Exam (elaborations)

C706- Secure Software Design exam questions with answers

Rating

Sold

Pages

Grade

A+

Uploaded on

22-10-2025

Written in

2025/2026

C706- Secure Software Design exam questions with answers

Institution

Course

Whoops! We can’t load your doc right now. Try again or contact support.

Report Copyright Violation

Written for

Institution: Western Governors University
Course: C706

All documents for this subject (7)

Document information

Uploaded on: October 22, 2025
Number of pages: 36
Written in: 2025/2026
Type: Exam (elaborations)
Contains: Questions & answers

Subjects

c706 secure software design exam questions with a

Content preview

C706- Secure Software Design exam
|\ |\ |\ |\ |\

questions with answers |\ |\

Functional Requirements - CORRECT ANSWERS ✔✔Describe what
|\ |\ |\ |\ |\ |\ |\

an application must do to serve a business need.
|\ |\ |\ |\ |\ |\ |\ |\

Nonfunctional requirements (NFRs) - CORRECT ANSWERS |\ |\ |\ |\ |\ |\

✔✔Address how well the functional requirements are met; they
|\ |\ |\ |\ |\ |\ |\ |\ |\

constrain the functional requirements to specified operating
|\ |\ |\ |\ |\ |\ |\

ranges.

What percent of current business security vulnerabilities are
|\ |\ |\ |\ |\ |\ |\ |\

found within software applications rather than the network
|\ |\ |\ |\ |\ |\ |\ |\

boundaries? - CORRECT ANSWERS ✔✔70% |\ |\ |\ |\

What is the purpose of secure software development? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔Reduce the risk of insecure code:
|\ |\ |\ |\ |\ |\ |\

What term describes what has to work right? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔Quality |\

What term describes what has to be secure? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔Security |\

What are the two challenges to fix vulnerabilities? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔The cost and most security activities happen post-
|\ |\ |\ |\ |\ |\ |\ |\

release

,What is software security? - CORRECT ANSWERS ✔✔The process
|\ |\ |\ |\ |\ |\ |\ |\ |\

of building & designing secure software
|\ |\ |\ |\ |\

What is application security? - CORRECT ANSWERS ✔✔the
|\ |\ |\ |\ |\ |\ |\ |\

process of protecting the complete & designed secure software
|\ |\ |\ |\ |\ |\ |\ |\

What is the purpose of software security? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

✔✔Building secure software; designing software to be secure;
|\ |\ |\ |\ |\ |\ |\ |\

and educating software developers, architects, and users about
|\ |\ |\ |\ |\ |\ |\ |\

how to build security in.
|\ |\ |\ |\

What is the purpose of application security? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔Protecting software and the systems that software
|\ |\ |\ |\ |\ |\ |\ |\

runs in a post facto, only after development is complete.
|\ |\ |\ |\ |\ |\ |\ |\ |\

What are the three primary goals of the secure software
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

development process? - CORRECT ANSWERS ✔✔Confidentiality, |\ |\ |\ |\ |\ |\

integrity, and availability |\ |\

SDL vs SDLC - CORRECT ANSWERS ✔✔Security Development
|\ |\ |\ |\ |\ |\ |\ |\

Lifecycle: aimed at developing secure software.
|\ |\ |\ |\ |\

Software Development Lifecycle: aimed at developing quality
|\ |\ |\ |\ |\ |\ |\

software.

,What are two goals of the SDL? - CORRECT ANSWERS ✔✔Reduce
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

the number of security vulnerabilities & privacy problems and
|\ |\ |\ |\ |\ |\ |\ |\ |\

reduce the severity of the vulnerabilities that remain.
|\ |\ |\ |\ |\ |\ |\

Secure code does not mean _________ ___________ - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔Quality code |\ |\

What terms describe quality code? - CORRECT ANSWERS ✔✔Ease
|\ |\ |\ |\ |\ |\ |\ |\

of use, reusable, and maintainable
|\ |\ |\ |\ |\

Under 44 U.S.C., Sec. 3442 Information Security is defined as: -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

