nerdexam
CompTIA

SY0-301 · Question #310

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?

The correct answer is D. Design reviews. Design reviews are a proactive assessment technique performed during the software development lifecycle (SDLC) to evaluate architecture, design decisions, and security controls before or during development - ensuring systems are built properly from the ground up. Baseline reporti

Security operations

Question

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?

Options

  • ABaseline reporting
  • BInput validation
  • CDetermine attack surface
  • DDesign reviews

How the community answered

(18 responses)
  • A
    6% (1)
  • B
    6% (1)
  • D
    89% (16)

Explanation

Design reviews are a proactive assessment technique performed during the software development lifecycle (SDLC) to evaluate architecture, design decisions, and security controls before or during development - ensuring systems are built properly from the ground up. Baseline reporting (A) compares current system state against a known-good standard, used for operational monitoring rather than development assurance. Input validation (B) is a coding-level security control that sanitizes user input to prevent injection attacks - it is a development practice, not an assessment technique. Determining the attack surface (C) identifies potential entry points, which is a threat modeling activity. Design reviews specifically address whether the overall system and software design meets security and functional requirements, making it the correct assessment technique for ensuring proper development.

Topics

#design review#secure SDLC#application security assessment

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice