CSSLP Question #374: Real Exam Question with Answer & Explanation

The correct answer is C: Validation of the software development process and assurance that security controls are followed. Security reviews during the software development lifecycle primarily aim to validate the development process and assure that established security controls are being followed.

Secure Software Lifecycle Management

Question

What is the primary purpose of performing security reviews during the software development lifecycle?

Options

ACloud Security Command Center
BFuzz testing
CValidation of the software development process and assurance that security controls are followed

Explanation

Security reviews during the software development lifecycle primarily aim to validate the development process and assure that established security controls are being followed.

Common mistakes.

A. Cloud Security Command Center is a specific Google Cloud product for security management, not the primary purpose of general SDLC security reviews.
B. Fuzz testing is a specific type of dynamic application security testing technique used to find vulnerabilities, not the primary purpose of overall security reviews.

Concept tested. Purpose of SDLC security reviews

Reference. https://learn.microsoft.com/en-us/azure/security/develop/security-devops-security-reviews

Topics

#Security Reviews#SDLC#Security Controls#Process Validation

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions