Which statement is NOT typically part of SDLC security practices?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the DSAC-11 Annex C Test with real-time quizzes and multiple-choice questions. Each question offers hints and explanations to enhance your preparedness. Boost your confidence and ensure success in your DSAC-11 Annex C exam!

Multiple Choice

Which statement is NOT typically part of SDLC security practices?

Explanation:
The main idea here is identifying which activities are specific to building secure software throughout the SDLC. Threat modeling helps you anticipate and document potential security threats early in design, guiding design decisions to mitigate those risks. Secure coding is the discipline of writing software with security in mind—avoiding unsafe patterns, using proper controls, and applying secure libraries. Code reviews provide a manual or automated check to catch security flaws before code moves forward. These are all concrete security-focused practices embedded in the development lifecycle. The statement about project scheduling isn’t a security practice itself; it’s about planning, timing, and resource management for the project. While scheduling affects how quickly or thoroughly security activities can be performed, it isn’t a security technique. Therefore, that option is not typically considered a security practice within the SDLC.

The main idea here is identifying which activities are specific to building secure software throughout the SDLC. Threat modeling helps you anticipate and document potential security threats early in design, guiding design decisions to mitigate those risks. Secure coding is the discipline of writing software with security in mind—avoiding unsafe patterns, using proper controls, and applying secure libraries. Code reviews provide a manual or automated check to catch security flaws before code moves forward. These are all concrete security-focused practices embedded in the development lifecycle.

The statement about project scheduling isn’t a security practice itself; it’s about planning, timing, and resource management for the project. While scheduling affects how quickly or thoroughly security activities can be performed, it isn’t a security technique. Therefore, that option is not typically considered a security practice within the SDLC.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy