Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house by an integrated product team (IPT). In a meeting, the IPT is discussing the solution using UML diagrams from a variety of views, such as user, logical, process, implementation, and deployment views. Which of the following is least likely used in the meeting?
A. Use Cases
B. DREAD (Damage, Reproducibility, Exploitability, Affected Users, and Discoverability)
C. CWE (Common Weakness Enumeration)
D. Code Review

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Code Review.

Quality Software

In the design review meeting, the design is reviewed against functional and non-functional requirements to determine effectiveness and efficiency. Personally, I treat non-functional requirements as quality requirements that can be evaluated in terms of the criteria, U PASS ME!.

Use Case

Use cases are typically used to capture functional requirements that determine the effectiveness of the design.


Threat modeling can be conducted in terms of the security aspects of the design. DREAD is used to analyze the risk. CWE is used to identify common software weakness or vulnerability.

Code Review

As the IPT is conducting a design review, the software is not developed yet. So, there is no source code to review.


This question may be controversial because the development method or approach is assumed to be a waterfall. If the software is developed based on iteration-based or agile, the code committed in previous iterations or sprints may be reviewed.

This question is designed to help those who have no idea or little experience in software development to understand the generic software development life cycle based on the waterfall.

Leave a Reply