Exam CS0-002 topic 1 question 164 discussion

Shift-left

E is always the answer when these types of questions are asked. If you see "At which phase of the *insert type of development or life cycle* should security included, first started, defined, implemented, etc?" The answer is always in the planning and requirements phase. You'll see lots of this within project management questions.

Obviously security should ideally be involved at all stages. The SDLC is as follows: Planning Requirements Design Implementation Testing Deployment Maintenance

Selected Answer: D Analysis may be the right answer as per CompTIA Cybersecurity Analyst (CySA+) Study Guide: Exam CS0-002, Second Edition Requirement. Once an effort has been deemed feasible, it will typically go through an analysis and requirements definition phase. In this phase customer input is sought to determine what the desired functionality is, what the current system or application currently does and doesn't do, and what improvements are desired. Requirements may be ranked to determine which are most critical to the success of the project. Tip Security requirements definition is an important part of the analysis and requirements definition phase. It ensures that the application is designed to be secure and that secure coding practices are used.

ng, a secure SDLC involves integrating security testing and other activities into an existing development process. Examples include writing security requirements alongside functional requirements and performing an architecture risk analysis during the design phase of the SDLC.

Which phase of SDLC security is first? Requirement Planning First, you need to plan. While planning may be the most contentious phase of the secure software development life cycle, it's also often the most important. During this phase, you'll determine what your project's security requirements are.

Security requirements definition is an important part of the analysis and requirements definition phase. It ensures that the application is designed to be secure and that secure coding practices are used.

Planning is the first phase and security should be involved from the start.

Embedding Security into All Phases of the SDLC Ideally, you should secure each phase of the SDLC in the most appropriate manner for stakeholders present at that stage, while also ensuring that each security measure facilitates security practices across the whole project. Link https://www.aquasec.com/cloud-native-academy/supply-chain-security/secure-software-development-lifecycle-ssdlc/

I'm going with Planning on this one. Security should be incorporated at every stage. The planning and requirements phase will be where the security requirements are planned out before being incorporated into the design.

Look at the phases: Phase 1: Requirements. Phase 2: Design. ... Phase 3: Development. ... Phase 4: Verification. ... Phase 5: Maintenance and Evolution. I believe the security person should be involved throughout the whole cycle and since phase 1 (requirements) is not a listed option, we have to with the next option which is Design. So the answer i believe is A. Design. Let me know.

security must be adressed already at analysis stage.

A sounds good.

Generally speaking, a secure SDLC involves integrating security testing and other activities into an existing development process. Examples include writing security requirements alongside functional requirements and performing an architecture risk analysis during the design phase of the SDLC.