nerdexam
(ISC)2

CISSP · Question #1391

A security engineer is required to integrate security into a software project that is implemented by small groups test quickly, continuously, and independently develop, test, and deploy code to the cl

The correct answer is D. Devops Integrated Product Team (IPT). The scenario describes small, autonomous teams rapidly and continuously developing, testing, and deploying code to the cloud - the hallmark of a DevOps model. Integrating security into this process is known as DevSecOps.

Submitted by fatema_kw· Mar 5, 2026Software Development Security

Question

A security engineer is required to integrate security into a software project that is implemented by small groups test quickly, continuously, and independently develop, test, and deploy code to the cloud. The engineer will MOST likely integrate with which software development process?

Options

  • AService-oriented architecture (SOA)
  • BSpiral Methodology
  • CStructured Waterfall Programming Development
  • DDevops Integrated Product Team (IPT)

How the community answered

(49 responses)
  • A
    4% (2)
  • B
    2% (1)
  • D
    94% (46)

Why each option

The scenario describes small, autonomous teams rapidly and continuously developing, testing, and deploying code to the cloud - the hallmark of a DevOps model. Integrating security into this process is known as DevSecOps.

AService-oriented architecture (SOA)

Service-oriented architecture (SOA) is an architectural design pattern for structuring software as interoperable services, not a software development process or methodology for team-based iterative delivery.

BSpiral Methodology

The Spiral Methodology is a risk-driven development model that uses repeated planning, risk analysis, engineering, and evaluation phases - it does not emphasize the continuous, rapid, and independent deployment cycles described in the scenario.

CStructured Waterfall Programming Development

Structured Waterfall Programming Development follows a sequential, phase-gated approach (requirements → design → implementation → testing → deployment) that is incompatible with the continuous and independent deployment cadence described in the scenario.

DDevops Integrated Product Team (IPT)Correct

DevOps Integrated Product Teams (IPTs) emphasize small, cross-functional groups that continuously integrate, test, and deploy code in iterative cycles - matching the scenario exactly. Integrating security into this workflow (DevSecOps) means embedding security controls, automated scanning, and compliance checks directly into the CI/CD pipeline, enabling rapid and secure cloud deployments without slowing development velocity.

Concept tested: Integrating security into DevOps CI/CD pipelines

Source: https://learn.microsoft.com/en-us/azure/devops/learn/what-is-devsecops

Topics

#DevOps#SDLC#Security integration#Agile development

Community Discussion

No community discussion yet for this question.

Full CISSP Practice