nerdexam
(ISC)2

CISSP · Question #1376

Who is the BEST person to review developed application code to ensure it has been tested and verified?

The correct answer is B. A member of quality assurance (QA) should review the developer's code.. The most effective person to review developed application code to ensure it has been tested and verified is a Quality Assurance (QA) member due to their independent role in software quality.

Submitted by salim_om· Mar 5, 2026Software Development Security

Question

Who is the BEST person to review developed application code to ensure it has been tested and verified?

Options

  • AA developer who knows what is expected of the application, but not the same one who developed
  • BA member of quality assurance (QA) should review the developer's code.
  • CA developer who understands the application requirements document, and who also developed
  • DThe manager should review the developer's application code.

How the community answered

(32 responses)
  • A
    9% (3)
  • B
    81% (26)
  • C
    3% (1)
  • D
    6% (2)

Why each option

The most effective person to review developed application code to ensure it has been tested and verified is a Quality Assurance (QA) member due to their independent role in software quality.

AA developer who knows what is expected of the application, but not the same one who developed

While a different developer can provide valuable peer review on code quality, their primary role typically isn't the comprehensive, independent verification and validation against all requirements that a QA member performs.

BA member of quality assurance (QA) should review the developer's code.Correct

Quality Assurance (QA) members are specifically responsible for independently verifying that application code adheres to requirements, has undergone sufficient testing, and meets quality standards. Their expertise lies in ensuring the overall quality and reliability of the software before release.

CA developer who understands the application requirements document, and who also developed

The developer who wrote the code has a conflict of interest and may overlook their own errors or assumptions, making them unsuitable for an objective review of testing and verification.

DThe manager should review the developer's application code.

Managers typically oversee project progress and resources but generally lack the detailed technical expertise required to perform a thorough code review and assess specific testing and verification processes.

Concept tested: Software Quality Assurance and Verification Roles

Source: https://learn.microsoft.com/en-us/azure/devops/boards/test-plans/overview?view=azure-devops

Topics

#code review#quality assurance#software development lifecycle#separation of duties

Community Discussion

No community discussion yet for this question.

Full CISSP Practice