CORRECT ANSWERS ✔✔The protection of information and
|\ |\ |\ |\ |\ |\ |\

information systems from unauthorized access, use, disclosure,
|\ |\ |\ |\ |\ |\ |\

disruption, modification, or destruction in order to provide
|\ |\ |\ |\ |\ |\ |\ |\

confidentiality, integrity, and availability. |\ |\ |\

Under 44 U.S.C., Sec. 3442 Confidentiality is defined as: -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

CORRECT ANSWERS ✔✔Preserving authorized restrictions on
|\ |\ |\ |\ |\ |\

information access and disclosure, including means for protecting
|\ |\ |\ |\ |\ |\ |\

personal privacy and proprietary information.
|\ |\ |\ |\ |\

Under 44 U.S.C., Sec. 3442 Integrity is defined as: - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔Guarding against improper information modification
|\ |\ |\ |\ |\

or destruction, and includes ensuring information non-
|\ |\ |\ |\ |\ |\ |\

repudiation and authenticity. |\ |\

Under 44 U.S.C., Sec. 3442 Availability is defined as: - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

ANSWERS ✔✔Ensuring timely and reliable access to and use of
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

information.

, What is threat modeling? - CORRECT ANSWERS ✔✔The process of
|\ |\ |\ |\ |\ |\ |\ |\ |\

understanding the potential security threats to the system,
|\ |\ |\ |\ |\ |\ |\ |\ |\

determine risk, and establish appropriate mitigations (What? How
|\ |\ |\ |\ |\ |\ |\

bad is it? How can it be fixed?)
|\ |\ |\ |\ |\ |\ |\ |\

At which point in time is it better to identify and manage security
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

risks? - CORRECT ANSWERS ✔✔The earlier, the better
|\ |\ |\ |\ |\ |\ |\ |\

Define modeling software: - CORRECT ANSWERS ✔✔A way to
|\ |\ |\ |\ |\ |\ |\ |\ |\

envision the interactions of the proposed software within its
|\ |\ |\ |\ |\ |\ |\ |\ |\

intended environment. |\

Define attack surface: - CORRECT ANSWERS ✔✔testing that
|\ |\ |\ |\ |\ |\ |\ |\

should cover the entry points and exit points of an application
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

that may be accessible to an attacker
|\ |\ |\ |\ |\ |\

What increases the attack surface? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\

✔✔Accessibility

What elements of attack surface can be identified with scanning
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

tools? - CORRECT ANSWERS ✔✔Port scanning for open ports and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

Code analysis tools to locate code that receives input and sends
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\

output

What SDL models are available for the development process? -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\

CORRECT ANSWERS ✔✔Trustworthy Computing Security
|\ |\ |\ |\ |\

Development Lifecycle |\

$21.49

Get access to the full document:

100% satisfaction guarantee

Immediately available after payment

Both online and in PDF

No strings attached

Get to know the seller

EXAMSTUDYPLUG

4.5

(230)

Get to know the seller

EXAMSTUDYPLUG Stanford University

View profile

Sold

308

Member since

3 year

Number of followers

107

Documents

18416

Last sold

4 days ago

GRADE BUDDY

Welcome to My Page! Are you looking for high-quality study resources to ace your exams or better understand your coursework? You've come to the right place! I'm passionate about sharing my knowledge and helping students succeed academically. Here, you'll find a wide range of well-organized notes, study guides, and helpful materials across various subjects, including Maths ,nursig, Biology, History, etc.. Each resource is carefully crafted with detailed explanations, clear examples, and relevant key points to help simplify complex concepts. Whether you're preparing for a test, reviewing lectures, or need extra support, my resources are designed to make your learning experience smoother and more effective. Let me be a part of your academic journey, and feel free to reach out if you have any questions or need personalized assistance!

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller EXAMSTUDYPLUG. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $21.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews) 50709 documents were sold in the last 30 days Founded in 2010, the go-to place to buy study notes for 16 years now

C706- Secure Software Design exam questions with answers

Written for

Document information

Subjects

Content preview

Get to know the seller

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Didn't get what you expected? Choose another document

Pay as you like, start learning right away

Frequently asked questions

What do I get when I buy this document?

Satisfaction guarantee: how does it work?

Who am I buying these notes from?

Will I be stuck with a subscription?

Can Stuvia be trusted?