WGU Updated Secure-Software-Design Exam Questions and Answers by cian

The Intelligence domain in the Building Security in Maturity Model (BSIMM) focuses on gathering and using information about software security. This includes understanding the types of attacks that are possible against the software being developed, which is why reviewing attack models falls under this domain. The BSIMM domain of Intelligence involves creating models of potential attacks on software (attack models), analyzing actual attacks that have occurred (attack intelligence), and sharing this information to improve security measures. By reviewing attack models, the software security group is essentially assessing the organization’s ability to anticipate and understand potential security threats, which is a key aspect of the Intelligence domain.

Security testing reports are the deliverables that typically contain detailed results of the security evaluations performed. These reports include the types of tests conducted, such as static and dynamic analysis, penetration testing, and code reviews, as well as the number and types of vulnerabilities discovered. The purpose of these reports is to document the security posture of the software at the time of testing and to provide a basis for remediation efforts.

The privacy impact statement requirement that defines how personal information will be protected when authorized or independent external entities are involved is best categorized under Third party requirements. This aspect of privacy impact assessments ensures that personal data is safeguarded even when it is necessary to involve third parties, which could be service providers, partners, or other entities that might handle personal information on behalf of the primary organization. These requirements typically include stipulations for data handling agreements, security measures, and compliance checks to ensure that third parties maintain the confidentiality and integrity of the personal information they process.