Which statement describes a secure Software Development Life Cycle (SDLC)?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the DSAC Annex F Test with comprehensive flashcards and multiple choice questions. Access hints and explanations for each question to ensure you’re ready for your exam!

Multiple Choice

Which statement describes a secure Software Development Life Cycle (SDLC)?

Explanation:
Embedding security across all SDLC phases means treating security as an integral, ongoing concern rather than something added at the end. This approach makes security a factor from the initial requirements and threat modeling, through design and secure coding practices, into testing, deployment, and ongoing maintenance. By considering security at every stage, you catch and fix vulnerabilities earlier when they’re cheaper and easier to address, reduce the risk of breaches, and meet compliance and trust expectations. Relying only on testing after deployment misses many issues that were introduced earlier and may be too late or costly to remediate once a product is live. Excluding security to speed delivery ignores the ongoing risk landscape and can leave systems exposed. Duplicating security in one phase isn’t enough because threats span the entire lifecycle; a single-phase focus leaves other stages vulnerable.

Embedding security across all SDLC phases means treating security as an integral, ongoing concern rather than something added at the end. This approach makes security a factor from the initial requirements and threat modeling, through design and secure coding practices, into testing, deployment, and ongoing maintenance. By considering security at every stage, you catch and fix vulnerabilities earlier when they’re cheaper and easier to address, reduce the risk of breaches, and meet compliance and trust expectations.

Relying only on testing after deployment misses many issues that were introduced earlier and may be too late or costly to remediate once a product is live. Excluding security to speed delivery ignores the ongoing risk landscape and can leave systems exposed. Duplicating security in one phase isn’t enough because threats span the entire lifecycle; a single-phase focus leaves other stages vulnerable.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy