CompTIA
CAS-002 · Question #109
CAS-002 Question #109: Real Exam Question with Answer & Explanation
The correct answer is B: Secure Software Implementation. Unit testing for security functionality, resilience to attacks, secure coding practices, and exploit mitigation are all hands-on coding activities that belong to the Secure Software Implementation phase of the SSDLC.
Question
Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Software Development Lifecycle?
Options
- ASecure Software Requirements
- BSecure Software Implementation
- CSecure Software Design
- DSoftware Acceptance
Explanation
Unit testing for security functionality, resilience to attacks, secure coding practices, and exploit mitigation are all hands-on coding activities that belong to the Secure Software Implementation phase of the SSDLC.
Common mistakes.
- A. Secure Software Requirements focuses on eliciting and documenting security requirements before any code is written, not on coding or unit testing activities.
- C. Secure Software Design involves architectural decisions, threat modeling, and selecting security controls at a design level, not hands-on implementation and unit testing.
- D. Software Acceptance is a late-stage validation phase where the completed system is verified against requirements prior to release, not a phase for unit-level security testing or exploit mitigation development.
Concept tested. SSDLC implementation phase security activities
Reference. https://csrc.nist.gov/publications/detail/sp/800-64/rev-2/final
Community Discussion
No community discussion yet for this question.