Effective CISSP Questions

Your company decides to sell toys online and ships globally. The target customers are house-hold consumers. An in-house team is responsible for developing the online shopping website. To maximize security assurance and market share, which of the following is the least concern?
A. The selection of computer languages
B. The adoption of Unified Modeling Language (UML)
C. The choice of the Software Development Life Cycle (SDLC)
D. The design of software architecture

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. The adoption of Unified Modeling Language (UML).

Different generations of computer languages have different capabilities and security issues. For example, the assembly language can control hardware and do low-level operations, while JavaScript is confined in the context of web browsers and has no direct control over OS services or I/O operations. So, computer languages matter to security.

Security should be addressed across the Software Development Life Cycle (SDLC) and architectural elements.

  • The SDLC stages of the Agile approach will be performed iteratively, and the output will be delivered incrementally; this is not a good choice for a safety-critical system or a life-critical system. Instead, the traditional plan-driven waterfall model is more appropriate in this case.
  • A well-designed software architecture reduces attack vectors inherently and offloads programmers’ burdon of security concerns.

The Unified Modeling Language (UML) is a general-purpose, developmental, modeling language in the field of software engineering that is intended to provide a standard way to visualize the design of a system. UML is an expression and communication tool for analysis and design. Good expression and communication may help in terms of security. However, it is not directly related to security issues and not the only tool available for the development team.







1 thought on “CISSP PRACTICE QUESTIONS – 20200310

Leave a Reply