CISSP-ISSAP · Question #81
Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases G
The correct answer is A. Design. Design is correct because this phase is where architects and developers translate requirements into a concrete blueprint - making it the ideal stage to model threats, review security architecture, identify potential misuse scenarios, and define security-focused test cases before
Question
Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation
Options
- ADesign
- BMaintenance
- CDeployment
- DRequirements Gathering
How the community answered
(45 responses)- A73% (33)
- B16% (7)
- C4% (2)
- D7% (3)
Explanation
Design is correct because this phase is where architects and developers translate requirements into a concrete blueprint - making it the ideal stage to model threats, review security architecture, identify potential misuse scenarios, and define security-focused test cases before any code is written.
Why the distractors are wrong:
- B. Maintenance involves patching, monitoring, and updating a live system - not upfront modeling or architecture reviews.
- C. Deployment focuses on releasing software to production environments and configuration hardening, not creating security models or design artifacts.
- D. Requirements Gathering captures what the system must do at a high level; it precedes design and doesn't yet involve architectural review or threat modeling techniques like misuse cases.
Memory tip: Think of Design as "drawing the blueprint before breaking ground." All four controls - misuse cases, architecture review, threat/risk modeling, and security test case generation - are blueprint-level activities that shape how the system will be built securely, which is the hallmark of the Design phase.
Topics
Community Discussion
No community discussion yet for this question.