CSSLP · Question #359
CSSLP Question #359: Real Exam Question with Answer & Explanation
The correct answer is C: Include both automated vulnerability scans and hands on penetration testing in a comprehensive. An accurate security testing strategy for software development includes both automated vulnerability scans and hands-on penetration testing to ensure comprehensive coverage.
Question
A development team at Meridian Systems is defining their security testing strategy and plan, and they need guidance on best practices and timing. Which statement is accurate?
Options
- AGoogle Cloud Security Command Center
- BPerform security testing only after deployment in the live environment
- CInclude both automated vulnerability scans and hands on penetration testing in a comprehensive
- DFocus security testing solely on the application tier and ignore network and host layers
Explanation
An accurate security testing strategy for software development includes both automated vulnerability scans and hands-on penetration testing to ensure comprehensive coverage.
Common mistakes.
- A. Google Cloud Security Command Center is a security management platform, not a statement describing a security testing strategy.
- B. Performing security testing only after deployment is too late in the software development lifecycle, making remediation much more costly and risking live environment exploitation.
- D. Focusing security testing solely on the application tier is insufficient, as vulnerabilities can exist and be exploited at the network and host layers, requiring a holistic approach.
Concept tested. Comprehensive security testing strategy
Reference. https://learn.microsoft.com/en-us/azure/security/develop/security-dev-lifecycle-testing
Topics
Community Discussion
No community discussion yet for this question.