CISSP · Question #1391
A security engineer is required to integrate security into a software project that is implemented by small groups test quickly, continuously, and independently develop, test, and deploy code to the cl
The correct answer is D. Devops Integrated Product Team (IPT). The scenario describes small, autonomous teams rapidly and continuously developing, testing, and deploying code to the cloud - the hallmark of a DevOps model. Integrating security into this process is known as DevSecOps.
Question
Options
- AService-oriented architecture (SOA)
- BSpiral Methodology
- CStructured Waterfall Programming Development
- DDevops Integrated Product Team (IPT)
How the community answered
(49 responses)- A4% (2)
- B2% (1)
- D94% (46)
Why each option
The scenario describes small, autonomous teams rapidly and continuously developing, testing, and deploying code to the cloud - the hallmark of a DevOps model. Integrating security into this process is known as DevSecOps.
Service-oriented architecture (SOA) is an architectural design pattern for structuring software as interoperable services, not a software development process or methodology for team-based iterative delivery.
The Spiral Methodology is a risk-driven development model that uses repeated planning, risk analysis, engineering, and evaluation phases - it does not emphasize the continuous, rapid, and independent deployment cycles described in the scenario.
Structured Waterfall Programming Development follows a sequential, phase-gated approach (requirements → design → implementation → testing → deployment) that is incompatible with the continuous and independent deployment cadence described in the scenario.
DevOps Integrated Product Teams (IPTs) emphasize small, cross-functional groups that continuously integrate, test, and deploy code in iterative cycles - matching the scenario exactly. Integrating security into this workflow (DevSecOps) means embedding security controls, automated scanning, and compliance checks directly into the CI/CD pipeline, enabling rapid and secure cloud deployments without slowing development velocity.
Concept tested: Integrating security into DevOps CI/CD pipelines
Source: https://learn.microsoft.com/en-us/azure/devops/learn/what-is-devsecops
Topics
Community Discussion
No community discussion yet for this question.