Exam CCSP topic 1 question 138 discussion

Answer is correct. The Secure Software Development Lifecycle (SDLC) Process phases are 1. Requirement Gathering and Feasibility 2. Requirement Analysis 3. Design 4. Development/Coding 5. Testing 6. Maintenance Note: It is essential that security be included in discussions and the SDLC process from the very initial stages. Carter, Daniel. CCSP Certified Cloud Security Professional All-in-One Exam Guide, Second Edition (p. 169). McGraw-Hill Education. Kindle Edition.

Should be B (Programming languages)

Programming languages: This relates to implementation details—how the software will be built—not what it should achieve. This is typically decided in the design or development phase, not requirement analysis.

During the requirement analysis phase of the Software Development Lifecycle (SDLC), the focus is on understanding what the software needs to do rather than how it will be implemented. The key aspects include: A. Functionality → Defines what the software should do. C. Software platform → Determines where the software will run (e.g., cloud, on-prem, Windows, Linux). D. Security requirements → Identifies necessary security controls (e.g., encryption, access control). However, B. Programming languages are typically chosen later, during the design or implementation phase, based on system architecture and project constraints.

programming languages should not be part of the requirement analysis phase

The correct answer is "B"; The requirement analysis phase of the software development lifecycle focuses on gathering and documenting the functional and non-functional requirements of the software system. Programming languages, on the other hand, are not a requirement but a technical decision made later in the development process. Programming languages are chosen based on the project's needs and the expertise of the development team. Therefore, they should not be part of the requirement analysis phase.

The programming languages should not be part of the requirement analysis phase of the software development lifecycle. The requirement analysis phase focuses on gathering, analyzing, and documenting the functional and non-functional requirements of the software. It involves understanding the desired functionality, user needs, business processes, and system constraints

B: Programming languages

Answer is B

Security requirements should be part of the requirement analysis phase of the software development lifecycle, as security is an essential aspect of software development. During the requirement analysis phase, the software's security requirements should be identified and documented to ensure that the software is developed with the necessary security controls in place to protect against potential threats.

I comprehend why ISC2 wants "D" as the answer. Their point is that "security requirements" should be included at the EARLIEST possible point in the cycle. This would be the "Gathering and Feasibility" phase. Thus the question should be worded differently. The key is to comprehend that all of these have a role in this phase. Only one is firm before going into (prior to) this phase.

the correct answer is B Programming Languages should be defined in Desing phase.

The correct answer is B. Programming languages. The requirement analysis phase is the first phase of the software development lifecycle, and it involves gathering and documenting the functional and non-functional requirements for the software. This includes things like the desired functionality of the software, the software platform, and the security requirements. Programming languages are not typically part of this phase, as they are typically selected later in the development process based on the requirements and other factors.

B, coz security would cover entire lifecycle of SDLC, and programming language should be discussing once finalizing this function or platform

B (Programming languages)

B is correct

D is wrong, in the gathering requirements we already introduce the Security. I will go for B: The specific programming language.