WGU C706 Pre- Assessment Version 2 (Latest 2023/ 2024 Update) Secure Software Design| Questions and Verified Answers| 100% Correct| Grade A

WGU C706 Pre- Assessment Version 2 (Latest 2023/ 2024 Update) Secure Software Design| Questions and Verified Answers| 100% Correct| Grade A Q: Bringing the security team into the development process early is the most ___________ way to enable risk identification, planning, and mitigation Answer: cost-effective Q: The purpose of a __________ is to define what needs to be protected and how it will be protected, including reviewing and incorporating policies from outside the SDL that may impact the development proce Answer: software security policy Q: Which artifact lists software requirements and business risks mapped to the three pillars of information security? Answer: Formal business requirement Q: Which assessment requires an extensive review that will be conducted by your software security architect, a third party, or a combination of both? Answer: Security assessment Q: What is the increasing trend in the software industry to draw on the strengths of various types of software to deliver the highest value at the lowest cost? Answer: Mixed source Q: During this phase, any policy that exists outside the domain of the SDL policy is reviewed and might include policies from outside the development organization that set security and privacy requirements and guidelines to be adhered to when developing software or applications. Answer: Policy compliance analysis Q: Broad input and reviews should have been_________to ensure that the threat models are as comprehensive as possible. Answer: Solicited Q: Which risk describes the feature, product, or service that stores or transfers personally identifiable information (PII), changes settings or file type associations, or installs software? Answer: High Privacy Risk Q: A __________ means that if a system ceases to function, it moves to a state where the security of the system and its data are not compromised. Answer: fail safe policy Q: During phase __________, any policy that exists outside the domain of the SDL policy is reviewed. This may include policies from outside the development organization. Answer: A4 Q: What is considered an advantage of dynamic code analysis? Answer: Automated tools provide flexibility on what to scan for Q: The __________ goal of the security code review process is to improve the overall security of the product and to provide output that can be used by the development team to make changes and mitigations that will achieve improved software product security. Answer: final Q: The basic design of a product may contain flaws, and it should be noted that all coding errors are not actual __________ Answer: vulnerabilities Q: __________ is a white-box security analysis of a software system to simulate the actions of a hacker, with the objective of uncovering potential vulnerabilities resulting from coding errors, system configuration faults, or other operational deployment weaknesses. Answer: Penetration testing