SY0-701 Question #661: Real Exam Question with Answer & Explanation

Question

A Chief Information Security Officer (CISO) has developed information security policies that relate to the software development methodology. Which of the following would the CISO most likely include in the organization's documentation?

Options

• APeer review requirements
• BMultifactor authentication
• CBranch protection tests
• DSecrets management configurations

Explanation

Peer review requirements belong squarely in a software development methodology policy because they define a human process control - requiring developers to have their code examined by colleagues before merging - which directly reduces security vulnerabilities introduced during development. This is a policy-level SDLC (Software Development Lifecycle) control that a CISO can mandate organization-wide in documentation.

Option B (MFA) is an identity and access management control, not a software development methodology practice - it belongs in an access control policy, not an SDLC policy.

Option C (branch protection tests) describes a technical Git/version control configuration, not policy documentation - it's an operational setting, not a governance requirement a CISO would write into policy.

Option D (secrets management configurations) are likewise technical implementation details (e.g., vault settings, env variable rules), not the kind of procedural requirement that belongs in a policy document.

Memory tip: Ask yourself, "Is this a human process requirement or a technical configuration?" CISO policies govern what people must do (like requiring peer review), not how systems are configured. If the answer sounds like a settings panel, it's probably not a policy.

No community discussion yet for this question.