WGU - C706 EXAM/156
QUESTIONS AND ANSWERS/100%
ACCURATE
SDL - -Security Development Lifecycle
-SDLC - -Software Development Life Cycle
-Software Security - -Building security into the software through a SDL in an
SDLC
-Application Security - -Protecting the software and the systems on which it
runs after release
-the C.I.A model - -The core elements of security
-PITAC - -President's Information Technology Advisory Committee
-Quality and Security - -In terms of coding defects, the product not only has
to work right, it also has to be secure
-Trustworthy Computing(TwC) - -The team which formed the concept that
let to Microsoft Security Development Lifecycle
-Static Analysis Tools - -Tools that look for a fixed pattern or rules in the
code in a manner similar to virus checking programs
-Authorization - -Ensures that the user has the appropriate role and
privilege
-Authentication - -Ensures that the user is who he or she claims to be and
that data come from the appropriate place
-Threat Modeling - -To understand the potential security threats to the
system, determine risk, and establish appropriate mitigations. Applies
principles such as least privilege and defense-in-depth; requires human
expertise and not tools to accomplish
-Attack Surface - -The entry points and exit points of an application that
may be accessible to an attacker
-Agile Method - -A time-boxed iterative approach that facilitates a rapid and
flexible response to change, which in turn encourages evolutionary
, development and delivery while promoting adaptive planning, development,
teamwork, collaboration, and process adaptability throughout the lifecycle of
the project
-Bugtraq IDs - -Identifiers for a commercially operated vulnerability that are
used in security advisories and alerts, as well as for discussions on the
mailing list
-Building Security in Maturity Model (BSIMM) - -A study of real-world
software security initiatives organized so that you can determine where you
stand with your software security initiatives and how to evolve efforts over
time
-Common Vulnerability Scoring System (CVSS) - -Provides an open
framework for communicating the characteristics and impacts of IT
vulnerabilities
-CWE - -Common Weakness Enumeration
-DAST - -Dynamic Application Security Testing
-Dynamic program analysis - -The analysis of computer software that is
performed by executing programs on a real or virtual processor in real time
-GRC - -Governance, Risk and Compliance
-ISMS - -Information Security Management System
-ISO/IEC - -International Organization for Standardization(ISO) / International
Electrotechnical
Commission(IEC).
-ISO/IEC 27001 - -A standard that specifies a management system intended
to bring information security under formal management control
-ISO/IEC 27034 - -A standard that provides guidance to help organizations
embed security within their processes that help secure applications running
in the environment
-ISO/IEC 27034-1:2011 - -A standard for application security which offers a
concise, internationally recognized way to get transparency into
vendor/supplier's software security management process
-Iterative Waterfall Development Model - -An approach that carries less risk
than traditional approaches but is more risky and less efficient and the
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Victorious23. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £10.13. You're not tied to anything after your purchase.