exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam

Exam CSSLP topic 1 question 9 discussion

Actual exam question from ISC's CSSLP
Question #: 9
Topic #: 1
[All CSSLP Questions]

What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete solution. Choose all that apply.

  • A. Develop software requirements.
  • B. Implement change control procedures.
  • C. Develop evaluation criteria and evaluation plan.
  • D. Create acquisition strategy.
Show Suggested Answer Hide Answer
Suggested Answer: ACD 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
74gjd_37
5 months, 3 weeks ago
Selected Answer: ACD
There is A Reference Guide for Security-Enhanced Software Acquisition and Outsourcing called "Software Assurance in Acquisition: Mitigating Risks to the Enterprise" by Information Resources Management College of National Defense University https://apps.dtic.mil/sti/pdfs/ADA495389.pdf It defines the folloiwng phases: - planning - contracting - monitoring and acceptance - follow-on The planning phase (quote) "begins with (1) needs determination for acquiring software services or products, identifying potential alternative software approaches, and identifying risks associated with those alternatives. This set of activities is followed by (2) developing software requirements to be included in work statements; (3) creating an acquisition strategy and/or plan that includes identifying risks associated with various software acquisition strategies; and (4) developing evaluation criteria and an evaluation plan. SwA considerations are discussed for each of the major activities. In the last part of this section (2.5), the development and use of SwA due diligence questionnaires are discussed.
upvoted 2 times
74gjd_37
5 months, 3 weeks ago
Implementing change control procedures typically occurs during the monitoring & acceptance phase when overlooking potential issues after deployment consequently creating deviations from intended outcomes or previous stages' goals within this life cycle model used as a reference guide by Information Resources Management College (IRMC) at National Defense University (NDU). Therefore it is not included in the planning phase's set of activities described above since it does not directly deal with designing new SwA measures but enforcing those previously established earlier while ensuring that their implementation matches original plans accordingly throughout runtime modifications performed when needed forming part of production maintenance.
upvoted 1 times
...
74gjd_37
5 months, 3 weeks ago
Implementing change (or configuration) control procedures is a part of Monitoring and Acceptance Phase, not of a Planning Phase. Therefore, the correct answer is ACD.
upvoted 1 times
...
74gjd_37
5 months, 3 weeks ago
In the Planning Phase, there are several activities undertaken to ensure that Software Assurance in Acquisition is thoroughly considered before moving on to subsequent phases of development. Developing comprehensive software requirements helps identify which factors must be present in acquired or outsourced products or services for them to meet all functional and security-based specifications appropriately. Creating an evaluation plan and associated criteria allows project stakeholders to decide what aspects will be covered when examining potential vendors' proposals, work products, or services offered during the contracting phase adequately. Finally, outlining a clear acquisition strategy enables procuring organizations (including government institutions) to stay aware of relevant mandates/regulations potentially impeding progress related to acquiring security-enhanced software development activities while developing a thorough course of action for mitigating any issues encountered during this stage effectively.
upvoted 1 times
...
...
4e3rv21rq3vq2q
1 year, 8 months ago
Selected Answer: ACD
This set of activities is followed by (2) developing software requirements to be included in work statements; (3) creating an acquisition strategy and/or plan that includes identifying risks associated with various software acquisition strategies; and (4) developing evaluation criteria and an evaluation plan. SwA considerations are discussed for each of the major activities.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago