Exam CISSP topic 1 question 304 discussion

It would be too late if you wait until implementation. You just potentially wasted so many man hours designing a product or service that may not be accessible to key vendors because of security flaws.

In the scenario, the security architect is tasked with assessing the security of various brands of mobile devices. This strongly suggests that the devices are third-party products being evaluated for use within the organization. The organization is not creating or developing these devices, so the development phase does not apply. The implementation phase is when third-party products are evaluated, configured, and tested for security before deployment into the operational environment. This is when security assessments of off-the-shelf products (like mobile devices) typically occur to ensure they meet organizational security requirements. Hence, the answer is A

D. Development phase ......The earliest phase of the product lifecycle makes the most sense.

D if the purpose is to determine which device to procure. B if they are existing. Question does not provide enough context.

Development is correct.

The correct answer is D. Development. Explanation: The most appropriate time for a security architect to assess the security of various brands of mobile devices would be during the development phase of the product lifecycle. Assessing security at this stage allows the organization to identify and mitigate potential vulnerabilities before the devices are released into the market. By addressing security concerns early, the organization can minimize risks and reduce the likelihood of security incidents.