WGU C706 Secure Software Design Exam Guide (Latest 2023/ 2024 Update) | Questions and Verified Answers| 100% Correct
WGU C706 Secure Software Design Exam
Guide (Latest 2023/ 2024 Update) | Questions
and Verified Answers| 100% Correct
Q: Security Boundary
Answer:
The line of intersection between any two areas, subnets, or environments that have different
security requirements or needs.
Q: Security Governance
Answer:
The collection of practices related to supporting, evalu- ating, defining, and directing the
security efforts of an organization.
Q: Third-Party Governance
Answer:
The system of external entity oversight that may be mandated by law, regulation, industry
standards, contractual obligation, or licensing requirements.
Q: Documentation Review
Answer:
Process of reading the exchanged materials and ver- ifying them against standards and
expectations.
Q: Authorization to Operate (ATO)
Answer:
A formal declaration by a Designated Approv- ing Authority (DAA) that authorizes operation of
a Business Product and explicitly accepts the risk to agency operations.
Q: Security Function
Answer:
The aspect of operating a business that focuses on the task of evaluating and improving security
over time.
Q: Security Policy
Answer:
A formalized statement that defines how security will be implemented within a particular
organization.
Q: Business Case
Answer:
To demonstrate a business-specific need to alter an existing process or choose an approach to a
business task.
Q: Top-Down Approach
Answer:
Upper, or senior, management is responsible for initiating and defining policies for the
organization.
Q: Information Security (Infosec) Team
Answer:
The team or department responsible for security within an organization.
Q: Chief Information Security Officer (CISO)
Answer:
Typically considered the top infor- mation security officer in an organization. The CISO is
usually not an executive-level position, and frequently the person in this role reports to the CIO.
Q: Chief Information Officer (CIO)
Answer:
The senior manager responsible for the overall management of information resources in an
organization
Q: Chief Executive Officer (CEO)
Answer:
Corporate officer who has overall responsibility for managing the business and delegates
responsibilities to other corporate officers.
Q: Chief Technical Officer (CTO)
Answer:
Focuses on ensuring that equipment and soft- ware work properly to support the business
functions.
Q: Strategic Plan
Answer:
The long-term plan for future activities and operations, usually involving at least five years.
Q: Tactical Plan
Answer:
Midterm plan, developed to provide more details on accomplish- ing the goals set forth in the
strategic plan. Useful for about a year.
Q: Operational Plan
Answer:
Short-term, highly detailed plan based on the strategic and tactical plans. Valid only for a short
time. must be updated often.
Q: On-Site Assessment
Answer:
Visit the site of the organization to interview personnel and observe their operating habits.
Q: Document Exchange and Review
Answer:
Investigate the means by which datasets and documentation are exchanged as well as the formal
processes by which they perform assessments and reviews.
Q: Process/Policy Review
Answer:
Request copies of their security policies, process- es/procedures, and documentation of incidents
and responses for review.
Q: Third-Party Audit
Answer:
Having an independent third-party auditor, as defined by the American Institute of Certified
Public Accountants (AICPA), can provide an unbiased review of an entity's security
infrastructure, based on Service Organization Control (SOC) (SOC) reports.
Category | Exams and Certifications |
Comments | 0 |
Rating | |
Sales | 0 |