CISSP · Question #618
Which of the following is used to support the concept of defense in depth during the development phase of a software product?
The correct answer is D. Security auditing. Defense in depth is a security strategy that employs multiple layers of security controls and mechanisms to protect the system or network from various types of attacks. Defense in depth can be applied during the development phase of a software product by using security auditing a
Question
Options
- AMaintenance hooks
- BPolyinstiation
- CKnown vulnerability list
- DSecurity auditing
How the community answered
(62 responses)- A5% (3)
- B2% (1)
- C10% (6)
- D84% (52)
Explanation
Defense in depth is a security strategy that employs multiple layers of security controls and mechanisms to protect the system or network from various types of attacks. Defense in depth can be applied during the development phase of a software product by using security auditing as a technique to support the concept. Security auditing is a process of reviewing and evaluating the security aspects of the software product, such as the design, code, functionality, performance, or compliance. Security auditing can help to identify and fix any security vulnerabilities or flaws in the software product, as well as to ensure that the software product meets the security requirements and standards of the organization and the stakeholders. Security auditing can be performed by internal or external auditors, using manual or automated tools, methods, or frameworks. Maintenance hooks, polyinstantiation, or known vulnerability list are not used to support the concept of defense in depth during the development phase of a software product, as they are more related to maintenance, data security, or vulnerability management.
Topics
Community Discussion
No community discussion yet for this question.