Cisco Exam 300-915 Topic 14 Question 58 Discussion

Actual exam question for Cisco's 300-915 exam

Question #: 58
Topic #: 14

As part of an IoT project, an organization is developing an edge application that will run on a gateway to securely transmit sensor information it receives into an IoT cloud. Based on the Agile software development lifecycle, the development team is planning to implement a CI/CD pipeline.

Which two methods should be suggested to make the software development lifecycle more secure during the implementation and testing? (Choose two.)

APerform automated code reviews prior to deployment.

BImplement auto-provisioning security inspection for the code.

CPerform on-going penetration testing on the system.

DPerform a GAP analysis on current security activities and policies.

ETrain members of the team in a secure software development lifecycle methodology such as OWASP.

Show Suggested Answer

Suggested Answer: D, E

by Linn at Mar 09, 2024, 01:50 AM

Limited Time Offer

25%

Off

Get Premium 300-915 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Laurel

3 days ago

Haha, Lai makes a good point. 'Auto-provisioning security inspection' does sound like some buzzword-compliant nonsense. But hey, maybe the exam writers are trying to trip us up with that one. I'd stick with the tried-and-true methods - code reviews and OWASP training. Can't go wrong there.

upvoted 0 times

...

Lai

5 days ago

Hmm, I'm not so sure about option B. 'Auto-provisioning security inspection' - what does that even mean? Sounds like some made-up consultant jargon to me. I'd much rather see a good old-fashioned code review, and make sure the team is trained on OWASP principles. Keep it simple, you know?

upvoted 0 times

...

Leonora

5 days ago

I agree with Gayla. Automated code reviews and training the team on secure software development are so important. You can't just rely on penetration testing at the end - you need to build security in from the start. I also think option B, 'Implement auto-provisioning security inspection for the code,' is a good one. Catching security issues early in the pipeline is key.

upvoted 0 times

...

Gayla

6 days ago

This is a great question that really gets at the heart of securing the software development lifecycle, especially for an IoT project where security is critical. I think the two best options here are A) Perform automated code reviews prior to deployment and E) Train members of the team in a secure software development lifecycle methodology such as OWASP.

upvoted 0 times

...