WGU C706 Study Guide Secure Software Design Study Guide 2026 Questions Complete With Correct Answers

WGU C706 Study Guide Secure Software Design Study Guide 2026 Questions Complete With Correct Answers Supply Chain Security Risks for Software Acquisition Lifecycle: Initiation Phase -Perform an initial software supply chain security risk assessment and establish required security properties. -Include supply chain security risk management as part of the RFP. -Develop plans for monitoring suppliers. -Select Suppliers that address supply chain security risk. Supply Chain Security Risks for Software Acquisition Lifecycle: Development Phase -Monitor practices for supply chain security risk management. -Maintain awareness of suppliers sub tier relationships. Supply Chain Security Risks for Software Acquisition Lifecycle: Configuration/Deployment Phase -Assess delivered products/systems. -Configure/integrate with consideration of supply chain security risks. -Develop user guidance to help mitigate supply chain security risk. Supply Chain Security Risks for Software Acquisition Lifecycle: Operations/Maintenance Phase -Manage security incidents. -Review operational readiness. -Monitor component/supplier. Supply Chain Security Risks for Software Acquisition Lifecycle: Disposal Phase -Mitigate risks of information disclosure during disposal. Complete Mediation · Identification of the entity making the access request · Verification that the request has not changed since its initiation. · Application of the appropriate authorization procedures · Reexamination of previously authorized requests by the same entity · Requires that all access to objects be checked to ensure they are allowed. Whenever a subject attempts to read an object, the operating system should mediate the action. First, it determines if the subject can read the object. If so, it provides the resources for the read to occur. Economy of Mechanism The principle of economy of mechanism states that security mechanisms should be as simple as possible. If a design and implementation are simple, fewer possibilities exist for errors. The checking and testing process is less complex because fewer components and cases need to be tested. Open Design Says that your system security shouldn't rely on the secrecy of your implementation. This is a particularly important principle for security concepts like cryptographic implementations. Well-designed cryptography implementations are published publicly. Least Common Mechanism States that mechanisms used to access resources should not be shared. Sharing resources provides a channel along which information can be transmitted, and so such sharing should be minimized. Ex. We don't reuse our passwords from service accounts and other subjects. Fail-Safe Defaults Design Principle (failing securely for software) Pertains to allowing access to resources based on granted access over access exclusion. This principle is a methodology for allowing resources to be accessed only if explicit access is granted to a user. By default, users do not have access to any resources until access has been granted. This approach prevents unauthorized users from gaining access to resource until access is given. Economy of Mechanism Design Principle Requires that systems should be designed as simple and small as possible. Design and implementation errors result in unauthorized access to resources that would not be noticed during normal use. Complete Mediation Design Principle States that every access to every resource must be validated for authorization. Open Design Design Principle A concept that the security of a system and its algorithms should not be dependent on secrecy of its design or implementation. Separation Privilege Design Principle Requires that all resource approved resource access attempts be granted based on more than a single condition. For example, a user should be validated for active status and has access to the specific resource. Least Common Mechanism Design Principle Declares that mechanisms used to access resources should not be shared. Psychological Acceptability Design Principle Refers to security mechanisms not make resources more difficult to access than if the security mechanisms were not present. Defense in Depth Design Principle A concept of layering resource access authorization verification in a system reduces the chance of a successful attack. This layered approach to resource authorization requires unauthorized users to circumvent each authorization attempt to gain access to a resource. Non-Functional Requirement Describe how the system works. • Logging • Error Handling • CIA + Authorization Functional Requirement Describe what the system should do.