nerdexam
(ISC)2

CISSP-ISSAP · Question #81

Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases G

The correct answer is A. Design. Design is correct because this phase is where architects and developers translate requirements into a concrete blueprint - making it the ideal stage to model threats, review security architecture, identify potential misuse scenarios, and define security-focused test cases before

Security Architecture Modeling

Question

Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation

Options

  • ADesign
  • BMaintenance
  • CDeployment
  • DRequirements Gathering

How the community answered

(45 responses)
  • A
    73% (33)
  • B
    16% (7)
  • C
    4% (2)
  • D
    7% (3)

Explanation

Design is correct because this phase is where architects and developers translate requirements into a concrete blueprint - making it the ideal stage to model threats, review security architecture, identify potential misuse scenarios, and define security-focused test cases before any code is written.

Why the distractors are wrong:

  • B. Maintenance involves patching, monitoring, and updating a live system - not upfront modeling or architecture reviews.
  • C. Deployment focuses on releasing software to production environments and configuration hardening, not creating security models or design artifacts.
  • D. Requirements Gathering captures what the system must do at a high level; it precedes design and doesn't yet involve architectural review or threat modeling techniques like misuse cases.

Memory tip: Think of Design as "drawing the blueprint before breaking ground." All four controls - misuse cases, architecture review, threat/risk modeling, and security test case generation - are blueprint-level activities that shape how the system will be built securely, which is the hallmark of the Design phase.

Topics

#SDLC Design Phase#Threat Modeling#Security Architecture Review#Misuse Case Modeling

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSAP Practice