Badly written question, as others have stated already...not enough information to choose between B or C. Anyway, I think this question is meant to test you on the SDLC so in that case, you integrate security into it as early as possible (in this case, development phase, although it should be even earlier, in the design phase). So I vote C.
The reason it would be C is that it is considered best practice in DevSecOps for building secure applications. B also makes sense but I would prefer C.
I'm not sure they give enough context (yet again).
If you're about to develop something then C makes the most sense as people have stated. Though software development is taught briefly on the CISM course I've done, it's not an ISM's job.
If the question is talking about something being integrated then the answer is B. Implementing things into security systems (and managing the risk that comes with it) is far more in line with an ISM's work
C. integrate security functionality during the development stage
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AlexJacobson
11 months, 2 weeks agojcisco123
1 year agoAaronS1990
1 year, 4 months agoBl1024
1 year, 4 months agoAaronS1990
1 year, 4 months agochanke
1 year, 6 months agorichck102
1 year, 7 months ago