nerdexam
(ISC)2

CISSP · Question #618

Which of the following is used to support the concept of defense in depth during the development phase of a software product?

The correct answer is D. Security auditing. Defense in depth is a security strategy that employs multiple layers of security controls and mechanisms to protect the system or network from various types of attacks. Defense in depth can be applied during the development phase of a software product by using security auditing a

Submitted by ravi_2018· Mar 5, 2026Software Development Security

Question

Which of the following is used to support the concept of defense in depth during the development phase of a software product?

Options

  • AMaintenance hooks
  • BPolyinstiation
  • CKnown vulnerability list
  • DSecurity auditing

How the community answered

(62 responses)
  • A
    5% (3)
  • B
    2% (1)
  • C
    10% (6)
  • D
    84% (52)

Explanation

Defense in depth is a security strategy that employs multiple layers of security controls and mechanisms to protect the system or network from various types of attacks. Defense in depth can be applied during the development phase of a software product by using security auditing as a technique to support the concept. Security auditing is a process of reviewing and evaluating the security aspects of the software product, such as the design, code, functionality, performance, or compliance. Security auditing can help to identify and fix any security vulnerabilities or flaws in the software product, as well as to ensure that the software product meets the security requirements and standards of the organization and the stakeholders. Security auditing can be performed by internal or external auditors, using manual or automated tools, methods, or frameworks. Maintenance hooks, polyinstantiation, or known vulnerability list are not used to support the concept of defense in depth during the development phase of a software product, as they are more related to maintenance, data security, or vulnerability management.

Topics

#defense in depth#software development security#security auditing#SDLC

Community Discussion

No community discussion yet for this question.

Full CISSP Practice