Weekly CISSP Exam Questions
Scenario: A software development team asks you about incorporating security into their DevOps cycle. What concept would you recommend?
A. Shift-left
B. Waterfall Model
C. Agile methodology
D. Pair Programming
Answer: A
Explanation:
The "Shift-left" concept suggests that security measures should be integrated as early as possible in the software development lifecycle (SDLC). By shifting security "left," closer to the beginning of the development process, vulnerabilities can be detected and fixed early, reducing the cost and impact of a late-stage fix. Here's why the other options are less ideal for this specific question:
Waterfall Model: This is a traditional software development model where each phase must be completed before the next phase can begin. It's less flexible and usually integrates security testing only in the later stages, which can be costly if vulnerabilities are discovered late in the process.
Agile methodology: While Agile is flexible and iterative, it doesn't inherently prioritize security. You can use Agile and still not focus on security unless you deliberately incorporate it, often through a "shift-left" approach.
Pair Programming: This is a development technique where two programmers work together at one workstation. While it can improve code quality, it's not specifically geared towards improving security.
Therefore, for incorporating security into a DevOps cycle, "Shift-left" would be the most appropriate concept to recommend.
Podcasts
Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.
CISSP Cyber Training Academy
Tired of not knowing how to study for the CISSP Exam?
Check out the CISSP Cyber Training Academy to help you on your journey!
CISSP Cyber Training - YouTube
Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.
