CompTIA CySA+ (CS0-002) — Question 311

At which of the following phases of the SDLC should security FIRST be involved?

Answer options

• A. Design
• B. Maintenance
• C. Implementation
• D. Analysis
• E. Planning
• F. Testing

Correct answer: E

Explanation

Security should be integrated during the Planning phase of the SDLC to ensure that security requirements are identified early and incorporated into the project from the start. Involving security later in the process, such as during Design, Implementation, or Testing, may lead to vulnerabilities being overlooked. The Maintenance phase focuses on updates and support, which is not the optimal time for initial security considerations.