SY0-501 · Question #71
SY0-501 Question #71: Real Exam Question with Answer & Explanation
The correct answer is D: Peer review. The question describes a missing SDLC phase where developers critically evaluate each other's code, which is the definition of peer review. This is a fundamental secure coding practice used to identify defects and vulnerabilities before deployment.
Question
A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code. Which of the following assessment techniques is BEST described in the analyst's report?
Options
- AArchitecture evaluation
- BBaseline reporting
- CWhitebox testing
- DPeer review
Explanation
The question describes a missing SDLC phase where developers critically evaluate each other's code, which is the definition of peer review. This is a fundamental secure coding practice used to identify defects and vulnerabilities before deployment.
Common mistakes.
- A. Architecture evaluation assesses the overall design and structure of a system for security and functionality, not the line-by-line review of a developer's written code.
- B. Baseline reporting involves comparing current system configurations or security postures against an established standard or benchmark, not reviewing source code for defects.
- C. Whitebox testing is a testing technique where testers have full knowledge of the internal code structure to design test cases, but it is a testing activity performed by testers - not a collaborative feedback process between developers.
Concept tested. Peer code review in secure SDLC practices
Community Discussion
No community discussion yet for this question.