CISSP · Question #1001
Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?
The correct answer is B. Proper security controls, security objectives, and security goals are properly initiated.. The security design process within the SDLC ensures that proper security controls, security objectives, and security goals are properly initiated to build security into systems from the start.
Question
Which of the following does the security design process ensure within the System Development Life Cycle (SDLC)?
Options
- AProper security controls, security goals, and fault mitigation are properly conducted.
- BProper security controls, security objectives, and security goals are properly initiated.
- CSecurity goals, proper security controls, and validation are properly initiated.
- DSecurity objectives, security goals, and system test are properly conducted.
How the community answered
(13 responses)- A8% (1)
- B85% (11)
- D8% (1)
Why each option
The security design process within the SDLC ensures that proper security controls, security objectives, and security goals are properly initiated to build security into systems from the start.
This option incorrectly includes 'fault mitigation' as a component of the security design process outcome; fault mitigation is more associated with system reliability engineering and incident response rather than the security design phase of the SDLC.
The security design process in the SDLC focuses on initiating proper security controls, security objectives, and security goals during the design phase, ensuring security requirements are defined and embedded into the system architecture before development begins. This aligns with the SDLC principle that security must be planned and initiated early in the lifecycle rather than retrofitted after implementation.
This option incorrectly replaces 'security objectives' with 'validation'; validation is a later SDLC phase activity (testing/verification), not a primary output of the security design process.
This option incorrectly includes 'system test' as part of what the security design process ensures; system testing is a distinct, later phase in the SDLC and is not initiated or conducted as part of the security design process.
Concept tested: Security design process role within SDLC phases
Source: https://csrc.nist.gov/publications/detail/sp/800-64/rev-2/final
Topics
Community Discussion
No community discussion yet for this question.