New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSMP Exam - Topic 3 Question 68 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 68
Topic #: 3
[All ISSMP Questions]

Which of the following SDLC phases consists of the given security controls.

Misuse Case Modeling

Security Design and Architecture Review

Threat and Risk Modeling

Security Requirements and Test Cases Generation

Show Suggested Answer Hide Answer
Suggested Answer: A

The various security controls in the SDLC design phase are as follows.

Misuse Case Modeling. It is important that the inverse of the misuse cases be modeled to understand and address the security aspects of the software. The requirements traceability matrix can be used to track the misuse cases to the functionality of the software.

Security Design and Architecture Review. This control can be introduced when the teams are engaged in the 'functional' design and architecture review of the software.

Threat and Risk Modeling. Threat modeling determines the attack surface of the software by examining its functionality for trust boundaries, data flow, entry points, and exit points. Risk modeling is performed by ranking the threats as they pertain to the users organization's business objectives, compliance and regulatory requirements and security exposures.

Security Requirements and Test Cases Generation. All the above three security controls, i.e., Misuse Case Modeling, Security Design and Architecture Review, and Threat and Risk Modeling are used to produce the security requirements.


by Roselle at May 29, 2023, 03:55 PM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Terry
3 months ago
Agreed, Design is where all those controls really come into play!
upvoted 0 times
...
Julio
3 months ago
Wait, are we sure about that? Seems like it could fit in multiple phases.
upvoted 0 times
...
Phil
4 months ago
Security should be integrated from the start, so Design makes sense.
upvoted 0 times
...
Cherilyn
4 months ago
I think it's more about Requirements Gathering.
upvoted 0 times
...
Mira
4 months ago
Definitely the Design phase!
upvoted 0 times
...
Frederica
4 months ago
I definitely recall that Misuse Case Modeling is part of the Design phase, but I can't remember if all the others fit there too.
upvoted 0 times
...
Kyoko
4 months ago
I'm a bit confused; I thought some of these controls could also apply to the Requirements Gathering phase.
upvoted 0 times
...
Deane
5 months ago
I remember practicing a question about SDLC phases, and I feel like "Security Design and Architecture Review" fits best in the Design phase.
upvoted 0 times
...
Gerardo
5 months ago
I think the security controls mentioned are mostly related to the design phase, but I'm not entirely sure.
upvoted 0 times
...
Kimberely
5 months ago
This looks like a tricky question on Exadata security features. I'll need to think through the different options carefully.
upvoted 0 times
...
Gearldine
5 months ago
I feel pretty confident that the right answer here is option C - establishing KPIs. That's going to give you the most quantifiable and measurable way to assess the impact of the Sales Cloud implementation. The other options seem a bit more subjective or indirect.
upvoted 0 times
...

Save Cancel