Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.
A.
Change and Configuration Control
B.
Security Certification and Accreditation (C&A)
C.
Vulnerability Assessment and Penetration Testing
Suggested Answer:BCD🗳️
The various security controls in the SDLC deployment phase are as follows: Secure Installation: While performing any software installation, it should kept in mind that the security configuration of the environment should never be reduced. If it is reduced then security issues and overall risks can affect the environment. Vulnerability Assessment and Penetration Testing: Vulnerability assessments (VA) and penetration testing (PT) is used to determine the risk and attest to the strength of the software after it has been deployed. Security Certification and Accreditation (C&A): Security certification is the process used to ensure controls which are effectively implemented through established verification techniques and procedures, giving organization officials confidence that the appropriate safeguards and countermeasures are in place as means of protection. Accreditation is the provisioning of the necessary security authorization by a senior organization official to process, store, or transmit information. Risk Adjustments: Contingency plans and exceptions should be generated so that the residual risk be above the acceptable threshold.
A. Change and Configuration Control
C. Vulnerability Assessment and Penetration Testing
Change and configuration control ensures that changes made throughout the deployment phase are authorized, tested, and documented properly to ensure that vulnerabilities are not introduced into the software.
Vulnerability assessment and penetration testing help identify security weaknesses within the software so they can be resolved proactively before attackers take advantage of them.
Security Certification and Accreditation (C&A) is typically performed during earlier phases of the SDLC such as planning or design.
Risk adjustments do not involve specific security controls for building secure software.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
74gjd_37
5 months, 2 weeks ago