Exam CISM topic 1 question 878 discussion

I agree this is definitely D. Every other question of this nature emphasises the importance of implementing security as often and early as possible in development.

No doubt, it's B.

I will go for B with this one, if the question asks while developing, then the answer will be D, but when the question says deploying, the answer should be B.

Option B

It talk about "risk" (Not "vulnerabilities") and "in deploying", so I would agree the marked answer. If was talking about to detect vulnerabilities in the code, definetly would be D, but B is more high level and related to risks

You have to look at the scope of the question! It is specifically asking what is BEST for deployment to production. Yes Implementing security through the SDLC is the MOST beneficial, but for the scope of the question it is not the best. A properly designed change management process is the best action when it comes to deploying anything new.

Well, I'm not so sure it's D. The question is about the deployment to production (from development, I assume). Option D considers SDLC, so it would reduce the risk of introducing vulnerabilities in the application itself. And while one can argue that by increasing the security of the application that you're deploying in production effectively lowers the risk in general, the question is still about the PROCESS of moving something from one environment to another (i.e. the managing the changes in the environment), not the SDLC. So I'm going with B on this one.

D. Integrating security controls in each phase of the life cycle

D. Integrating security controls in each phase of the life cycle

Option D

i will go with D

D should be the correct answer.