WGU D487: Secure Software Design Study Guide with complete solutions | Latest 2024/2025

WGU D487: Secure Software Design __., __., __., __., __.,




Study Guide with complete solutions. __., __., __., __., __.,




Software Security Champions __., Software engineers/designers who are
__., __.,__., __., __., __., __., __.,


capable of thinking like an attacker, stepping stone to an architect role.
__., __., __., __., __., __., __., __., __., __., __.,




Who sets the Base Score
__., __., __., __., __.,__., __., The Vendor. Really doesn't change over
__., __., __., __., __., __.


time.
,




Who sets the Temporal score
__., __., __., __., __.,__., __., The vendor. Is reevaluated over time.
__., __., __., __., __.,




Who sets the Environmental score?
__., __., __., __., __.,__., __., End user orgs compute this
__., __., __., __., __.


score.
,




When might Waterfall Development be used?
__., __., __., __., __., __.,__., __., When requirements are __., __.,


fully understood and not complex.
__., __., __., __., __.,




What kinds of teams are used in Agile development
__., __., __., Cross functional __., __., __., __., __., __.,__., __., __., _


teams that are responsible all functions in each iteration
_., __., __., __., __., __., __., __., __.,




What is the goal of Scrum?
__., __., __., __., __., __.,__., __., Maximize the ability to deliver quickly
__., __., __., __., __., __.,


and respond to emerging needs.
__., __., __., __.,




Lean development
__., You select, plan, develop, test, and deploy one__.,__., __., __., __., __., __., __., __., __., __.,


feature before moving on the the next.
__., __., __., __., __., __.,

,What is the discovery meeting?
__., __., __., __., __.,__., __., SDL kickoff meeting
__., __.,




SDL Goals
__., __.,__., Reduce the number of vulnerability and Privacy issues
__., __., __., __., __., __., __., __.,




Reduce the severity of the remaining vulnerabilities
__., __., __., __., __., __.,




Three main goals of secure software development
__., __., __., __., __., __., __.,__., Quality
__.,




Security


Maintainability


What are the three threat intention categories?
__., __., __., __., __., __., __.,__., unintentional
__.,




Intentional but non-malicious __., __.,




malicious


What are the primary issues in modeling
__., __., __., __., __., __., __.,__., Doing it well
__., __., __.,




Doing it thoroughly enough
__., __., __.,




Doing Knowing what to do with the results
__., __., __., __., __., __., __.,

, 12 categories of BSIMM
__., __., __., __.,__., __., Strategy and Metrics __., __.,




Compliance and Policy __., __.,




Training
Attack Models __.,




Security Features and Design __., __., __.,




Standards and Requirements __., __.,




Architecture Analysis __.,




Code Review __.,




Security Testing __.,




Penetration Testing __.,




Software Environment __.,




Configuration and Vulnerability Management __., __., __.,




ISO 27001 __., Specifies a management system intended to bring informa
__.,__., __., __., __., __., __., __., __., __.,


tion security under formal management control.
__., __., __., __., __.,




ISO 27034 __., Guidance to help organizations embed security within thei
__.,__., __., __., __., __., __., __., __., __.,


r processes that help secure applications running in the environment.
__., __., __., __., __., __., __., __., __.,




SAFECode Global industry led effort to identify and promote best pra
__.,__., __., __., __., __., __., __., __., __., __., __.,


ctices for software, hardware and services.
__., __., __., __., __.,




DHS Software Assurance Program
__., Created the Build Security In websi
__., __., __.,__., __., __., __., __., __., __.,


te (BSI) to push security in the SDLC
__., __., __., __., __., __., __.,