WGU-C706 Secure Software Design (Pre-
Assessment) and Terms Exam Questions With
Correct Answers
Which |due |diligence |activity |for |supply |chain |security |should |occur |in |the |initiation |phase |of |
the |software |acquisition |life |cycle?
-Facilitating |knowledge |transfer |between |suppliers
-Lessening |the |risk |of |disseminating |information |during |disposal
-Mitigating |supply |chain |security |risk |by |providing |user |guidance
-Developing |a |request |for |proposal |(RFP) |that |includes |supply |chain |security |risk |management
|- |CORRECT |ANSWER✔✔-Developing |a |request |for |proposal |(RFP) |that |includes |supply |chain |
security |risk |management
Which |due |diligence |activity |for |supply |chain |security |investigates |the |means |by |which |data |
sets |are |shared |and |assessed?
-An |on-site |assessment
-A |process |policy |review
-A |third-party |assessment
-A |document |exchange |and |review |- |CORRECT |ANSWER✔✔-A |document |exchange |and |review
Identification |of |the |entity |making |the |access |request
Verification |that |the |request |has |not |changed |since |its |initiation
Application |of |the |appropriate |authorization |procedures
Reexamination |of |previously |authorized |requests |by |the |same |entity
,Which |security |design |analysis |is |being |described?
-Open |design
-Complete |mediation
-Economy |of |mechanism
-Least |common |mechanism |- |CORRECT |ANSWER✔✔-Complete |mediation
Which |software |security |principle |guards |against |the |improper |modification |or |destruction |of |
information |and |ensures |the |nonrepudiation |and |authenticity |of |information?
-Quality
-Integrity
-Availability
-Confidentiality |- |CORRECT |ANSWER✔✔-Integrity
What |type |of |functional |security |requirement |involves |receiving, |processing, |storing, |
transmitting, |and |delivering |in |report |form?
-Logging
-Error |handling
-Primary |dataflow
-Access |control |flow |- |CORRECT |ANSWER✔✔-Primary |dataflow
Which |nonfunctional |security |requirement |provides |a |way |to |capture |information |correctly |
and |a |way |to |store |that |information |to |help |support |later |audits? |- |CORRECT |ANSWER✔✔-
Logging
, Which |type |of |TCP |scanning |indicates |that |a |system |is |moving |to |the |second |phase |in |a |three-
way |TCP |handshake?
-TCP |SYN |scanning
-TCP |ACK |scanning
-TCP |XMAS |scanning
-TCP |Connect |scanning |- |CORRECT |ANSWER✔✔-TCP |SYN |scanning
A |company |is |creating |a |new |software |to |track |customer |balance |and |wants |to |design |a |
secure |application. |
Which |best |practice |should |be |applied? |- |CORRECT |ANSWER✔✔-Create |multiple |layers |of |
protection |so |that |a |subsequent |layer |provides |protection |if |a |layer |is |breached
A |company |is |developing |a |secure |software |that |has |to |be |evaluated |and |tested |by |a |large |
number |of |experts. |
Which |security |principle |should |be |applied?
-Fail |safe
-Open |design
-Defense |in |depth
-Complete |mediation |- |CORRECT |ANSWER✔✔-Open |design
Which |approach |provides |an |opportunity |to |improve |the |software |development |life |cycle |by |
tailoring |the |process |to |the |specific |risks |facing |the |organization?
-Agile |methodology
Assessment) and Terms Exam Questions With
Correct Answers
Which |due |diligence |activity |for |supply |chain |security |should |occur |in |the |initiation |phase |of |
the |software |acquisition |life |cycle?
-Facilitating |knowledge |transfer |between |suppliers
-Lessening |the |risk |of |disseminating |information |during |disposal
-Mitigating |supply |chain |security |risk |by |providing |user |guidance
-Developing |a |request |for |proposal |(RFP) |that |includes |supply |chain |security |risk |management
|- |CORRECT |ANSWER✔✔-Developing |a |request |for |proposal |(RFP) |that |includes |supply |chain |
security |risk |management
Which |due |diligence |activity |for |supply |chain |security |investigates |the |means |by |which |data |
sets |are |shared |and |assessed?
-An |on-site |assessment
-A |process |policy |review
-A |third-party |assessment
-A |document |exchange |and |review |- |CORRECT |ANSWER✔✔-A |document |exchange |and |review
Identification |of |the |entity |making |the |access |request
Verification |that |the |request |has |not |changed |since |its |initiation
Application |of |the |appropriate |authorization |procedures
Reexamination |of |previously |authorized |requests |by |the |same |entity
,Which |security |design |analysis |is |being |described?
-Open |design
-Complete |mediation
-Economy |of |mechanism
-Least |common |mechanism |- |CORRECT |ANSWER✔✔-Complete |mediation
Which |software |security |principle |guards |against |the |improper |modification |or |destruction |of |
information |and |ensures |the |nonrepudiation |and |authenticity |of |information?
-Quality
-Integrity
-Availability
-Confidentiality |- |CORRECT |ANSWER✔✔-Integrity
What |type |of |functional |security |requirement |involves |receiving, |processing, |storing, |
transmitting, |and |delivering |in |report |form?
-Logging
-Error |handling
-Primary |dataflow
-Access |control |flow |- |CORRECT |ANSWER✔✔-Primary |dataflow
Which |nonfunctional |security |requirement |provides |a |way |to |capture |information |correctly |
and |a |way |to |store |that |information |to |help |support |later |audits? |- |CORRECT |ANSWER✔✔-
Logging
, Which |type |of |TCP |scanning |indicates |that |a |system |is |moving |to |the |second |phase |in |a |three-
way |TCP |handshake?
-TCP |SYN |scanning
-TCP |ACK |scanning
-TCP |XMAS |scanning
-TCP |Connect |scanning |- |CORRECT |ANSWER✔✔-TCP |SYN |scanning
A |company |is |creating |a |new |software |to |track |customer |balance |and |wants |to |design |a |
secure |application. |
Which |best |practice |should |be |applied? |- |CORRECT |ANSWER✔✔-Create |multiple |layers |of |
protection |so |that |a |subsequent |layer |provides |protection |if |a |layer |is |breached
A |company |is |developing |a |secure |software |that |has |to |be |evaluated |and |tested |by |a |large |
number |of |experts. |
Which |security |principle |should |be |applied?
-Fail |safe
-Open |design
-Defense |in |depth
-Complete |mediation |- |CORRECT |ANSWER✔✔-Open |design
Which |approach |provides |an |opportunity |to |improve |the |software |development |life |cycle |by |
tailoring |the |process |to |the |specific |risks |facing |the |organization?
-Agile |methodology
