New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CISSP Exam - Topic 5 Question 105 Discussion

Actual exam question for ISC2's CISSP exam
Question #: 105
Topic #: 5
[All CISSP Questions]

Which of the following practices provides the development team with a definition of security and identification of threats in designing software?

Show Suggested Answer Hide Answer
Suggested Answer: C

Threat modeling is a practice that provides the development team with a definition of security and identification of threats in designing software. Threat modeling is a process of analyzing the software system or application from the perspective of an attacker, and identifying the potential threats, vulnerabilities, and risks that may affect the security of the software system or application. Threat modeling can help to improve the security awareness and mindset of the development team, as well as to guide the security design and implementation decisions of the software system or application. Penetration testing, stakeholder review, or requirements review are not the best practices to provide the development team with a definition of security and identification of threats in designing software, as they are more related to the testing, evaluation, or specification aspects of software development.Reference:CISSP All-in-One Exam Guide, Eighth Edition, Chapter 21: Software Development Security, page 1165;CISSP Official (ISC)2 Practice Tests, Third Edition, Domain 8: Software Development Security, Question 8.7, page 303.


by Cherilyn at Jul 10, 2025, 02:10 AM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ty
2 months ago
Not sure if threat modeling is the only way to define security...
upvoted 0 times
...
Leonor
2 months ago
Totally agree, threat modeling helps identify risks early!
upvoted 0 times
...
Teddy
3 months ago
I thought requirements review could also play a role in this.
upvoted 0 times
...
Trinidad
3 months ago
Wait, isn't penetration testing also important for security?
upvoted 0 times
...
Huey
3 months ago
I think it's definitely C, threat modeling is key.
upvoted 0 times
...
Winifred
3 months ago
I might be mixing things up, but I think stakeholder review could help with security definitions, though it doesn’t seem as direct as threat modeling.
upvoted 0 times
...
Jose
4 months ago
Requirements review sounds familiar, but I feel like it’s more about ensuring the software meets user needs rather than security threats.
upvoted 0 times
...
Lorrine
4 months ago
I'm not entirely sure, but I remember something about penetration testing being more about finding vulnerabilities after the software is built.
upvoted 0 times
...
Domonique
4 months ago
I think threat modeling is the right answer since it specifically focuses on identifying threats during the design phase.
upvoted 0 times
...
Verda
4 months ago
I'm leaning towards C as well. Threat modeling is a structured way to analyze the system, identify threats, and define appropriate security controls. The other options are more reactive approaches that come later in the development lifecycle.
upvoted 0 times
...
Isreal
4 months ago
Threat modeling sounds like the right approach here. It's all about proactively identifying potential security risks and vulnerabilities during the design process, which is key for building secure software from the ground up.
upvoted 0 times
...
Ariel
5 months ago
Hmm, I'm a bit unsure about this one. I know penetration testing and requirements review are important for security, but I'm not sure if they provide the same level of upfront threat identification as threat modeling. I'll have to think this through carefully.
upvoted 0 times
...
Dick
5 months ago
I'm pretty sure the answer is C - Threat modeling. That's the practice that helps identify security threats and define security requirements during the design phase.
upvoted 0 times
...
Mari
5 months ago
Requirements review? Nah, that's so last season. Threat modeling is where it's at, baby!
upvoted 0 times
Nan
5 months ago
Threat modeling is definitely the way to go!
upvoted 0 times
...
Josue
5 months ago
Yeah, it identifies threats early!
upvoted 0 times
...
Antonio
5 months ago
Penetration testing is cool, but it's not proactive.
upvoted 0 times
...
Raymon
5 months ago
Requirements review is outdated, for sure!
upvoted 0 times
...
...
Mira
6 months ago
Definitely C) Threat modeling. It's like having a crystal ball to see all the potential threats before they even happen.
upvoted 0 times
Jettie
5 months ago
I agree, threat modeling is crucial for identifying potential security threats.
upvoted 0 times
...
...
Evelynn
7 months ago
I think threat modeling is the way to go. It's like playing a game of 'Spot the Bad Guy' during the design phase.
upvoted 0 times
Tarra
6 months ago
B) Stakeholder review
upvoted 0 times
...
Johana
6 months ago
A) Penetration testing
upvoted 0 times
...
...
Maurine
7 months ago
Penetration testing is more about testing the security controls, while threat modeling is about identifying potential threats during design.
upvoted 0 times
...
Brett
7 months ago
I'm not sure, but I think A) Penetration testing could also help in identifying threats.
upvoted 0 times
...
Jenelle
7 months ago
I agree with Maurine, threat modeling helps identify security threats.
upvoted 0 times
...
Maurine
8 months ago
I think the answer is C) Threat modeling.
upvoted 0 times
...

Save Cancel