WGU C706 Secure Software Design Exam Questions With Complete Solutions

WGU C706 Secure Software Design Exam Questions With Complete Solutions Security Champion - ANSWER People who take lead in a project such as development leadership, or training to enable support and encourage the adoption of security knowledge and practices through peer leadership, behavior demonstration, and social encouragement. Software Security User (SSU) - ANSWER Software Security Architect (SSA) - ANSWER The software architect moves analysis to implementation and analyzes the requirements and use cases as activities to perform as part of the development process. That person can also develop class diagrams. a person who oversees the security aspects of a project, making sure appropriate countermeasures are in place Software Security Evangelist (SSE) - ANSWER A training champion of software security and an advocate for the overall software development lifecycle process and a proponent for promulgating and enforcing the overall security program. promotes software security practices in a team, in a unit, or on a project Software Security Stakeholder (SSS) - ANSWER A stakeholder has ownership interest in a program or a project and has a vested interest in the success of the project functionally and from a security perspective. The head of HR would be a stakeholder in a payroll project. Functional Acceptance Criteria - ANSWER Describes the behavior of the system as it relates to the systems functionality. ex: send an email when a condition is met NonFunctional Acceptance Criteria - ANSWER Form measurable criteria that can be used to gauge the success of an overall system solution or product. Example: Review test results, areas such as efficiency, privacy, confidentiality, etc Fuzz testing - ANSWER invalid, unexpected, or random data provided to inputs. Strategic Attacks - ANSWER user general targeting against a broad industry. Highly repeatable. Tactical Attacks - ANSWER surgical by nature, have highly specific targeting, and are technologically sophisticated User Specific attacks - ANSWER can be strategic, tactical, or personal in nature, and target personal devices that may be either consumer or enterprise owned. attacking the user instead of the system. Sociopolitical attacks - ANSWER intended to elevate awareness of a topic Privacy Impact Assessment (PIA) - ANSWER The activities for compliance include ensuring collected information is only used for intended purposes, information is timely and accurate, and the public is aware of how the the information is collected and how it is used. PA-DSS (Payment Application Data Security Standard) - ANSWER PA-DSS is explicitly focused on payment applications. PA-DSS is a set of requirements intended to help software vendors develop secure payment applications for credit cards. PCI DSS (Payment Card Industry Data Security Standard) - ANSWER A set of standards that are intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. PTS DSS (Pin Transaction Security Data Security Standard) - ANSWER intended to protect all POS devices and terminals, included attended and unattended terminal devices. Policy compliance analysis: - ANSWER Reviewing of the policy to ensure that it provides specific requirements based on different development criteria, such as product type, code type, and platform.