nerdexam
(ISC)2

CISSP-ISSEP · Question #172

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.

The correct answer is A. Risk Adjustments B. Security Certification and Accreditation (C&A) C. Vulnerability Assessment and Penetration Testing. During the deployment phase, the focus is on authorizing and validating the system before it goes live. Risk Adjustments (A) are applied at this stage to formally accept, mitigate, or transfer any residual risks identified before production release. Security Certification and Acc

Systems Development and Acquisition

Question

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ARisk Adjustments
  • BSecurity Certification and Accreditation (C&A)
  • CVulnerability Assessment and Penetration Testing
  • DChange and Configuration Control

How the community answered

(46 responses)
  • A
    72% (33)
  • D
    28% (13)

Explanation

During the deployment phase, the focus is on authorizing and validating the system before it goes live. Risk Adjustments (A) are applied at this stage to formally accept, mitigate, or transfer any residual risks identified before production release. Security Certification and Accreditation (B) is the formal process of evaluating and officially authorizing a system to operate - this is inherently a pre-deployment gate. Vulnerability Assessment and Penetration Testing (C) is performed in deployment to validate that the system can withstand real-world attacks before it becomes operational.

D (Change and Configuration Control) is incorrect here because it primarily belongs to the maintenance/operations phase of the SDLC, where changes to an already-running system must be controlled - it governs ongoing changes post-deployment, not the act of deploying itself.

Memory tip: Think of deployment as "launching a rocket" - you adjust the trajectory (Risk Adjustments), get official launch clearance (C&A), and run a final systems check for vulnerabilities (Pen Testing) before ignition. Configuration control kicks in after the rocket is in orbit.

Topics

#SDLC Security#Deployment Controls#Vulnerability Testing#Certification & Accreditation

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice