100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Which due diligence activity for supply chain security should occur in the initiation phase of the software acquisition life cycle? A Developing a request for proposal (RFP) that includes supply chain security risk management B Lessening the risk of dis £11.83   Add to cart

Exam (elaborations)

Which due diligence activity for supply chain security should occur in the initiation phase of the software acquisition life cycle? A Developing a request for proposal (RFP) that includes supply chain security risk management B Lessening the risk of dis

 5 views  0 purchase
  • Module
  • Institution

Which due diligence activity for supply chain security should occur in the initiation phase of the software acquisition life cycle? A Developing a request for proposal (RFP) that includes supply chain security risk management B Lessening the risk of disseminating information during disposal ...

[Show more]

Preview 4 out of 40  pages

  • January 1, 2023
  • 40
  • 2022/2023
  • Exam (elaborations)
  • Questions & answers
avatar-seller
WGU Master's
Course C706 Secure
Software Design
Latest 2022
Which two passwords are the weakest?

A. Pa$$w0Rd%^78
B. Love@$MySon80
C. C@1Il@VEm1
D. Password1234 - CORRECT ANSWERS BD

Which two secure methods should be used to keep track of passwords?

A. Encrypt text files of them on the user's workstation
B. Store them on a sticky note in a convenient spot
C. Share them with a trusted manager or coworker
D. Organization-approved password storage software - CORRECT ANSWERS
AD

Which groups typically report to the chief security officer (CSO)?

A. Security engineering and operations
B. Physical and software security
C. Audit and incident response
D. Facilities and information technology functions - CORRECT ANSWERS A

A company is considering which controls to buy to protect an asset.

What should the price of the controls be in relation to the cost of the asset?

A. Less than the annual loss expectancy
B. More than the annual loss expectancy
C. Equal to the cost of the asset
D. More than the cost of the asset - CORRECT ANSWERS A

How many keys are used in asymmetric encryption?

,WGU Master's
Course C706 Secure
Software Design
Latest 2022
A. No keys are used to encrypt and decrypt a message.
B. One key is used to encrypt and decrypt a message.
C. Two keys are used to encrypt and decrypt a message.
D. Three keys are used to encrypt and decrypt a message. - CORRECT ANSWERS
C

Which protocol is a variant of a standard web transfer protocol that adds a layer of
security on the data in transit using a secure socket layer?

A. HTTPS
B. HTTP
C. FTP
D. SFTP - CORRECT ANSWERS A

Which description characterizes symmetric cryptography?

A. The same key is used to lock and unlock the cipher.
B. Two separate but unrelated keys are used to unlock the cipher.
C. Two separate and related keys are used to unlock the cipher.
D. Keys are unnecessary when using symmetric cryptography to unlock a cipher. -
CORRECT ANSWERS A

An employee uses a secure hashing algorithm for message integrity. The employee
sends a plain text message with the embedded hash to a colleague. A rogue device
receives and retransmits the message to its destination. Once received and checked by
the intended recipient, the hashes do not match.

Which STRIDE concept has been violated?

A. Tampering
B. Repudiation

,WGU Master's
Course C706 Secure
Software Design
Latest 2022
C. Elevation of privilege
D. Denial-of-service - CORRECT ANSWERS A

An attacker accesses private emails between the company's CISO and board members.
The attacker then publishes the emails online.

Which type of an attack is this, according to the STRIDE model?

A. Repudiation
B. Information disclosure
C. Elevation of privilege
D. Tampering - CORRECT ANSWERS B

A security guard at the front desk of a building checks every employee's name badge
with their photo before they are allowed in the building.

Which two factors have been checked to verify identity?

A. Something you have, something you are
B. Something you have, something you know
C. Something you know, where you are at
D. Where you are at, something you are - CORRECT ANSWERS A

A system data owner needs to give access to a new employee, so the owner formally
requests that the system administrator create an account and permit the new employee
to use systems necessary to the job.

Which type of control does the system administrator use to grant these permissions?
A. Physical
B. Protocol
C. Access
D. Firewall - CORRECT ANSWERS C

, WGU Master's
Course C706 Secure
Software Design
Latest 2022
The chief information security officer (CISO) for an organization knows that the
organization's datacenter lacks the physical controls needed to adequately control
access to sensitive corporate systems. The CEO, CIO, and CFO feel that the current
physical access is within a tolerable risk level, and they agree not to pay for upgrades to
the facility.

Which risk management strategy has the senior leadership decided to employ?

A. Deterrence
B. Assignment
C. Acceptance
D. Avoidance - CORRECT ANSWERS C

Which phase of the software development life cycle follows system design?

A. System requirements
B. Development
C. Testing
D. Deployment - CORRECT ANSWERS B

Which question relates to the functional aspect of computer security?

A. Does the system do the right things in the right way?
B. Does the security staff do the right job in the right way?
C. Does the system do the right things in the wrong way?
D. Does the security staff do the right job in the wrong way? - CORRECT ANSWERS
A

Which leg of the CIA triad is addressed when a business contracts with a cloud vendor
to backup its information?

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller EWLindy. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for £11.83. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

76799 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy revision notes and other study material for 14 years now

Start selling
£11.83
  • (0)
  Add to cart