WGU C706 Secure Software Design Study Guide Questions and Answers (2022/2023) (Verified Answers)
43 views 1 purchase
Course
WGU C706 Secure Software
Institution
Western Governors University
WGU C706 Secure Software Design Study Guide Questions and Answers (2022/2023) (Verified Answers)
Confidentiality
Information is not made available or disclosed to unauthorized individuals, entities, or processes. Ensures unauthorized persons are not able to read private and sensitive data. It i...
wgu c706 secure software design study guide questions and answers 20222023 verified answers confidentiality information is not made available or disclosed to unauthorized individuals
Written for
Western Governors University
WGU C706 Secure Software
All documents for this subject (11)
Seller
Follow
ACADEMICAIDSTORE
Reviews received
Content preview
WGU C706 Secure Software Design Study Guide
Questions and Answers (2022/2023) (Verified Answers)
Confidentiality
Information is not made available or disclosed to unauthorized individuals, entities, or
processes. Ensures unauthorized persons are not able to read private and sensitive
data. It is achieved through cryptography.
Integrity
Ensures unauthorized persons or channels are not able to modify the data. It is
accomplished through the use of a message digest or digital signatures.
Availability
The computing systems used to store and process information, the security controls
used to protect information, and the communication channels used to access
information must be functioning correctly. Ensures system remains operational even in
the event of a failure or an attack. It is achieved by providing redundancy or fault
tolerance for a failure of a system and its components.
Ensure Confidentiality
Public Key Infrastructure (PKI) and Cryptography/Encryption
Ensure Availability
Offsite back-up and Redundancy
Ensure Integrity
Hashing, Message Digest (MD5), non repudiation and digital signatures
Software Architect
Moves analysis to implementation and analyzes the requirements and use cases as
activities to perform as part of the development process; can also develop class
diagrams.
Security Practitioner Roles
Release Manager,
Architect, Developer, Business Analyst/Project Manager
Release Manager
Deployment
Architect
Design
Developer
Coding
Business Analyst/Project Manager
Requirements Gathering
Red Team
Teams of people familiar with the infrastructure of the company and the languages of
the software being developed. Their mission is to kill the system as the developers build
it.
Static Analysis
A method of computer program debugging that is done by examining the code without
executing the program. The process provides an understanding of the code structure,
, and can help to ensure that the code adheres to industry standards. It's also referred as
code review.
MD5 Hash
A widely used hash function producing a 128-bit hash value. Initially designed to be
used as a cryptographic hash function, it has been found to suffer from extensive
vulnerabilities. It can still be used as a checksum to verify data integrity, but only against
unintentional corruption.
SHA-256 (Secure Hash Algorithm)
One of a number of cryptographic hash functions. A cryptographic hash is like a
signature for a text or a data file. Generates an almost-unique, fixed size 32-byte
(32 X 8) hash. Hash is a one-way function - it cannot be decrypted.
Advanced Encryption Standard (AES)
A symmetric encryption algorithm. The algorithm was developed by two Belgian
cryptographers Joan Daemen and Vincent Rijmen. Designed to be efficient in both
hardware and software, and supports a block length of 128 bits and key lengths of 128,
192, and 256 bits.
Algorithms used to verify integrity
MD5 Hash, SHA-256
Algorithm used to verify confidentiality
Advanced Encryption Standard (AES)
Stochastic
unintentional or accidental
safety-relevant faults
stochastic (i.e., unintentional or accidental)
security-relevant faults
"Sponsored," i.e., intentionally created and activated through conscious and intentional
human agency.
Fuzz Testing
Used to see if the system has solid exception handling to the input it receives. Is the use
of malformed or random input into a system in order to intentionally produce failure. This
is a very easy process of feeding garbage to the system when it expects a formatted
input, and it is always a good idea to feed as much garbage as possible to an input field.
Three (3) Tier
Removes the business logic from the client end of the system. It generally places the
business logic on a separate server from the client. The data access portion of the
system resides separately from both the client and the business logic platform.
T-MAP
Defines a set of threat-relevant attributes for each layer or node. These can be
classified as probability-relevant, size-of-loss relevant, or descriptive. These are
primarily derived from Common Vulnerability Scoring System (CVSS). USC's Threat
Modeling based on Attacking Path analysis is a risk management approach that
quantifies total severity weights of relevant attacking paths for COTS-based systems. Its
strengths lie in its ability to maintain sensitivity to an organization's business value
priorities and IT environment, to prioritize and estimate security investment
effectiveness and evaluate performance, and to communicate executive-friendly
vulnerability details as threat profiles to help evaluate cost efficiency.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ACADEMICAIDSTORE. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.00. You're not tied to anything after your purchase.