New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CDPSE Exam - Topic 3 Question 58 Discussion

Actual exam question for Isaca's CDPSE exam
Question #: 58
Topic #: 3
[All CDPSE Questions]

Which of the following is the BEST way to ensure that application hardening is included throughout the software development life cycle (SDLC)?

Show Suggested Answer Hide Answer
Suggested Answer: B

The best way to ensure that application hardening is included throughout the software development life cycle (SDLC) is to include qualified application security personnel as part of the process. Application hardening is the process of applying security measures and techniques to an application to reduce its attack surface, vulnerabilities, and risks. Application hardening should be integrated into every stage of the SDLC, from planning and design to development and testing to deployment and maintenance. Including qualified application security personnel as part of the process helps to ensure that application hardening is performed effectively and consistently, as well as to provide guidance, feedback, and support to the developers, testers, and project managers. The other options are not as effective or sufficient as including qualified application security personnel as part of the process, as they do not address the root cause of the lack of application hardening, which is the gap in skills and knowledge among the SDLC participants.


by Rosio at Dec 10, 2024, 07:22 PM

Limited Time Offer

25%

Off

Get Premium CDPSE Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Elvera
3 months ago
Wait, are we really trusting third-party audits? That feels risky!
upvoted 0 times
...
Alesia
3 months ago
D seems excessive for every new client solution.
upvoted 0 times
...
Lucy
3 months ago
A sounds good, but an annual audit might not be enough.
upvoted 0 times
...
Fabiola
4 months ago
I think C is more effective. Testing right before release is crucial.
upvoted 0 times
...
Dominic
4 months ago
B is definitely the way to go! Security needs to be part of the team.
upvoted 0 times
...
Junita
4 months ago
I vaguely recall that audits can help, but I feel like they might not be as effective as having security integrated from the start.
upvoted 0 times
...
Yesenia
4 months ago
I’m leaning towards option C since it emphasizes testing, but I wonder if that’s enough without ongoing involvement from security experts.
upvoted 0 times
...
Caitlin
4 months ago
I think option B sounds familiar from our practice questions, but I also feel like testing right before release is crucial too.
upvoted 0 times
...
Dorothy
5 months ago
I remember discussing how integrating security personnel into the SDLC could really help, but I'm not sure if that's the absolute best way.
upvoted 0 times
...
Ceola
5 months ago
Annual audits and testing are good, but they're reactive. Option B is proactive and gets security involved from the start.
upvoted 0 times
...
Desiree
5 months ago
I'm leaning towards B as well. Bringing in qualified security experts to be part of the process seems like the most effective way to embed application hardening.
upvoted 0 times
...
Matthew
5 months ago
Okay, I think the key here is to ensure security is integrated throughout the SDLC, not just at the end. Option B looks like the best choice.
upvoted 0 times
...
Noel
5 months ago
Hmm, I'm not sure. Including security personnel seems like a good idea, but I'm not convinced that's the best approach.
upvoted 0 times
...
Alyce
5 months ago
This is a tricky one. I'll need to think through the different options carefully.
upvoted 0 times
...
Elfriede
1 year ago
I'd have to go with B. Bringing in the security team as an integral part of the process is key.
upvoted 0 times
...
Stephanie
1 year ago
Wow, this question is really making me hungry. Maybe we should test the app by seeing if it can order a pizza securely?
upvoted 0 times
...
Lilli
1 year ago
Option B is the way to go. You can't have a secure application without security experts involved from the start.
upvoted 0 times
Paulina
1 year ago
It's important to prioritize security throughout the entire development process.
upvoted 0 times
...
Callie
1 year ago
Including them in the process can help prevent security issues down the line.
upvoted 0 times
...
Cristina
1 year ago
Definitely, they can help identify potential vulnerabilities early on.
upvoted 0 times
...
German
1 year ago
I agree, having security experts involved from the beginning is crucial.
upvoted 0 times
...
...
Tonette
1 year ago
I'm not sure, but D sounds like the most thorough approach. A third-party audit would be really comprehensive.
upvoted 0 times
...
Elza
1 year ago
C seems like the way to go. Comprehensive testing right before release is the best way to catch any security issues.
upvoted 0 times
Eden
1 year ago
Annual third-party audits can provide an extra layer of security assurance.
upvoted 0 times
...
Thaddeus
1 year ago
Having qualified application security personnel involved throughout the process is also crucial.
upvoted 0 times
...
Laurene
1 year ago
I agree, C is definitely important to catch any security issues before release.
upvoted 0 times
...
...
Elenore
1 year ago
I believe ensuring comprehensive application security testing immediately prior to release is also crucial to catch any vulnerabilities before deployment.
upvoted 0 times
...
Zack
1 year ago
I think both suggestions are valid. Having security personnel involved from the start and conducting thorough testing before release can greatly enhance application hardening.
upvoted 0 times
...
Edwin
1 year ago
I agree with Sharan. Having experts involved throughout the SDLC can help identify and address security issues early on.
upvoted 0 times
...
Sharan
1 year ago
I think the best way is to include qualified application security personnel as part of the process.
upvoted 0 times
...
Hobert
1 year ago
I think the best option is B. Having qualified security personnel involved throughout the SDLC is crucial for ensuring application hardening.
upvoted 0 times
Teddy
1 year ago
I think having both internal and external audits can also help strengthen security measures.
upvoted 0 times
...
Denna
1 year ago
Yes, that's a good point. Both are important for ensuring application security.
upvoted 0 times
...
Eladia
1 year ago
But wouldn't it also be important to have comprehensive testing before release?
upvoted 0 times
...
Margart
1 year ago
I agree, having security personnel involved from the start is key.
upvoted 0 times
...
...

Save Cancel