Certified Information Systems Security Professional (CISSP) — Question 206

Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?

Answer options

• A. A security subject matter expert (SME)
• B. A developer subject matter expert (SME)
• C. The business owner
• D. The application owner

Correct answer: A

Explanation

The correct answer is A, as a security subject matter expert (SME) possesses the knowledge and skills necessary to identify security vulnerabilities within the design. The other options, such as a developer SME, business owner, or application owner, may lack the specialized security expertise required for an effective design review.