Certified Information Systems Security Professional (CISSP) — Question 276

Which technique helps system designers consider potential security concerns of their systems and applications?

Answer options

• A. Threat modeling
• B. Manual inspections and reviews
• C. Source code review
• D. Penetration testing

Correct answer: A

Explanation

Threat modeling is a proactive approach that allows designers to anticipate security vulnerabilities by analyzing potential threats. The other options, while useful in their own right, are more reactive or specific in nature; manual inspections and reviews, source code review, and penetration testing do not focus on identifying potential threats during the design phase.