WGU Master's Course C706 - Secure
|\ |\ |\ |\ |\ |\
Software Design exam questions with |\ |\ |\ |\ |\
answers
Which due diligence activity for supply chain security should
|\ |\ |\ |\ |\ |\ |\ |\ |\
occur in the initiation phase of the software acquisition life cycle?
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
A Developing a request for proposal (RFP) that includes supply
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
chain security risk management
|\ |\ |\
B Lessening the risk of disseminating information during disposal
|\ |\ |\ |\ |\ |\ |\ |\
C Facilitating knowledge transfer between suppliers
|\ |\ |\ |\ |\
D Mitigating supply chain security risk by providing user guidance
|\ |\ |\ |\ |\ |\ |\ |\ |\
- CORRECT ANSWERS ✔✔A
|\ |\ |\ |\
Which due diligence activity for supply chain security
|\ |\ |\ |\ |\ |\ |\ |\
investigates the means by which data sets are shared and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
assessed?
A on-site assessment
|\ |\
B process policy review
|\ |\ |\
C third-party assessment
|\ |\
D document exchange and review - CORRECT ANSWERS ✔✔D
|\ |\ |\ |\ |\ |\ |\ |\
Consider these characteristics:
|\ |\
,-Identification of the entity making the access request
|\ |\ |\ |\ |\ |\ |\
-Verification that the request has not changed since its initiation
|\ |\ |\ |\ |\ |\ |\ |\ |\
-Application of the appropriate authorization procedures
|\ |\ |\ |\ |\
-Reexamination of previously authorized requests by the same |\ |\ |\ |\ |\ |\ |\ |\
entity
Which security design analysis is being described?
|\ |\ |\ |\ |\ |\
A Open design
|\ |\
B Complete mediation
|\ |\
C Economy of mechanism
|\ |\ |\
D Least common mechanism - CORRECT ANSWERS ✔✔B
|\ |\ |\ |\ |\ |\ |\
Which software security principle guards against the improper
|\ |\ |\ |\ |\ |\ |\ |\
modification or destruction of information and ensures the
|\ |\ |\ |\ |\ |\ |\ |\
nonrepudiation and authenticity of information? |\ |\ |\ |\
A Quality
|\
B Integrity
|\
C Availability
|\
D Confidentiality - CORRECT ANSWERS ✔✔B
|\ |\ |\ |\ |\
What type of functional security requirement involves receiving,
|\ |\ |\ |\ |\ |\ |\ |\
processing, storing, transmitting, and delivering in report form?
|\ |\ |\ |\ |\ |\ |\
,A Logging
|\
B Error handling
|\ |\
C Primary dataflow
|\ |\
D Access control flow - CORRECT ANSWERS ✔✔C
|\ |\ |\ |\ |\ |\ |\
Which nonfunctional security requirement provides a way to
|\ |\ |\ |\ |\ |\ |\ |\
capture information correctly and a way to store that information
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to help support later audits?
|\ |\ |\ |\
A Logging
|\
B Error handling
|\ |\
C Primary dataflow
|\ |\
D Access control flow - CORRECT ANSWERS ✔✔A
|\ |\ |\ |\ |\ |\ |\
Which security concept refers to the quality of information that
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
could cause harm or damage if disclosed?
|\ |\ |\ |\ |\ |\
A Isolation
|\
B Discretion
|\
C Seclusion
|\
D Sensitivity - CORRECT ANSWERS ✔✔D
|\ |\ |\ |\ |\
Which technology would be an example of an injection flaw,
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
according to the OWASP Top 10? |\ |\ |\ |\ |\
, A SQL
|\
B API
|\
C XML
|\
D XSS - CORRECT ANSWERS ✔✔A
|\ |\ |\ |\ |\
A company is creating a new software to track customer balance
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
and wants to design a secure application.
|\ |\ |\ |\ |\ |\
Which best practice should be applied?
|\ |\ |\ |\ |\
A Develop a secure authentication method that has a closed
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
design
B Allow mediation bypass or suspension for software testing and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
emergency planning |\
C Ensure there is physical acceptability to ensure software is
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
intuitive for the users to do their jobs
|\ |\ |\ |\ |\ |\ |\
D Create multiple layers of protection so that a subsequent layer
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
provides protection if a layer is breached - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔D
A company is developing a secure software that has to be
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
evaluated and tested by a large number of experts.
|\ |\ |\ |\ |\ |\ |\ |\
Which security principle should be applied?
|\ |\ |\ |\ |\
A Fail safe
|\ |\
|\ |\ |\ |\ |\ |\
Software Design exam questions with |\ |\ |\ |\ |\
answers
Which due diligence activity for supply chain security should
|\ |\ |\ |\ |\ |\ |\ |\ |\
occur in the initiation phase of the software acquisition life cycle?
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
A Developing a request for proposal (RFP) that includes supply
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
chain security risk management
|\ |\ |\
B Lessening the risk of disseminating information during disposal
|\ |\ |\ |\ |\ |\ |\ |\
C Facilitating knowledge transfer between suppliers
|\ |\ |\ |\ |\
D Mitigating supply chain security risk by providing user guidance
|\ |\ |\ |\ |\ |\ |\ |\ |\
- CORRECT ANSWERS ✔✔A
|\ |\ |\ |\
Which due diligence activity for supply chain security
|\ |\ |\ |\ |\ |\ |\ |\
investigates the means by which data sets are shared and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
assessed?
A on-site assessment
|\ |\
B process policy review
|\ |\ |\
C third-party assessment
|\ |\
D document exchange and review - CORRECT ANSWERS ✔✔D
|\ |\ |\ |\ |\ |\ |\ |\
Consider these characteristics:
|\ |\
,-Identification of the entity making the access request
|\ |\ |\ |\ |\ |\ |\
-Verification that the request has not changed since its initiation
|\ |\ |\ |\ |\ |\ |\ |\ |\
-Application of the appropriate authorization procedures
|\ |\ |\ |\ |\
-Reexamination of previously authorized requests by the same |\ |\ |\ |\ |\ |\ |\ |\
entity
Which security design analysis is being described?
|\ |\ |\ |\ |\ |\
A Open design
|\ |\
B Complete mediation
|\ |\
C Economy of mechanism
|\ |\ |\
D Least common mechanism - CORRECT ANSWERS ✔✔B
|\ |\ |\ |\ |\ |\ |\
Which software security principle guards against the improper
|\ |\ |\ |\ |\ |\ |\ |\
modification or destruction of information and ensures the
|\ |\ |\ |\ |\ |\ |\ |\
nonrepudiation and authenticity of information? |\ |\ |\ |\
A Quality
|\
B Integrity
|\
C Availability
|\
D Confidentiality - CORRECT ANSWERS ✔✔B
|\ |\ |\ |\ |\
What type of functional security requirement involves receiving,
|\ |\ |\ |\ |\ |\ |\ |\
processing, storing, transmitting, and delivering in report form?
|\ |\ |\ |\ |\ |\ |\
,A Logging
|\
B Error handling
|\ |\
C Primary dataflow
|\ |\
D Access control flow - CORRECT ANSWERS ✔✔C
|\ |\ |\ |\ |\ |\ |\
Which nonfunctional security requirement provides a way to
|\ |\ |\ |\ |\ |\ |\ |\
capture information correctly and a way to store that information
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to help support later audits?
|\ |\ |\ |\
A Logging
|\
B Error handling
|\ |\
C Primary dataflow
|\ |\
D Access control flow - CORRECT ANSWERS ✔✔A
|\ |\ |\ |\ |\ |\ |\
Which security concept refers to the quality of information that
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
could cause harm or damage if disclosed?
|\ |\ |\ |\ |\ |\
A Isolation
|\
B Discretion
|\
C Seclusion
|\
D Sensitivity - CORRECT ANSWERS ✔✔D
|\ |\ |\ |\ |\
Which technology would be an example of an injection flaw,
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
according to the OWASP Top 10? |\ |\ |\ |\ |\
, A SQL
|\
B API
|\
C XML
|\
D XSS - CORRECT ANSWERS ✔✔A
|\ |\ |\ |\ |\
A company is creating a new software to track customer balance
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
and wants to design a secure application.
|\ |\ |\ |\ |\ |\
Which best practice should be applied?
|\ |\ |\ |\ |\
A Develop a secure authentication method that has a closed
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
design
B Allow mediation bypass or suspension for software testing and
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
emergency planning |\
C Ensure there is physical acceptability to ensure software is
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
intuitive for the users to do their jobs
|\ |\ |\ |\ |\ |\ |\
D Create multiple layers of protection so that a subsequent layer
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
provides protection if a layer is breached - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔D
A company is developing a secure software that has to be
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
evaluated and tested by a large number of experts.
|\ |\ |\ |\ |\ |\ |\ |\
Which security principle should be applied?
|\ |\ |\ |\ |\
A Fail safe
|\ |\
