWER✔✔-Dynamic |Application |Security |Testing
Dynamic |program |analysis |- |CORRECT |ANSWER✔✔-The |analysis |of |computer |software |that |is |
performed |by |executing |programs |on |a |real |or |virtual |processor |in |real |time
GRC |- |CORRECT |ANSWER✔✔-Governance, |Risk |and |Compliance
ISMS |- |CORRECT |ANSWER✔✔-Information |Security |Management |System
ISO/IEC |- |CORRECT |ANSWER✔✔-International |Organization |for |Standardization(ISO) |/ |
International |Electrotechnical
Commission(IEC).
ISO/IEC |27001 |- |CORRECT |ANSWER✔✔-A |standard |that |specifies |a |management |system |
intended |to |bring |information |security |under |formal |management |control
ISO/IEC |27034 |- |CORRECT |ANSWER✔✔-A |standard |that |provides |guidance |to |help |
organizations |embed |security |within |their |processes |that |help |secure |applications |running |in |
the |environment
ISO/IEC |27034-1:2011 |- |CORRECT |ANSWER✔✔-A |standard |for |application |security |which |offers
|a |concise, |internationally |recognized |way |to |get |transparency |into |vendor/supplier's |software |
security |management |process
Iterative |Waterfall |Development |Model |- |CORRECT |ANSWER✔✔-An |approach |that |carries |less |
risk |than |traditional |approaches |but |is |more |risky |and |less |efficient |and |the |overall |project |is |
divided |into |various |phases, |each |executed |using |the |traditional |method
