Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

During the first sprint of a new cloud-based self-service IaaS portal, the scrum team asks the cloud security professional to map specific security tasks to each Secure SDLC phase. Which activity should be scheduled for the REQUIREMENTS phase rather than for later design, coding, or testing phases?

  • Capture security misuse/abuse cases and add related acceptance criteria to the user stories

  • Run static application security testing (SAST) tools against the checked-in source code

  • Execute dynamic application security testing (DAST) against the pre-production portal

  • Facilitate a threat-modeling workshop reviewing sequence and deployment diagrams

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot