Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house by an integrated product team (IPT). In a meeting, the IPT is discussing the solution using UML diagrams from a variety of views, such as user, logical, process, implementation, and deployment views. Which of the following is the IPT doing?
A. Feasibility analysis
B. Requirement analysis
C. Developing User Requirement Specification (URS)
D. Design review

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Design review.


Software as a Solution

Analysis Phase

The needs of stakeholders are solicited, collected, and transformed into requirements that are analyzed, specified, verified, validated, prioritized, scoped, and managed for changes. The needs and requirements define the problem to be solved. This is done in the analysis phase in the software development life cycle.

Design Phase

A design is developed as a solution based on needs and requirements. A designed will be reviewed in terms of usability, performance, availability, scalability, security, maintenance, extensibility, and so forth. It’s common to conduct threat modeling to evaluate security.

A design typically comprises a collection of models in the forms of drawings, diagrams, prototypes, etc. UML (Unified Modeling Language) is one of the most popular modeling tools nowadays.

Problem Domain and Solution Domain

Problem domain (or problem space) is an engineering term referring to all information that defines the problem and constrains the solution (the constraints being part of the problem).

While the Problem Domain defines the environment where the solution will come to work, the solution domain defines the abstract environment where the solution is developed.

Source: What is Problem Domain and Solution Domain

Design and Model

A design is the structural and consistent representation of a solution, implemented to solve a problem.

A model is the structural and consistent expression of a problem or solution domain; The most common forms of the model are diagrams, mathematical formulas, physical mocks, and prototypes.


  • The IPT is discussing the “solution,” so there must exist a design.
  • The UML diagrams contain user, logical, process, implementation, and deployment views. It implies the solution is discussed.
  • In conclusion, the IPT is reviewing the design.

1 thought on “CISSP PRACTICE QUESTIONS – 20191004

Leave a Reply