Understanding the concepts of CISSP Domain 8: 20 Practice Questions & Answers💻

Рет қаралды 531

Күн бұрын

Пікірлер: 12

@fouadahmed7777 3 ай бұрын

Question number 1 the answer is B.. Requirement gathering is indeed one of the most critical steps in the secure software development life cycle (SDLC) for preventing security vulnerabilities. Here's why: Foundation for Security: A clear and comprehensive understanding of the software's intended functionality, security requirements, and potential risks is essential for building a secure system.

@fouadahmed7777 3 ай бұрын

Despite there are few wrong answers, I would like to thank you for your efforts trying to help CISSP cert applicants. Please review the comments, make necessary correction and re-upload your video

@ElijahBadmus 7 күн бұрын

I think an updated video has been posted, however it is a combination of all the domains. kzbin.info/www/bejne/r3u3oHt_rcx4ntU

@JasonSmith-se1jg 5 ай бұрын

question 2 should be c. according to google searches and the official testing guidebook, you don't establish an escrow agreement until the system has been accepted. up until that point you don't know if the system meets your needs and that you will use it, so establishing an escrow agreement at the development stage could result in spending money on escrow that is not needed, as you may need to switch vendors if the system is not acceptable.

@JasonSmith-se1jg 5 ай бұрын

question 14 should be provenance, not prevenance. the correct answer is not listed.

@ChinwenduOkongwu 5 ай бұрын

Apologies for the error. The answer to number 14 is Provenance, so option C

@fouadahmed7777 3 ай бұрын

Q #2 Answer is incorrect. Escrow agreements typically take place during the deployment and maintenance phases of the software acquisition life cycle. Here's a breakdown of why: Deployment: Once the software is developed and tested, it's often deployed to a production environment. An escrow agreement can be put in place to ensure that a backup copy of the software's source code is held by a neutral third party. This protects the buyer in case the seller becomes unavailable or goes out of business. Maintenance: Throughout the software's lifecycle, updates, patches, and bug fixes may be required. An escrow agreement can provide a mechanism for accessing the source code if the original developer is no longer able or willing to provide support. While escrow agreements can be established at other phases of the software acquisition life cycle, such as during contract negotiation, they are most commonly implemented during deployment and maintenance to address the risks associated with software ownership and continuity.

@prashansagoel1487 6 ай бұрын

The answer for question 1 should be B

@ChinwenduOkongwu 6 ай бұрын

Hi @prashansagoel1487 thank you for reaching out. Requirement gathering is also important in the Software Development Lifecycle, however Code review directly addresses the potential vulnerabilities at the source code level which makes it a crucial step for secure software development. Remember that when you read the questions, you have to choose the answer that BEST applies to the scenario. Please let me know if you have any other questions.

@JasonSmith-se1jg 5 ай бұрын

@@ChinwenduOkongwu the answer for 1 is definitely b... if you don't gather the requirement that encryption (or any other security feature) is required then no amount of code review will catch the issue. this is also in keeping with the principle of incorporating security early in the process.