WGU C706 - SECURE SOFTWARE
DESIGN EXAM QUESTIONS WITH
CORRECT ANSWERS 2025
CISSP study guide (9th edition) Ch. 1 Ch. 13 Ch. 14 Ch. 15 Ch. 20 Ch. 21
CIA Triad
Confidentiality, Integrity, Availability
Confidentiality
Confidentiality is the concept of the
measures used to ensure the protection of the secrecy of data, objects, or resources.
Concepts, conditions, and aspects of confidentiality include the following:
Sensitivity
Discretion
Criticality
Concealment
Secrecy
Privacy
Seclusion
Isolation
Integrity
Integrity is the concept of protecting the reliability and correctness of data.
,Concepts, conditions, and
aspects of integrity include the following:
Accuracy
Truthfulness
Validity
Accountability
Responsibility
Completeness
Comprehensiveness
Availability
Availability means authorized subjects are granted timely and uninterrupted access to
objects.
Concepts, conditions, and aspects of availability
include the following:
Usability
Accessibility
Timeliness
DAD Triad
Disclosure, Alteration, and Destruction. The opposite of the CIA triad.
,Authenticity
Authenticity is the security concept that data is authentic or genuine and originates from its
alleged source.
Nonrepudiation
Nonrepudiation ensures that the subject of an activity or who caused an event cannot
deny that the event occurred.
AAA Services
Refers to five elements:
Identification - Claiming an identity
Authentication - Proving identity
Authorization - Defining allows/denies for an identity
Auditing - Recording log of events
Accounting - Review log files
Defense in Depth
Employing multiple layers of controls to avoid a single point-of-failure. Also known as layering.
Abstraction
Similar elements are put into groups, classes, or roles that are assigned security controls, restrictions, or
permissions as a collective.
Data Hiding
, Preventing data from being discovered or accessed by a subject by positioning the data in a logical
storage compartment that is not accessible or seen by the subject.
Security Through Obscurity
Relying upon the secrecy or complexity of an item as its security, instead of practicing solid security
practices. Different from data hiding.
Encryption
A process of encoding messages to keep them secret, so only "authorized" parties can read it.
Security Boundary
The line of intersection between any two areas, subnets, or environments that have different security
requirements or needs.
Security Governance
The collection of practices related to supporting, evaluating, defining, and directing the security efforts
of an organization.
Third-Party Governance
The system of external entity oversight that may be mandated by law, regulation, industry standards,
contractual obligation, or licensing requirements.
Documentation Review
Process of reading the exchanged materials and verifying them against standards and expectations.
DESIGN EXAM QUESTIONS WITH
CORRECT ANSWERS 2025
CISSP study guide (9th edition) Ch. 1 Ch. 13 Ch. 14 Ch. 15 Ch. 20 Ch. 21
CIA Triad
Confidentiality, Integrity, Availability
Confidentiality
Confidentiality is the concept of the
measures used to ensure the protection of the secrecy of data, objects, or resources.
Concepts, conditions, and aspects of confidentiality include the following:
Sensitivity
Discretion
Criticality
Concealment
Secrecy
Privacy
Seclusion
Isolation
Integrity
Integrity is the concept of protecting the reliability and correctness of data.
,Concepts, conditions, and
aspects of integrity include the following:
Accuracy
Truthfulness
Validity
Accountability
Responsibility
Completeness
Comprehensiveness
Availability
Availability means authorized subjects are granted timely and uninterrupted access to
objects.
Concepts, conditions, and aspects of availability
include the following:
Usability
Accessibility
Timeliness
DAD Triad
Disclosure, Alteration, and Destruction. The opposite of the CIA triad.
,Authenticity
Authenticity is the security concept that data is authentic or genuine and originates from its
alleged source.
Nonrepudiation
Nonrepudiation ensures that the subject of an activity or who caused an event cannot
deny that the event occurred.
AAA Services
Refers to five elements:
Identification - Claiming an identity
Authentication - Proving identity
Authorization - Defining allows/denies for an identity
Auditing - Recording log of events
Accounting - Review log files
Defense in Depth
Employing multiple layers of controls to avoid a single point-of-failure. Also known as layering.
Abstraction
Similar elements are put into groups, classes, or roles that are assigned security controls, restrictions, or
permissions as a collective.
Data Hiding
, Preventing data from being discovered or accessed by a subject by positioning the data in a logical
storage compartment that is not accessible or seen by the subject.
Security Through Obscurity
Relying upon the secrecy or complexity of an item as its security, instead of practicing solid security
practices. Different from data hiding.
Encryption
A process of encoding messages to keep them secret, so only "authorized" parties can read it.
Security Boundary
The line of intersection between any two areas, subnets, or environments that have different security
requirements or needs.
Security Governance
The collection of practices related to supporting, evaluating, defining, and directing the security efforts
of an organization.
Third-Party Governance
The system of external entity oversight that may be mandated by law, regulation, industry standards,
contractual obligation, or licensing requirements.
Documentation Review
Process of reading the exchanged materials and verifying them against standards and expectations.
