Exam SY0-701 topic 1 question 312 discussion

D. Branch protection requirements Branch protection requirements are related to the version control and development process within the SDLC, ensuring that code changes are reviewed, tested, and approved before being merged into main branches. This helps maintain code quality and security throughout the development process. Penetration testing is usually conducted as part of the testing phase or after deployment to identify vulnerabilities and security weaknesses. It is a separate process from the core stages of the SDLC but is an important aspect of ensuring the security and robustness of the application once development is completed.

The CompTIA Sec+ Student Guide defines SDLC as: "SDLC policies govern software development within an organization. These policies provide a structured plan detailing the stages of development from initial requirement analysis to maintenance after deployment. It ensures that all software produced meets the organization’s efficiency, reliability, and security standards." Based on this definition, the answer "D" fits best. A: the SLA is related to a third party B: the InfoSec Policy is a high-level policy. It can contain SDLC requirements, but does not provide detailed standard requirements. C: Penetration testing method defined by CompTIA is more holistic view and not app-coding. Especially, there are some questions, where it is about how to secure own code and the answer is "peer reviews" and not pen-testing. D: I know SDLC as part of policies/guidelines for End-User-Computing (EUC) or individual data processing (IDP) and they contain protection requirements and standards derived from a BIA or a PNA. Best of luck with your exam.

ChatGPT & Copilot says

Branch protection is not directly part of SDLC. However, the penetration test is. 1. Planning 2. Analysis 3. Design; 4. Implementation 5. Testing ( various testing, e.g. Penetration testing) 6. Deployment 7. Maintenance.

The Software Development Life Cycle (SDLC) includes policies and procedures to ensure secure and efficient software development. An Information Security Policy is a crucial part of SDLC because it defines security requirements

Chat gpt says The topic that would most likely be included within an organization's Software Development Life Cycle (SDLC) is: **C. Penetration testing methodology** **Explanation**: Penetration testing methodology is directly relevant to the SDLC as it pertains to the security assessment of applications developed during the software lifecycle. It involves evaluating the security of the application through simulated attacks after the development and before deployment, ensuring that security is integrated into the development process. While service-level agreements, information security policies, and branch protection requirements are also important in the broader context of IT governance and security, they are not specifically part of the SDLC itself. The SDLC focuses on processes related to software development, including design, implementation, testing (which includes penetration testing), and maintenance.

The correct answer is: D. Branch protection requirements Explanation: The Software Development Life Cycle (SDLC) refers to the structured process for planning, creating, testing, and deploying software applications. Among the provided options, branch protection requirements would most likely be included in the SDLC as part of the version control process to ensure that changes to the codebase are reviewed, tested, and securely merged. Branch protection ensures that only authorized and verified code can be merged into critical branches (like the main or master branch), which helps maintain the security, quality, and stability of the software. It often involves using code reviews, automated testing, and other safeguards to protect the integrity of the development process.

Branch protection requirements are typically part of the Software Development Life Cycle (SDLC), specifically in the phase where code is managed and controlled. These requirements ensure that the code in version control systems (like Git) is protected from unauthorized or accidental changes. For example, branch protection can enforce rules such as requiring code reviews, preventing direct pushes to the main branch, or ensuring all tests pass before code is merged. These practices help maintain the quality and security of the codebase throughout the development lifecycle.

SDLC Includes secure coding practices, code reviews, and testing standards

Software Development Life Cycle (SDLC) is a framework that defines the stages involved in developing software. It focuses on the technical aspects of software development, including requirements gathering, design, development, testing, and deployment. Branch protection requirements are directly related to the development process and ensure code quality and security. They typically involve rules for merging code, such as requiring code reviews and preventing direct pushes to the main branch

C. Penetration testing methodology Here's why: The SDLC is a framework that outlines the process for developing, deploying, and maintaining systems or applications. It typically includes phases such as planning, requirements gathering, design, development, testing, deployment, and maintenance. Penetration testing methodology is directly tied to the testing and security assurance phases of the SDLC. Organizations often incorporate security assessments, such as penetration testing, into the development process to identify and mitigate vulnerabilities before deployment. GPT

option like penetration testing methodology would more closely align with SDLC than the overarching Information Security Policy

Branch protection requirements are directly related to the software development process, particularly in version control and code management. These requirements help ensure that only reviewed and approved code is merged into the main branch, maintaining the integrity and quality of the software throughout its development lifecycle. Why not B: Information security policy is a broader organizational policy that governs overall security practices. Why not C: Penetration testing methodology is part of security testing but not specifically tied to the SDLC phases.

so many different answers

This is because an information security policy outlines the guidelines and practices for protecting sensitive data throughout the development process.

C. Penetration testing methodology is often part of the SDLC, especially in the testing phase, to identify vulnerabilities in the software before it goes live. While the other options are important in the broader organizational policies and security management, they are not typically a direct part of the SDLC process.

B. Information security policy An Information security policy is often included within an organization's Software Development Life Cycle (SDLC) because security considerations are critical during the design, development, and deployment phases of software development. The SDLC aims to integrate security measures throughout the process to protect against vulnerabilities and ensure compliance with security standards. Service-level agreements (A) are more related to contracts and service performance rather than the SDLC. Penetration testing methodology (C) is typically used for post-development testing, not a core part of the SDLC. Branch protection requirements (D) relate to source code management and version control, but they are not commonly included as a core topic of the SDLC. Thus, Information security policy aligns most closely with the SDLC's focus on incorporating security best practices throughout the software development process.