WGU C706 - Secure Software Design Exam
Questions With Correct Answers
CIA |Triad
Confidentiality, |Integrity, |Availability
Confidentiality
Confidentiality |is |the |concept |of |the
measures |used |to |ensure |the |protection |of |the |secrecy |of |data, |objects, |or |resources.
Concepts, |conditions, |and |aspects |of |confidentiality |include |the |following:
Sensitivity
Discretion
Criticality
Concealment
Secrecy
Privacy
Seclusion
Isolation
Integrity
Integrity |is |the |concept |of |protecting |the |reliability |and |correctness |of |data.
,Concepts, |conditions, |and
aspects |of |integrity |include |the |following:
Accuracy
Truthfulness
Validity
Accountability
Responsibility
Completeness
Comprehensiveness
Availability
Availability |means |authorized |subjects |are |granted |timely |and |uninterrupted |access |to
objects.
Concepts, |conditions, |and |aspects |of |availability
include |the |following:
Usability
Accessibility
Timeliness
DAD |Triad
,Disclosure, |Alteration, |and |Destruction. |The |opposite |of |the |CIA |triad.
Authenticity
Authenticity |is |the |security |concept |that |data |is |authentic |or |genuine |and |originates |from |its
alleged |source.
Nonrepudiation
Nonrepudiation |ensures |that |the |subject |of |an |activity |or |who |caused |an |event |cannot
deny |that |the |event |occurred.
AAA |Services
Refers |to |five |elements:
Identification |- |Claiming |an |identity
Authentication |- |Proving |identity
Authorization |- |Defining |allows/denies |for |an |identity
Auditing |- |Recording |log |of |events
Accounting |- |Review |log |files
Defense |in |Depth
Employing |multiple |layers |of |controls |to |avoid |a |single |point-of-failure. |Also |known |as |layering.
, Abstraction
Similar |elements |are |put |into |groups, |classes, |or |roles |that |are |assigned |security |controls, |
restrictions, |or |permissions |as |a |collective.
Data |Hiding
Preventing |data |from |being |discovered |or |accessed |by |a |subject |by |positioning |the |data |in |a |
logical |storage |compartment |that |is |not |accessible |or |seen |by |the |subject.
Security |Through |Obscurity
Relying |upon |the |secrecy |or |complexity |of |an |item |as |its |security, |instead |of |practicing |solid |
security |practices. |Different |from |data |hiding.
Encryption
A |process |of |encoding |messages |to |keep |them |secret, |so |only |"authorized" |parties |can |read |it.
Security |Boundary
The |line |of |intersection |between |any |two |areas, |subnets, |or |environments |that |have |different |
security |requirements |or |needs.
Security |Governance
The |collection |of |practices |related |to |supporting, |evaluating, |defining, |and |directing |the |
security |efforts |of |an |organization.
Questions With Correct Answers
CIA |Triad
Confidentiality, |Integrity, |Availability
Confidentiality
Confidentiality |is |the |concept |of |the
measures |used |to |ensure |the |protection |of |the |secrecy |of |data, |objects, |or |resources.
Concepts, |conditions, |and |aspects |of |confidentiality |include |the |following:
Sensitivity
Discretion
Criticality
Concealment
Secrecy
Privacy
Seclusion
Isolation
Integrity
Integrity |is |the |concept |of |protecting |the |reliability |and |correctness |of |data.
,Concepts, |conditions, |and
aspects |of |integrity |include |the |following:
Accuracy
Truthfulness
Validity
Accountability
Responsibility
Completeness
Comprehensiveness
Availability
Availability |means |authorized |subjects |are |granted |timely |and |uninterrupted |access |to
objects.
Concepts, |conditions, |and |aspects |of |availability
include |the |following:
Usability
Accessibility
Timeliness
DAD |Triad
,Disclosure, |Alteration, |and |Destruction. |The |opposite |of |the |CIA |triad.
Authenticity
Authenticity |is |the |security |concept |that |data |is |authentic |or |genuine |and |originates |from |its
alleged |source.
Nonrepudiation
Nonrepudiation |ensures |that |the |subject |of |an |activity |or |who |caused |an |event |cannot
deny |that |the |event |occurred.
AAA |Services
Refers |to |five |elements:
Identification |- |Claiming |an |identity
Authentication |- |Proving |identity
Authorization |- |Defining |allows/denies |for |an |identity
Auditing |- |Recording |log |of |events
Accounting |- |Review |log |files
Defense |in |Depth
Employing |multiple |layers |of |controls |to |avoid |a |single |point-of-failure. |Also |known |as |layering.
, Abstraction
Similar |elements |are |put |into |groups, |classes, |or |roles |that |are |assigned |security |controls, |
restrictions, |or |permissions |as |a |collective.
Data |Hiding
Preventing |data |from |being |discovered |or |accessed |by |a |subject |by |positioning |the |data |in |a |
logical |storage |compartment |that |is |not |accessible |or |seen |by |the |subject.
Security |Through |Obscurity
Relying |upon |the |secrecy |or |complexity |of |an |item |as |its |security, |instead |of |practicing |solid |
security |practices. |Different |from |data |hiding.
Encryption
A |process |of |encoding |messages |to |keep |them |secret, |so |only |"authorized" |parties |can |read |it.
Security |Boundary
The |line |of |intersection |between |any |two |areas, |subnets, |or |environments |that |have |different |
security |requirements |or |needs.
Security |Governance
The |collection |of |practices |related |to |supporting, |evaluating, |defining, |and |directing |the |
security |efforts |of |an |organization.
