CISSP PRACTICE QUESTIONS – 20210428

Effective CISSP Questions

You are a developer of the Agile team that develops the customer relationship management system for your company. Which of the following is least likely for you to do? (Wentz QOTD)
A. Configure the database connection setting
B. Write unit tests before the production code are done
C. Interact with customers directly for software requirements
D. Respond to customer’s bug report directly to restore service level in time

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Respond to customer’s bug report directly to restore service level in time.

Software Development Life Cycle (SDLC) – Design

The term “service level” implies “IT operations.” Per the principle of separation of duties, developers are not responsible for responding to production systems’ incidents and maintaining the service level. It’s not uncommon that Agile practices may clash with security. It’s a good issue for further discussion in the security community.

According to the Agile manifesto, its values and principles suggest “Customer collaboration over contract negotiation” and “Business people and developers must work together daily throughout the project.” It’s a common Agile practice for developers to interact with customers as a whole team for elaborating on requirements. Developers work out solutions to meet those requirements; they focus on the software development processes and don’t operate production systems.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

您是敏捷團隊的開發人員,該團隊為您的公司開發客戶關係管理系統。 您最不可能執行以下哪項工作?(Wentz QOTD)
A. 設定數據庫的連接
B. 在完成生產代碼之前編寫單元測試
C. 直接與客戶互動以獲取軟件需求
D. 直接回應客戶的錯誤報告以及時恢復服務水平

Leave a Reply