WGU C706 Secure Software Design Exam Guide (Latest 2023/ 2024 Update) | Questions and Verified Answers| 100% Correct

WGU C706 Secure Software Design Exam

Guide (Latest 2023/ 2024 Update) | Questions

and Verified Answers| 100% Correct

Q: Security Boundary

Answer:

The line of intersection between any two areas, subnets, or environments that have different

security requirements or needs.

Q: Security Governance

Answer:

The collection of practices related to supporting, evalu- ating, defining, and directing the

security efforts of an organization.

Q: Third-Party Governance

Answer:

The system of external entity oversight that may be mandated by law, regulation, industry

standards, contractual obligation, or licensing requirements.

Q: Documentation Review

Answer:

Process of reading the exchanged materials and ver- ifying them against standards and

expectations.

Q: Authorization to Operate (ATO)

Answer:

A formal declaration by a Designated Approv- ing Authority (DAA) that authorizes operation of

a Business Product and explicitly accepts the risk to agency operations.

Q: Security Function

Answer:

The aspect of operating a business that focuses on the task of evaluating and improving security

over time.

Q: Security Policy

Answer:

A formalized statement that defines how security will be implemented within a particular

organization.

Q: Business Case

Answer:

To demonstrate a business-specific need to alter an existing process or choose an approach to a

business task.

Q: Top-Down Approach

Answer:

Upper, or senior, management is responsible for initiating and defining policies for the

organization.

Q: Information Security (Infosec) Team

Answer:

The team or department responsible for security within an organization.

Q: Chief Information Security Officer (CISO)

Answer:

Typically considered the top infor- mation security officer in an organization. The CISO is

usually not an executive-level position, and frequently the person in this role reports to the CIO.

Q: Chief Information Officer (CIO)

Answer:

The senior manager responsible for the overall management of information resources in an

organization

Q: Chief Executive Officer (CEO)

Answer:

Corporate officer who has overall responsibility for managing the business and delegates

responsibilities to other corporate officers.

Q: Chief Technical Officer (CTO)

Answer:

Focuses on ensuring that equipment and soft- ware work properly to support the business

functions.

Q: Strategic Plan

Answer:

The long-term plan for future activities and operations, usually involving at least five years.

Q: Tactical Plan

Answer:

Midterm plan, developed to provide more details on accomplish- ing the goals set forth in the

strategic plan. Useful for about a year.

Q: Operational Plan

Answer:

Short-term, highly detailed plan based on the strategic and tactical plans. Valid only for a short

time. must be updated often.

Q: On-Site Assessment

Answer:

Visit the site of the organization to interview personnel and observe their operating habits.

Q: Document Exchange and Review

Answer:

Investigate the means by which datasets and documentation are exchanged as well as the formal

processes by which they perform assessments and reviews.

Q: Process/Policy Review

Answer:

Request copies of their security policies, process- es/procedures, and documentation of incidents

and responses for review.

Q: Third-Party Audit

Answer:

Having an independent third-party auditor, as defined by the American Institute of Certified

Public Accountants (AICPA), can provide an unbiased review of an entity's security

infrastructure, based on Service Organization Control (SOC) (SOC) reports.