ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam
Go to Exam

Exam CSSLP topic 2 question 42 discussion

Actual exam question from ISC's CSSLP
Question #: 42
Topic #: 2
[All CSSLP Questions]

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.

  • A. Change and Configuration Control
  • B. Security Certification and Accreditation (C&A)
  • C. Vulnerability Assessment and Penetration Testing
  • D. Risk Adjustments
Show Suggested Answer Hide Answer
Suggested Answer: BCD 🗳️
The various security controls in the SDLC deployment phase are as follows: Secure Installation: While performing any software installation, it should kept in mind that the security configuration of the environment should never be reduced. If it is reduced then security issues and overall risks can affect the environment. Vulnerability Assessment and Penetration Testing: Vulnerability assessments (VA) and penetration testing (PT) is used to determine the risk and attest to the strength of the software after it has been deployed. Security Certification and Accreditation (C&A): Security certification is the process used to ensure controls which are effectively implemented through established verification techniques and procedures, giving organization officials confidence that the appropriate safeguards and countermeasures are in place as means of protection. Accreditation is the provisioning of the necessary security authorization by a senior organization official to process, store, or transmit information.
Risk Adjustments: Contingency plans and exceptions should be generated so that the residual risk be above the acceptable threshold.
by 74gjd_37 at Sept. 30, 2023, 9:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
74gjd_37
5 months, 2 weeks ago
Selected Answer: AC
A. Change and Configuration Control C. Vulnerability Assessment and Penetration Testing Change and configuration control ensures that changes made throughout the deployment phase are authorized, tested, and documented properly to ensure that vulnerabilities are not introduced into the software. Vulnerability assessment and penetration testing help identify security weaknesses within the software so they can be resolved proactively before attackers take advantage of them. Security Certification and Accreditation (C&A) is typically performed during earlier phases of the SDLC such as planning or design. Risk adjustments do not involve specific security controls for building secure software.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago