ISC2 CISSP Practice Question

During which phase of the Software Development Lifecycle (SDLC) should security requirements first be defined?

Testing phase
Implementation phase
Design phase
Requirements phase

Report Issue

Answer Description

The correct answer is the requirements phase because security requirements should be identified and documented at the earliest possible stage of development. Establishing security requirements during the requirements phase ensures they're treated with the same importance as functional requirements and properly incorporated into subsequent design and implementation decisions.

**The design phase **is too late for initial security requirements definition. While security architecture designs are created during this phase, they should be based on security requirements already established. Delaying security considerations until the design phase can result in architectural decisions that are difficult to secure properly.

**The implementation phase **is significantly too late to begin considering security requirements. By this point, the architecture is established, and major changes to accommodate security needs would be expensive and time-consuming. Security during implementation should focus on following secure coding practices based on previously established requirements.

The testing phase is entirely too late for defining security requirements. At this point, the application is largely built, and discovering that it doesn't meet fundamental security needs would require substantial rework. The testing phase should verify that the implementation meets the security requirements defined much earlier in the lifecycle.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

What are the key activities in the requirements phase of SDLC?

Open an interactive chat with Bash

Why is it important to include security requirements early in the SDLC?

Open an interactive chat with Bash

What are some common security requirements to consider in the requirements phase?

Open an interactive chat with Bash

ISC2 CISSP

Software Development Security

Your Score:

Settings & Objectives

Security and Risk Management

Asset Security

Security Architecture and Engineering

Communication and Network Security

Identity and Access Management (IAM)

Security Assessment and Testing

Security Operations

Software Development Security

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Wipe Score

Bash, the Crucial Exams Chat Bot

AI Bot

ISC2 CISSP Practice Question

Answer Description

Ask Bash

What are the key activities in the requirements phase of SDLC?

Why is it important to include security requirements early in the SDLC?

What are some common security requirements to consider in the requirements phase?

Monthly

$19.99

Billed monthly,
Cancel any time.

3 Month Pass

$44.99

One time purchase of $44.99,
Does not auto-renew.

Annual Pass

$119.99

One time purchase of $119.99,
Does not auto-renew.

Lifetime Pass

$189.99

One time purchase,
Good for life.

All Exams

Unlimited Tests

Unlimited Questions

AI Tutor

Track scores

Report Cards

Voucher Discounts

Advanced PBQs

Included Exams