Certified Information Systems Security Professional (CISSP) — Question 40

A software engineer uses automated tools to review application code and search for application flaws, back doors, or other malicious code. Which of the following is the FIRST Software Development Life Cycle (SDLC) phase where this takes place?

Answer options

• A. Deployment
• B. Development
• C. Test
• D. Design

Correct answer: B

Explanation

The correct answer is B, Development, as this is the phase where code is written and can be assessed for security flaws using automated tools. The other phases, such as Test and Deployment, occur after the Development phase and focus on different aspects of the software lifecycle rather than initial code review.