exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 117 discussion

Actual exam question from ISC's CISSP
Question #: 117
Topic #: 1
[All CISSP Questions]

The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?

  • A. Change management
  • B. Separation of environments
  • C. Program management
  • D. Mobile code controls
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Roy_Xenon
Highly Voted 2 years, 2 months ago
Selected Answer: A
Violated the "Release Control" of Change Management. Release Control Once the changes are finalized, they must be approved for release through the release control procedure. An essential step of the release control process is to double-check and ensure that any code inserted as a programming aid during the change process (such as debugging code and/or backdoors) is removed before releasing the new software to production. This process also ensures that only approved changes are made to production systems. Release control should also include acceptance testing to ensure that any alterations to end-user work tasks are understood and functional.
upvoted 11 times
jackdryan
1 year, 7 months ago
A is correct
upvoted 1 times
...
...
Ramye
Most Recent 6 months ago
Selected Answer: A
This is the most viable answer for the specific keywords “security controls”. Is program management a security control?
upvoted 1 times
...
homeysl
9 months, 2 weeks ago
Selected Answer: A
Release from lower to high environment
upvoted 1 times
...
Soleandheel
1 year ago
A. Change management
upvoted 1 times
...
Bach1968
1 year, 5 months ago
Selected Answer: A
The security control that is most likely to be violated in this scenario is: A. Change management. Change management involves implementing processes and controls to ensure that changes to the application, including updates and patches, are properly authorized, tested, and implemented in a controlled manner. It ensures that changes to the application do not introduce security vulnerabilities or compromise its integrity.
upvoted 2 times
...
HughJassole
1 year, 6 months ago
A. "The CISSP common body of knowledge asserts that change management systems should manage changes related to the entire life cycle of a system including design, development, testing, evaluation, implementation, distribution, and ongoing maintenance." https://securitythinkingcap.com/change-management-and-how-it-is-essential-to-your-security/#:~:text=Change%20management%20is%20a%20key,significant%20benefits%20to%20an%20organization.
upvoted 1 times
...
Alex71
1 year, 10 months ago
Selected Answer: A
The security control that is most likely to be violated in this scenario is "Change management." Change management is a process that is designed to ensure that changes to systems or applications are made in a controlled and authorized manner, minimizing the risk of disruption or compromise. Testing is an important part of the change management process, as it helps to identify and address any security issues that may be introduced as a result of a change. If the QA department is short-staffed and cannot test all modules before the anticipated release date of an application, it is likely that some changes will not be adequately tested, which could result in security issues being introduced into the application.
upvoted 2 times
...
JohnyDal
1 year, 10 months ago
Selected Answer: C
The new app hasnt been released to production yet. CM only kicks in once app is deployed to prod and we are in ops/maintenance phase
upvoted 3 times
...
Dee83
1 year, 11 months ago
D. Correct answer Mobile code controls is most likely to be violated if the quality assurance (QA) department is short-staffed and unable to test all modules before the anticipated release date of an application. Mobile code controls refers to security measures that are put in place to ensure that code from external sources, such as third-party libraries or open-source components, is properly vetted before it is used in an application. Without proper testing, it is possible that malicious code or vulnerabilities could be included in the application, which would compromise its security.
upvoted 1 times
...
somkiatr
1 year, 12 months ago
Selected Answer: A
I agreed with A. Shouldn't be C. What Is Program Management? Program management refers to managing all processes associated collectively with individual projects, such as looking into the staff, and work-related actions, aligning multiple projects with the company's objectives and reporting on status updates and progress. It also oversees the resource management plan and plans for involved projects regarding strategies and change management. reference : https://www.simplilearn.com/what-is-program-management-article The Change Management control can be re-designed to match the release control strategy. reference : https://cloud.google.com/architecture/devops/devops-process-streamlining-change-approval
upvoted 1 times
...
Ivanchun
2 years ago
Selected Answer: A
to test all modules before the anticipated release date is change management
upvoted 1 times
...
Jamati
2 years, 1 month ago
Selected Answer: C
C is correct
upvoted 1 times
...
rootic
2 years, 2 months ago
Selected Answer: C
How can they violate CM if they didn't do all tests? This doesn't make sense. Vote for C.
upvoted 2 times
...
dev46
2 years, 3 months ago
Selected Answer: C
A. Change management - can't be this because the solution is not released/ in production yet B. Separation of environments - it's security control, but the question is about testing C. Program management - this makes sense, but the question doesn't word well. Not sure if program management has official control but if testing all the modules is agreed upon, and if the product is released, it's clearly a violation of what was agreed for the program scope. I would ask to raise risk and get an endorsement from management if this happens. D. Mobile code controls - doesn't align with the question
upvoted 2 times
Coolwater
2 years, 2 months ago
Question - "MOST likely to be violated" if they release the software without testing - Ans is A
upvoted 1 times
...
...
stickerbush1970
2 years, 3 months ago
I am thinking this does align with C PM-11 MISSION/BUSINESS PROCESS DEFINITION Page last updated: Control Description The organization: Defines mission/business processes with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation; and Determines information protection needs arising from the defined mission/business processes and revises the processes as necessary, until achievable protection needs are obtained. PM-11 MISSION/BUSINESS PROCESS DEFINITION Control Description The organization: Defines mission/business processes with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation; and Determines information protection needs arising from the defined mission/business processes and revises the processes as necessary, until achievable protection needs are obtained.
upvoted 3 times
...
CuteRabbit168
2 years, 3 months ago
Selected Answer: A
Answer is correct. Program management is not a "security control"
upvoted 2 times
Cww1
2 years, 3 months ago
PM is a control family in nist 800/53
upvoted 2 times
...
...
Cww1
2 years, 3 months ago
is this the initial release date? seems like it would be PM
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago