Certified Information Systems Security Professional (CISSP) — Question 205

The security architect has been mandated to assess the security of various brands of mobile devices. At what phase of the product lifecycle would this be MOST likely to occur?

Answer options

• A. Implementation
• B. Operations and maintenance
• C. Disposal
• D. Development

Correct answer: D

Explanation

The correct answer is D, Development, because security assessments should be integrated early in the product lifecycle to identify vulnerabilities before the product is released. The other phases, such as Implementation, Operations and maintenance, and Disposal, may have security considerations but are not primarily focused on the initial design and security architecture.