CompTIA Security+ (SY0-501) — Question 374

A security analyst has been asked to perform a review of an organization's software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code.
Which of the following assessment techniques is BEST described in the analyst's report?

Answer options

• A. Architecture evaluation
• B. Baseline reporting
• C. Whitebox testing
• D. Peer review

Correct answer: D

Explanation

The correct answer is D, Peer review, as it specifically involves team members reviewing each other's code to provide feedback. The other options do not focus on the collaborative critique of code; Architecture evaluation pertains to system design, Baseline reporting involves comparing current states against a standard, and Whitebox testing is about testing the internal structures of the code.