Secure Software Design WGU C706 – Questions With
Comprehensive Solutions
Protecting the software and the systems on which it runs after release, after
dev is complete Accurate Answer:- Application security
Three core elements of security Accurate Answer:- Confidentiality,
integrity, and availability (the C.I.A. model
Tools that look for a fixed set of patterns or rules in the code in a manner
similar to virus-checking programs Accurate Answer:- Static analysis
tools
Ensures that the user has the appropriate role and privilege to view data
Accurate Answer:- Authorization
Ensures that the user is who he or she claims to be and that the data come
from the appropriate place Accurate Answer:- Authentication
Question 4 :
What is responsible for preserving authorized restrictions on information
access and disclosure, including means for protecting personal privacy and
proprietary information? Accurate Answer:- Question 4
Confidentiality
Q5:
What is responsible for guarding against improper information modification
or destruction, and includes ensuring information non-repudiation and
authenticity? Accurate Answer:- Q5:
Integrity
Q6:
,Which concept in the software life cycle understands the potential security
threats to the system, determines risk, and establishes appropriate
mitigations? Accurate Answer:- Q6:
Threat modeling
Q7:
The idea behind is simply to understand the potential security threats to the
system, determine risk, and establish appropriate mitigations. When it is
performed correctly, it occurs early in the project life cycle and can be used to
find security design issues before code is committed. Accurate Answer:-
Q7:
threat modeling
_Q8:
____________is about building secure software: designing software to be secure;
making sure that software is secure; and educating software developers,
architects, and users about how to build security in. Accurate Answer:-
Q8:
software security
Q9:
__________, as the name suggests, is really aimed at developing secure software,
not necessarily quality software Accurate Answer:- Q9:
SDL methodology
The most well-known SDL model is the __________, a process that Microsoft has
adopted for the development of software that needs to withstand malicious
attack. This is considered the most mature of the top three models.
Accurate Answer:- Trustworthy Computing Security Development Lifecycle
_________This is a study of real-world software security initiatives organized so
that you can determine where you stand with your software security initiative
, and how to evolve your efforts over time. It is a set of best practices that
Cigital developed by analyzing real-world data from nine leading software
security initiatives and creating a framework based on common areas of
success. There are 12 practices organized into four domains. These practices
are used to organize the 109 BSIMM activities (BSIMM 4 has a total of 111
activities). Accurate Answer:- BSIMM ( short for Building Security In
Maturity Model.)
_______________provides guidance to help organizations embed security within
their processes, including application lifecycle processes, that help to secure
applications running in the environment. It is a risk-based framework to
continuously improve security through process integration and
improvements in managing applications. It takes a process approach by
design. Accurate Answer:- The ISO/IEC 27034 standard
_____________ is a nonprofit organization dedicated to increasing trust in
information and communications technology products and services through
the advancement of effective software assurance methods. SAFECode is a
global, industry-led effort to identify and promote best practices for
developing and delivering more secure and reliable software, hardware, and
services. Accurate Answer:- The Software Assurance Forum for
Excellence in Code (SAFECode)
______________ is dedicated to improving software assurance by developing
methods to enable software tool evaluations, measuring the effectiveness of
tools and techniques, and identifying gaps in tools and methods. Accurate
Answer:- The NIST SAMATE (Software Assurance Metrics and Tool
Evaluation) project
______________is a list of information security vulnerabilities and exposures that
aims to provide common names for publicly-known problems. This makes it
easier to share data across separate vulnerability capabilities with a common
enumeration. Accurate Answer:- The MITRE Corporation Common
Computer Vulnerabilities and Exposures (CVE)
Three primary tools are basic to the SDL, which are categorized as ____________
Accurate Answer:- fuzzing, static, and dynamic analysis tools.
Comprehensive Solutions
Protecting the software and the systems on which it runs after release, after
dev is complete Accurate Answer:- Application security
Three core elements of security Accurate Answer:- Confidentiality,
integrity, and availability (the C.I.A. model
Tools that look for a fixed set of patterns or rules in the code in a manner
similar to virus-checking programs Accurate Answer:- Static analysis
tools
Ensures that the user has the appropriate role and privilege to view data
Accurate Answer:- Authorization
Ensures that the user is who he or she claims to be and that the data come
from the appropriate place Accurate Answer:- Authentication
Question 4 :
What is responsible for preserving authorized restrictions on information
access and disclosure, including means for protecting personal privacy and
proprietary information? Accurate Answer:- Question 4
Confidentiality
Q5:
What is responsible for guarding against improper information modification
or destruction, and includes ensuring information non-repudiation and
authenticity? Accurate Answer:- Q5:
Integrity
Q6:
,Which concept in the software life cycle understands the potential security
threats to the system, determines risk, and establishes appropriate
mitigations? Accurate Answer:- Q6:
Threat modeling
Q7:
The idea behind is simply to understand the potential security threats to the
system, determine risk, and establish appropriate mitigations. When it is
performed correctly, it occurs early in the project life cycle and can be used to
find security design issues before code is committed. Accurate Answer:-
Q7:
threat modeling
_Q8:
____________is about building secure software: designing software to be secure;
making sure that software is secure; and educating software developers,
architects, and users about how to build security in. Accurate Answer:-
Q8:
software security
Q9:
__________, as the name suggests, is really aimed at developing secure software,
not necessarily quality software Accurate Answer:- Q9:
SDL methodology
The most well-known SDL model is the __________, a process that Microsoft has
adopted for the development of software that needs to withstand malicious
attack. This is considered the most mature of the top three models.
Accurate Answer:- Trustworthy Computing Security Development Lifecycle
_________This is a study of real-world software security initiatives organized so
that you can determine where you stand with your software security initiative
, and how to evolve your efforts over time. It is a set of best practices that
Cigital developed by analyzing real-world data from nine leading software
security initiatives and creating a framework based on common areas of
success. There are 12 practices organized into four domains. These practices
are used to organize the 109 BSIMM activities (BSIMM 4 has a total of 111
activities). Accurate Answer:- BSIMM ( short for Building Security In
Maturity Model.)
_______________provides guidance to help organizations embed security within
their processes, including application lifecycle processes, that help to secure
applications running in the environment. It is a risk-based framework to
continuously improve security through process integration and
improvements in managing applications. It takes a process approach by
design. Accurate Answer:- The ISO/IEC 27034 standard
_____________ is a nonprofit organization dedicated to increasing trust in
information and communications technology products and services through
the advancement of effective software assurance methods. SAFECode is a
global, industry-led effort to identify and promote best practices for
developing and delivering more secure and reliable software, hardware, and
services. Accurate Answer:- The Software Assurance Forum for
Excellence in Code (SAFECode)
______________ is dedicated to improving software assurance by developing
methods to enable software tool evaluations, measuring the effectiveness of
tools and techniques, and identifying gaps in tools and methods. Accurate
Answer:- The NIST SAMATE (Software Assurance Metrics and Tool
Evaluation) project
______________is a list of information security vulnerabilities and exposures that
aims to provide common names for publicly-known problems. This makes it
easier to share data across separate vulnerability capabilities with a common
enumeration. Accurate Answer:- The MITRE Corporation Common
Computer Vulnerabilities and Exposures (CVE)
Three primary tools are basic to the SDL, which are categorized as ____________
Accurate Answer:- fuzzing, static, and dynamic analysis tools.
