nerdexam
(ISC)2

CISSP · Question #1286

Which of the following addresses requirements of security assessment during software acquisition?

The correct answer is A. Software assurance policy. A software assurance policy is a document that defines the standards, guidelines, and best practices for ensuring the quality, security, and reliability of software products and services. A software assurance policy can help address the requirements of security assessment during

Submitted by viktor_hu· Mar 5, 2026Software Development Security

Question

Which of the following addresses requirements of security assessment during software acquisition?

Options

  • ASoftware assurance policy
  • BContinuous monitoring
  • CSoftware configuration management (SCM)
  • DData loss prevention (DLP) policy

How the community answered

(30 responses)
  • A
    93% (28)
  • B
    3% (1)
  • C
    3% (1)

Explanation

A software assurance policy is a document that defines the standards, guidelines, and best practices for ensuring the quality, security, and reliability of software products and services. A software assurance policy can help address the requirements of security assessment during software acquisition, as it establishes the criteria and methods for evaluating and testing the software, as well as the roles and responsibilities of the stakeholders involved. A software assurance policy can help ensure that the software meets the functional and non-functional requirements, as well as the security and compliance requirements, of the organization. Continuous monitoring is a process that involves collecting, analyzing, and reporting data on the performance and security of the systems and networks. Continuous monitoring can help maintain the security and availability of the systems and networks, but it does not address the security assessment during software acquisition. Software configuration management (SCM) is a process that involves controlling and tracking the changes and versions of the software products and components. SCM can help ensure the consistency and integrity of the software products and components, but it does not address the security assessment during software acquisition. Data loss prevention (DLP) policy is a document that defines the rules and actions for preventing the unauthorized disclosure, transfer, or leakage of sensitive data. DLP policy can help protect the data from being exposed, but it does not address the security assessment during software

Topics

#Software acquisition#Software assurance#Security requirements

Community Discussion

No community discussion yet for this question.

Full CISSP Practice