CISSP – Information Systems Security Management Professional (ISSMP) — Question 8
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.
Answer options
- A. Vulnerability Assessment and Penetration Testing
- B. Security Certification and Accreditation (C&A)
- C. Change and Configuration Control
- D. Risk Adjustments
Correct answer: A, B, D
Explanation
Options A, B, and D are essential security controls that help ensure software security during deployment. Vulnerability Assessment and Penetration Testing identify potential security flaws, Security Certification and Accreditation (C&A) validates compliance with security requirements, and Risk Adjustments involve modifying risk management strategies. Option C, while important for maintaining security, is more focused on managing changes rather than directly securing the software during deployment.