SSCP Question #1127: Real Exam Question with Answer & Explanation

Question

From a security standpoint, the product development life cycle consists of which of the following?

Options

• ACode Review
• BCertification
• CAccreditation
• DFunctional Design Review
• ESystem Test Review
• FAll of the items listed

Explanation

A comprehensive security-focused product development life cycle integrates security considerations across all phases, from initial design to final accreditation.

Common mistakes.

• A. Code review is only one specific activity and does not encompass the entire security product development life cycle, which includes design, testing, and formal approval stages.
• B. Certification is a formal process of technical evaluation but does not cover the complete spectrum of security activities during product development, such as design or coding practices.
• C. Accreditation is a formal management decision to operate a system, which is a post-certification step and doesn't cover the full development lifecycle activities like design or testing.
• D. Functional design review is an important early-stage security consideration but does not address the security aspects of coding, testing, or formal authorization.
• E. System test review focuses on the testing phase for security but omits crucial security activities that occur during the design, coding, and formal approval stages of product development.

Concept tested. Secure Software Development Lifecycle (SSDLC)

Reference. https://learn.microsoft.com/en-us/security/engineering/dev-sec-ops

No community discussion yet for this question.