Package deal
WGU C706 COMPLETE COMPILATION BUNDLE ALREAY GRADED A 2023/24 UPDATED
WGU C706 COMPLETE COMPILATION BUNDLE ALREAY GRADED A 2023/24 UPDATED
[Show more]WGU C706 COMPLETE COMPILATION BUNDLE ALREAY GRADED A 2023/24 UPDATED
[Show more]access control 
The restriction of persons or programs that may access specific information. There are two default policies for this: allow by exception or deny by exception. 
 
 
 
Access Control List (ACL) 
The list of persons or programs that are allowed (or, in the case of blacklisting, not allo...
Preview 3 out of 29 pages
Add to cartaccess control 
The restriction of persons or programs that may access specific information. There are two default policies for this: allow by exception or deny by exception. 
 
 
 
Access Control List (ACL) 
The list of persons or programs that are allowed (or, in the case of blacklisting, not allo...
Which statement is true of a software development life cycle? 
 
A 
Workload testing should be performed while designing the functional requirements. 
B 
Parallel testing verifies whether more than one system is available for redundancy. 
C 
A software programmer should be the only person to develop...
Preview 2 out of 11 pages
Add to cartWhich statement is true of a software development life cycle? 
 
A 
Workload testing should be performed while designing the functional requirements. 
B 
Parallel testing verifies whether more than one system is available for redundancy. 
C 
A software programmer should be the only person to develop...
Open Design Security Principle 
security of a mechanism should not depend on the secrecy of its design or implementation 
 
 
 
Strategic attacks 
user general targeting against a broad industry. highly repeatable and 
 
 
 
Tactical attacks 
surgical by nature, have highly specific targeting, and a...
Preview 2 out of 8 pages
Add to cartOpen Design Security Principle 
security of a mechanism should not depend on the secrecy of its design or implementation 
 
 
 
Strategic attacks 
user general targeting against a broad industry. highly repeatable and 
 
 
 
Tactical attacks 
surgical by nature, have highly specific targeting, and a...
Which due diligence activity for supply chain security should occur in the initiation phase of the software acquisition life cycle? 
-Facilitating knowledge transfer between suppliers 
-Lessening the risk of disseminating information during disposal 
-Mitigating supply chain security risk by providi...
Preview 3 out of 20 pages
Add to cartWhich due diligence activity for supply chain security should occur in the initiation phase of the software acquisition life cycle? 
-Facilitating knowledge transfer between suppliers 
-Lessening the risk of disseminating information during disposal 
-Mitigating supply chain security risk by providi...
ISO/IEC 27034-1:2011 
A standard for application security which offers a concise, internationally recognized way to get transparency into a vendor/supplier's software security management process 
 
ISO/IEC 27034 standard provides guidance to help organizations embed security within their processes ...
Preview 2 out of 13 pages
Add to cartISO/IEC 27034-1:2011 
A standard for application security which offers a concise, internationally recognized way to get transparency into a vendor/supplier's software security management process 
 
ISO/IEC 27034 standard provides guidance to help organizations embed security within their processes ...
Confidentiality 
In information security, confidentiality "is the property, that information is not made available or 
disclosed to unauthorized individuals, entities, or processes" 
 
 
 
Integrity 
In information security, data integrity means maintaining and assuring the accuracy and completene...
Preview 3 out of 17 pages
Add to cartConfidentiality 
In information security, confidentiality "is the property, that information is not made available or 
disclosed to unauthorized individuals, entities, or processes" 
 
 
 
Integrity 
In information security, data integrity means maintaining and assuring the accuracy and completene...
Protecting the software and the systems on which it runs after release, after dev is complete 
Application security 
 
 
 
Three core elements of security 
Confidentiality, integrity, and availability (the C.I.A. model 
 
 
 
Tools that look for a fixed set of patterns or rules in the code in a mann...
Preview 3 out of 24 pages
Add to cartProtecting the software and the systems on which it runs after release, after dev is complete 
Application security 
 
 
 
Three core elements of security 
Confidentiality, integrity, and availability (the C.I.A. model 
 
 
 
Tools that look for a fixed set of patterns or rules in the code in a mann...
Complete Mediation 
Every request by a subject to access an object in a computer system must undergo a valid and effective authorization procedure 
Entails: (a) identification of the entity making the access request; (b) verification that the request has not changed since its initiation; (c) applica...
Preview 3 out of 17 pages
Add to cartComplete Mediation 
Every request by a subject to access an object in a computer system must undergo a valid and effective authorization procedure 
Entails: (a) identification of the entity making the access request; (b) verification that the request has not changed since its initiation; (c) applica...
Which one of the following types of attacks relies on the difference between the timing of two events? 
TOCTOU 
 
 
 
What technique may be used to limit the effectiveness of rainbow table attacks? 
Salting 
 
 
 
What character should always be treated carefully when encountered as user input on a ...
Preview 1 out of 3 pages
Add to cartWhich one of the following types of attacks relies on the difference between the timing of two events? 
TOCTOU 
 
 
 
What technique may be used to limit the effectiveness of rainbow table attacks? 
Salting 
 
 
 
What character should always be treated carefully when encountered as user input on a ...
Prioritize security over other requirements. 
Which one of the following is not a principle of Agile development? 
 
 
 
Foreign key 
Which one of the following key types is used to enforce referential integrity between database tables? 
 
 
 
Gantt 
What type of chart provides a graphical illustrat...
Preview 1 out of 3 pages
Add to cartPrioritize security over other requirements. 
Which one of the following is not a principle of Agile development? 
 
 
 
Foreign key 
Which one of the following key types is used to enforce referential integrity between database tables? 
 
 
 
Gantt 
What type of chart provides a graphical illustrat...
What is the Secure Development Lifecycle? 
Secure Development Lifecycle. The SDL is the sum of tools, people, models, methodologies, blueprints, metrics that help make systems/software secure. It is focused on baking security into the software/system. 
 
 
What is the TCSDL 
The trustworthy Computin...
Preview 1 out of 3 pages
Add to cartWhat is the Secure Development Lifecycle? 
Secure Development Lifecycle. The SDL is the sum of tools, people, models, methodologies, blueprints, metrics that help make systems/software secure. It is focused on baking security into the software/system. 
 
 
What is the TCSDL 
The trustworthy Computin...
Define maintenance 
updating software systems to improve or correct them 
 
 
 
Define incident response plan 
the documented steps to follow when system attack or failure occurs 
 
 
 
What 8 elements should an incident response plan document? 
- monitoring duties for production software 
- a defin...
Preview 1 out of 2 pages
Add to cartDefine maintenance 
updating software systems to improve or correct them 
 
 
 
Define incident response plan 
the documented steps to follow when system attack or failure occurs 
 
 
 
What 8 elements should an incident response plan document? 
- monitoring duties for production software 
- a defin...
Design & Development (A3) Stage 
A3 Policy compliance analysis 
Security test plan composition 
Static Analysis 
Threat model updating 
Design security analysis and review 
Privacy implementation assessment 
 
 
 
During this phase, any policy that exists outside the domain of the SDL policy is revi...
Preview 3 out of 17 pages
Add to cartDesign & Development (A3) Stage 
A3 Policy compliance analysis 
Security test plan composition 
Static Analysis 
Threat model updating 
Design security analysis and review 
Privacy implementation assessment 
 
 
 
During this phase, any policy that exists outside the domain of the SDL policy is revi...
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Stuvia is a marketplace, so you are not buying this document from us, but from seller FREEMANSHARP. Stuvia facilitates payment to the seller.
No, you only buy these notes for CA$55.20. You're not tied to anything after your purchase.
4.6 stars on Google & Trustpilot (+1000 reviews)
81531 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now