Certified Information Systems Security Professional (CISSP) — Question 239

A financial organization that works according to agile principles has developed a new application for their external customer base to request a line of credit. A security analyst has been asked to assess the security risk of the minimum viable product (MVP). Which is the MOST important activity the analyst should assess?

Answer options

• A. The software has been signed off for release by the product owner.
• B. The software had been branded according to corporate standards.
• C. The software has the correct functionality.
• D. The software has been code reviewed.

Correct answer: D

Explanation

The most crucial activity for the security analyst is to ensure that the software has been code reviewed, as this process identifies vulnerabilities and security flaws before release. While sign-off from the product owner, branding, and functionality are important, they do not directly address security risks associated with the code itself, making option D the most relevant choice.