Weekly CISSP Exam Questions
During SDLC, when should security testing ideally begin?
A. After coding
B. During the design phase
C. After deployment
D. During user acceptance testing
Correct Answer: B
Explanation:
After coding: Waiting until after coding is completed would mean missing the opportunity to address security issues in the design or architecture of the software. By this time, changes could be more difficult and costly to implement.
During the design phase: Starting security testing during the design phase allows the team to identify potential vulnerabilities before any code is written. This makes it easier to address issues at a foundational level, and it's usually less costly than trying to retrofit security features into completed software. Security can be integrated into architectural decisions, data flow designs, and feature specifications.
After deployment: This would be far too late for initial security testing, as vulnerabilities in the deployed software could be immediately exploited, leading to potential data breaches or other security incidents.
During user acceptance testing: While it's essential to have security measures evaluated during user acceptance testing, waiting until this phase to start security testing would mean missing the opportunity to address issues earlier in the development process.
Podcasts
Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.
CISSP Cyber Training Academy
Tired of not knowing how to study for the CISSP Exam?
Check out the CISSP Cyber Training Academy to help you on your journey!
CISSP Cyber Training - YouTube
Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.
