WGU C706 SECURE SOFTWARE DESIGN EXAM WITH
VERIFIED QUESTIONS AND ANSWERS GRADED A+
Confidentiality - ✅✅Information is not made available or disclosed to unauthorized
individuals, entities, or processes. Ensures unauthorized persons are not able to read private and
sensitive data. It is achieved through cryptography.
Integrity - ✅✅Ensures unauthorized persons or channels are not able to modify the data. It is
accomplished through the use of a message digest or digital signatures.
Availability - ✅✅The computing systems used to store and process information, the security
controls used to protect information, and the communication channels used to access information
must be functioning correctly. Ensures system remains operational even in the event of a failure
or an attack. It is achieved by providing redundancy or fault tolerance for a failure of a system and
its components.
Ensure Confidentiality - ✅✅Public Key Infrastructure (PKI) and Cryptography/Encryption
Ensure Availability - ✅✅Offsite back-up and Redundancy
Ensure Integrity - ✅✅Hashing, Message Digest (MD5), non repudiation and digitalsignatures
Software Architect - ✅✅Moves analysis to implementation and analyzes the
requirements and use cases as activities to perform as part of the development process;can also
develop class diagrams.
Security Practitioner Roles - ✅✅Release Manager,Architect, Developer, Business
Analyst/Project Manager
,Release Manager - ✅✅Deployment
Architect - ✅✅Design
Developer - ✅✅Coding
Business Analyst/Project Manager - ✅✅Requirements Gathering
Red Team - ✅✅Teams of people familiar with the infrastructure of the company and the
languages of the software being developed. Their mission is to kill the system as the developers
build it.
Static Analysis - ✅✅A method of computer program debugging that is done byexamining the
code without executing the program. The process provides an
understanding of the code structure, and can help to ensure that the code adheres to industry
standards. It's also referred as code review.
MD5 Hash - ✅✅A widely used hash function producing a 128-bit hash value. Initiallydesigned
to be used as a cryptographic hash function, it has been found to suffer from extensive
vulnerabilities. It can still be used as a checksum to verify data integrity, but only against
unintentional corruption.
SHA-256 (Secure Hash Algorithm) - ✅✅One of a number of cryptographic hash functions. A
cryptographic hash is like a signature for a text or a data file. Generates analmost-unique, fixed
size 32-byte (32 X 8) hash. Hash is a one-way function - it cannot be decrypted.
Advanced Encryption Standard (AES) - ✅✅A symmetric encryption algorithm. The algorithm
was developed by two Belgian cryptographers Joan Daemen and Vincent Rijmen. Designed to be
efficient in both hardware and software, and supports a block length of 128 bits and key lengths of
128, 192, and 256 bits.
Name the domain(s) for User Requirements Definition - ✅✅Planning/Organization,
Acquisition/Implementation, Monitoring
, Name the domain(s) for System Requirements Definition -✅✅Planning/Organization,
Acquisition/Implementation, Monitoring
Name the domain(s) for Analysis and Design -✅✅Acquisition/Implementation,
Delivery/Support, Monitoring
Name the domain(s) for System Build/Prototype/Pilot -✅✅Acquisition/Implementation,
Delivery/Support, Monitoring
Name the domain(s) for Implementation and Training - ✅✅Delivery/Support, Monitoring
Name the domain(s) for Sustainment - ✅✅Delivery/Support, Monitoring
Name the SDLC Phases - ✅✅Project Definition, User Requirements Definition, System
Requirements Definition, Analysis and Design, System Build/Prototype/Pilot,
Implementation and Training, Sustainment
Requirements Analysis - ✅✅A phase of the SDLC that defines security functions that an
application should satisfy. The designated employee can also speak with several stakeholders to
determine the expected end state of the application.
Testing Phase - ✅✅Security should be involved in all phases of the SDLC, but exploitation of
vulnerabilities to identify weaknesses should be done in this phase.
Incident Response Plan - ✅✅An organized approach to addressing and
managing the aftermath of a security breach or compromise on a system or software. The goal is
to handle the situation in a way that limits damage and reduces recovery time and costs. This will
take place at the operation phase of the SDLC.
VERIFIED QUESTIONS AND ANSWERS GRADED A+
Confidentiality - ✅✅Information is not made available or disclosed to unauthorized
individuals, entities, or processes. Ensures unauthorized persons are not able to read private and
sensitive data. It is achieved through cryptography.
Integrity - ✅✅Ensures unauthorized persons or channels are not able to modify the data. It is
accomplished through the use of a message digest or digital signatures.
Availability - ✅✅The computing systems used to store and process information, the security
controls used to protect information, and the communication channels used to access information
must be functioning correctly. Ensures system remains operational even in the event of a failure
or an attack. It is achieved by providing redundancy or fault tolerance for a failure of a system and
its components.
Ensure Confidentiality - ✅✅Public Key Infrastructure (PKI) and Cryptography/Encryption
Ensure Availability - ✅✅Offsite back-up and Redundancy
Ensure Integrity - ✅✅Hashing, Message Digest (MD5), non repudiation and digitalsignatures
Software Architect - ✅✅Moves analysis to implementation and analyzes the
requirements and use cases as activities to perform as part of the development process;can also
develop class diagrams.
Security Practitioner Roles - ✅✅Release Manager,Architect, Developer, Business
Analyst/Project Manager
,Release Manager - ✅✅Deployment
Architect - ✅✅Design
Developer - ✅✅Coding
Business Analyst/Project Manager - ✅✅Requirements Gathering
Red Team - ✅✅Teams of people familiar with the infrastructure of the company and the
languages of the software being developed. Their mission is to kill the system as the developers
build it.
Static Analysis - ✅✅A method of computer program debugging that is done byexamining the
code without executing the program. The process provides an
understanding of the code structure, and can help to ensure that the code adheres to industry
standards. It's also referred as code review.
MD5 Hash - ✅✅A widely used hash function producing a 128-bit hash value. Initiallydesigned
to be used as a cryptographic hash function, it has been found to suffer from extensive
vulnerabilities. It can still be used as a checksum to verify data integrity, but only against
unintentional corruption.
SHA-256 (Secure Hash Algorithm) - ✅✅One of a number of cryptographic hash functions. A
cryptographic hash is like a signature for a text or a data file. Generates analmost-unique, fixed
size 32-byte (32 X 8) hash. Hash is a one-way function - it cannot be decrypted.
Advanced Encryption Standard (AES) - ✅✅A symmetric encryption algorithm. The algorithm
was developed by two Belgian cryptographers Joan Daemen and Vincent Rijmen. Designed to be
efficient in both hardware and software, and supports a block length of 128 bits and key lengths of
128, 192, and 256 bits.
Name the domain(s) for User Requirements Definition - ✅✅Planning/Organization,
Acquisition/Implementation, Monitoring
, Name the domain(s) for System Requirements Definition -✅✅Planning/Organization,
Acquisition/Implementation, Monitoring
Name the domain(s) for Analysis and Design -✅✅Acquisition/Implementation,
Delivery/Support, Monitoring
Name the domain(s) for System Build/Prototype/Pilot -✅✅Acquisition/Implementation,
Delivery/Support, Monitoring
Name the domain(s) for Implementation and Training - ✅✅Delivery/Support, Monitoring
Name the domain(s) for Sustainment - ✅✅Delivery/Support, Monitoring
Name the SDLC Phases - ✅✅Project Definition, User Requirements Definition, System
Requirements Definition, Analysis and Design, System Build/Prototype/Pilot,
Implementation and Training, Sustainment
Requirements Analysis - ✅✅A phase of the SDLC that defines security functions that an
application should satisfy. The designated employee can also speak with several stakeholders to
determine the expected end state of the application.
Testing Phase - ✅✅Security should be involved in all phases of the SDLC, but exploitation of
vulnerabilities to identify weaknesses should be done in this phase.
Incident Response Plan - ✅✅An organized approach to addressing and
managing the aftermath of a security breach or compromise on a system or software. The goal is
to handle the situation in a way that limits damage and reduces recovery time and costs. This will
take place at the operation phase of the SDLC.
