Effective CISSP Questions

Your customer sells toys online worldwide. A web-based E-Commerce system developed in-house supports the business. The payment gateway of the EC system is outsourced to your company as a software project. Your company has won the bid, which of the following is the best methodology, approach, or framework that provides specific stages, processes, and roles and responsibilities to guide your software development?
A. Capability Maturity Model Integration (CMMI)
B. The NIST SDLC Model
C. The NIST Risk Management Framework (RMF)
D. The Unified Software Development Process

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. The Unified Software Development Process.

To develop software, we need some software development practices, approaches, or even methodologies. The Unified Software Development Process is a software development approach.

The NIST SDLC is applied at the system level while the software is part of the system. Besides, the NIST SDLC focuses on addressing security concerns, instead of guiding software development.

The NIST RMF is a risk management framework at the information system level as well. It doesn’t guide software development.
CMMI is a model used to evaluate the capability of software engineering, procurement, or services.



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

1 thought on “CISSP PRACTICE QUESTIONS – 20200611

Leave a Reply