WGU Master's Course C706 Secure Software Design Questions and Answers (2022/2023) (Verified Answers)
What is Extreme Programming (XP) method of the Agile SDLC Model?
Small teams working in the same room to encourage communication, only required documentation created.
What is Crystal Clear for?...
wgu masters course c706 secure software design questions and answers 20222023 verified answers what is extreme programming xp method of the agile sdlc model small teams working in the sam
Written for
Western Governors University
WGU Master's Course C706
All documents for this subject (2)
Seller
Follow
ACADEMICAIDSTORE
Reviews received
Content preview
WGU Master's Course C706 Secure Software Design
Questions and Answers (2022/2023) (Verified Answers)
What is Extreme Programming (XP) method of the Agile SDLC Model?
Small teams working in the same room to encourage communication, only required
documentation created.
What is Crystal Clear for?
For noncritical projects using discretionary money, requiring up to six or eight people.
One team same room. Max release 2 months.
What is Crystal Orange for?
Adequate for critical, but not life-critical, projects requiring up to 40 people. Different
teams. From 2 to 4 months, two user viewings per release.
How does a SQL Injection attack work?
takes advantage of a vulnerability that appears when a web application fails to properly
filter or validate data a user enters on a web page to order a product or communicate
with a company. An attacker can send a malformed SQL query to the underlying
database to break into it, plant malicious code or access other systems.
Agility & Discipline of XP Method?
Agility - High, Discipline required - High
Agility & Discipline of Crystal Clear Method?
Agility - High, Discipline required - Low
Agility & Discipline of Crystal Orange Method?
Agility - Medium, Discipline required - Medium
Agility & Discipline of Scrum Method?
Agility - High, Discipline required - High
Agility & Discipline of RUP Method?
Agility - Low to Medium, Discipline required - High
What are four Scrum events?
1. Sprint planning meeting.
2. Daily Scrum
3. Sprint review
4. Sprint retrospective
What are the four Scrum artifacts?
1. Product backlog
2. Sprint backlog
3. Increment
4. Burndown chart
What are the three Scrum roles?
1. Product owner - represents customer
2. Development team
3. Scrum master - Coaches team, not project manager
What are the three pillar concepts of Scrum?
1. Transparency - product visible
2. Inspection - of artifact or progress
3. Adaptation - Make corrections when required
, What security practitioner role handles deployment?
Release Manager
What security practitioner role handles design?
Architect
What security practitioner role handles coding?
Developer
What security practitioner role handles requirements gathering?
Business Analyst/Project Manager
This team is familiar with company infrastructure and software languages and
tries to kill system as developers build it.
Red Team
This is a method of program debugging by examining the code but not executing
the program. Also called code review.
Static analysis
Initially designed as a crypto hash but has extensive vulnerabilities, this hash is
used as a checksum to verify data integrity.
MD5 Hash
One way cryptographic hash that generates fixed 256-bit hash.
SHA-256
Symmetric encryption algorithm that supports 128 bit block and 128/192/256 bit
key lengths. Efficient in both hardware and software.
AES
This architecture model removes business logic from client end of system and
places on separate server.
Three (3) Tier
Testing used to see if system has solid exception handling to input received.
Malformed or random input is put into a system to intentionally produce failure.
Fuzz Testing
USC Threat Modeling based on Attacking Path analysis. Risk management
approach that quantifies total severity weights of relevant attacking paths for
COTS-based systems.
T-MAP (Threat Modeling Attacking Path)
Open source conceptual framework, methodology, and toolset designed to
autogenerate repeatable threat models.
Trike
This free tool assists in creation of threat models built on Microsoft Visio.
SDL Threat Modeling Tool
The overall goal of ______ _______ is to determine most likely locations within
the system in development where an attacker will strike.
Vulnerability Mapping
Vulnerability mapping is done on the _______ phase of the SDLC.
Design
Highest vulnerability mapping level. Very likely target and highest security
priority for the system.
V3
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ACADEMICAIDSTORE. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.99. You're not tied to anything after your purchase.
