ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
Your organization develops critical software using a traditional Waterfall methodology. After the requirements have been baselined, the project has just moved into the design phase. To ensure security is properly integrated at this point in the lifecycle, which activity should the security team insist be completed before detailed coding begins?
Run a dynamic application security test (DAST) against the finished build to find runtime vulnerabilities.
Develop an application decommissioning plan to outline data destruction steps.
Perform a structured threat-modeling exercise on the proposed architecture and data flows.
Conduct a formal code review to verify adherence to secure coding standards.
In the Waterfall model, each phase offers distinct opportunities to build in security controls. Once functional and security requirements are finalized, the design phase is the best time to perform threat modeling. Threat modeling systematically identifies, ranks, and documents potential threats and attack vectors, enabling architects to design mitigating controls before code is written. Conducting code reviews or static analysis is premature because there is little or no code yet. Dynamic application security testing (DAST) and penetration testing are typically deferred until executable components exist-usually during testing or deployment phases-when the application can be exercised in a running state. Waiting until decommissioning to address threats would miss the opportunity to influence the system's architecture and could necessitate costly rework. Therefore, performing threat modeling during the design phase is the most effective choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is threat modeling in software development?
Open an interactive chat with Bash
Why is threat modeling recommended during the design phase of the Waterfall model?
Open an interactive chat with Bash
How does threat modeling differ from dynamic application security testing (DAST)?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Lifecycle Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .