CISSP Question #573: Real Exam Question with Answer & Explanation

Question

A security professional recommends that a company integrate threat modeling into its Agile development processes. Which of the following BEST describes the benefits of this approach?

Options

• AReduce application development costs.
• BPotential threats are addressed later in the Software Development Life Cycle (SDLC).
• CImprove user acceptance of implemented security controls.
• DPotential threats are addressed earlier in the Software Development Life Cycle (SDLC).

Explanation

The benefit of integrating threat modeling into the Agile development processes is that potential threats are addressed earlier in the Software Development Life Cycle (SDLC). Threat modeling is a technique that involves identifying, analyzing, and prioritizing the potential threats that may affect a system or an application, and designing and implementing the appropriate countermeasures to mitigate or eliminate the threats. Agile development is a methodology that involves developing a system or an application incrementally and iteratively, using short and frequent cycles of planning, designing, coding, testing, and feedback. Integrating threat modeling into the Agile development processes can help improve the security and the quality of the system or the application, as it enables the developers and the security professionals to collaborate and communicate effectively, and to incorporate the security requirements and the controls into each cycle of the development. Integrating threat modeling into the Agile development processes can also help address the potential threats earlier in the SDLC, as it allows the developers and the security professionals to identify and resolve the threats as soon as they emerge, and to prevent or reduce the impact of the threats on the later stages of the development.

No community discussion yet for this question.