New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 ISSMP Exam - Topic 5 Question 75 Discussion

Actual exam question for ISC2's ISSMP exam
Question #: 75
Topic #: 5
[All ISSMP Questions]

Which of the following SDLC phases consists of the given security controls. Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation

Show Suggested Answer Hide Answer
Suggested Answer: B, D

The Biba model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

The Clark-Wilson security model provides a foundation for specifying and analyzing an integrity policy for a computing system.

Answer option C is incorrect. The Bell-LaPadula access control model is mainly used in military systems.

Answer option A is incorrect. There is no such access control model as Clark-Biba.


by Graciela at Nov 25, 2023, 07:14 AM

Limited Time Offer

25%

Off

Get Premium ISSMP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rikki
3 months ago
Yeah, I've seen it mostly tied to Design too.
upvoted 0 times
...
Ryann
3 months ago
Wait, are we sure about that? Sounds a bit off.
upvoted 0 times
...
Howard
3 months ago
Agreed, Design is where all that security stuff happens.
upvoted 0 times
...
Brice
4 months ago
I think it's actually in Requirements Gathering.
upvoted 0 times
...
Anisha
4 months ago
Definitely the Design phase!
upvoted 0 times
...
Merrilee
4 months ago
I definitely recall that Misuse Case Modeling is tied to design, but I’m not confident about the others.
upvoted 0 times
...
Glendora
4 months ago
I'm a bit confused; could it also be part of the requirements gathering phase? I feel like some of those controls might fit there too.
upvoted 0 times
...
Eden
4 months ago
I remember practicing a question similar to this, and I think the design phase is where you would typically address security requirements.
upvoted 0 times
...
An
5 months ago
I think the security controls mentioned are mostly related to the design phase, but I'm not entirely sure.
upvoted 0 times
...
Dante
5 months ago
Okay, I've got a strategy. I'll go through each answer choice and see which one best fits the security controls listed. Methodical approach is key for these types of questions.
upvoted 0 times
...
Kimi
5 months ago
I'm a bit confused on this one. The security controls seem to span multiple SDLC phases, so I'm not sure if there's a single clear-cut answer. I'll need to think it through step-by-step.
upvoted 0 times
...
Nelida
5 months ago
Ah, I think I've got it. The security controls mentioned are all part of the design phase, so the answer must be A. Gotta love those security-focused SDLC questions!
upvoted 0 times
...
Cory
5 months ago
Hmm, the security controls listed seem to align with the requirements gathering and design phases. I'm leaning towards A or D, but I'll double-check my understanding.
upvoted 0 times
...
Joesph
5 months ago
This looks like a tricky one. I'll need to carefully review the SDLC phases and security controls to determine the right answer.
upvoted 0 times
...
Stefan
5 months ago
I'm a little confused on this one. I know the Toyota Production System has some key principles, but I can't recall the exact two pillars off the top of my head. I'll have to review my notes and make an educated guess.
upvoted 0 times
...
Irving
5 months ago
I recall something about traditional budgeting perpetuating inefficiencies, which makes option B seem likely as a benefit of switching to activity based budgeting.
upvoted 0 times
...
King
5 months ago
I feel like we practiced a question similar to this before, where "Type" could also be modified. It's tricky!
upvoted 0 times
...
Bobbye
9 months ago
I dunno, I'm leaning towards A. Design seems like the obvious choice for security controls, doesn't it? Though I could be way off base here.
upvoted 0 times
...
Ressie
10 months ago
Haha, I bet the security team wishes they could just 'Deploy' security and call it a day. But nope, gotta start at the beginning with requirements.
upvoted 0 times
Cyndy
8 months ago
D) Requirements Gathering
upvoted 0 times
...
Sang
8 months ago
C) Deployment
upvoted 0 times
...
Orville
9 months ago
A) Design
upvoted 0 times
...
...
Launa
10 months ago
Definitely D. Security requirements and test cases are all about the initial requirements gathering phase, right?
upvoted 0 times
Lera
8 months ago
That's right. It's important to gather security requirements early on in the SDLC process.
upvoted 0 times
...
Cristy
8 months ago
Yes, you're correct. Security requirements and test cases are indeed part of the requirements gathering phase.
upvoted 0 times
...
Marsha
8 months ago
D) Requirements Gathering
upvoted 0 times
...
Launa
8 months ago
C) Deployment
upvoted 0 times
...
Shonda
8 months ago
B) Maintenance
upvoted 0 times
...
Daron
9 months ago
A) Design
upvoted 0 times
...
...
Isabella
10 months ago
Hmm, this looks like a tricky one. I think the answer might be D, but I'm not totally sure.
upvoted 0 times
Misty
9 months ago
User 3: Yeah, I think D doesn't quite fit with the given security controls.
upvoted 0 times
...
Teddy
9 months ago
User 2: I agree, it seems like the security controls align with the Design phase.
upvoted 0 times
...
Jimmie
10 months ago
User 1: I think the answer is A) Design.
upvoted 0 times
...
...
Denae
10 months ago
I'm not sure, but I think it makes sense that security controls would be part of the Design phase.
upvoted 0 times
...
Cammy
11 months ago
I agree with Elsa, Design phase is where security controls are implemented.
upvoted 0 times
...
Elsa
11 months ago
I think the answer is Design because it involves security controls.
upvoted 0 times
...

Save Cancel