CISSP PRACTICE QUESTIONS – 20210609

Effective CISSP Questions

Engineering is an approach that involves a set of processes to develop a solution, which can be a system, software, or any deliverable, transformed from stakeholders’ requirements and support the solution throughout its life. Which of the following is the most generally accepted correct statement? (Wentz QOTD)
A. ISO/IEC 15288 prescribes six stages in the system life cycle (SLC).
B. The software development life cycle differs from the one of a system.
C. Verification and validation processes are not applied other than the testing stage.
D. A development life cycle addresses the construction of a system instead of acquisition.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. The software development life cycle differs from the one of a system.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.

SDLC: System or Software?
SDLC: System or Software?

Life Cycle

Every person has his or her own life, so does a system or software. The life cycle of systems or software differs. A system or software life cycle typically comprises a collection of processes (aka life cycle processes) conducted across stages (or phases) from its inception to retirement in engineering.

The term “development” in the system or software development life cycle (SDLC) has been misleading because it implies “building,” “making,” “constructing,” or “implementing” something. However, it’s far from possible nowadays for an organization to “develop” alone without any procurement or acquisition. Procurement means buying something from suppliers, while acquisition is used in a broader sense to refer to getting anything from any parties paid or for free.

Stages

The stages of a life cycle vary. Organizations tend to tailor life cycle stages based on an engineering approach and may iterate the life cycle in a project. ISO/IEC 15288 proposes life cycle processes but doesn’t prescribe six stages in the system life cycle (SLC).

Processes

It’s not uncommon that the processes conducted across life cycles vary from time to time. However, the revised ISO/IEC/IEEE 15288:2015 and ISO/IEC/IEEE 12207:2017 are intended to achieve a fully harmonized view of the system and software life cycle processes.

A process is typically conducted across the life cycle with various degrees. Verification and validation are primary processes conducted in the commonly known “testing” or “test” stage. However, requirements, designs, work products, deliverables, final products, etc., can and should be verified and validated in different stages.

The 4 phases and 9 disciplines of the Rational Unified Process
The 4 phases and 9 disciplines of the Rational Unified Process (Image Credit: Humberto Cervantes)

Engineering

  • Engineering is an approach that involves a set of processes to develop a solution, which can be a system, software, or any deliverable, transformed from stakeholders’ requirements and support the solution throughout its life. (short version)
  • Engineering is an approach that involves a set of processes of applying knowledge and skills to understand and manage stakeholders’ requirements, propose and implement a solution to address those requirements, and utilize and support that solution to create value persistently until its retirement. (long version)
  • Systems and software engineering are engineering approaches to deliver systems or software as a solution.
NIST SP 800-160 V1 and ISO 15288
NIST SP 800-160 V1 and ISO 15288

Systems Engineering

Systems Engineering is an interdisciplinary approach and means to enable the realization of successful systems.
– It focuses on defining stakeholder needs and required functionality early in the development cycle, documenting requirements, then proceeding with design synthesis and system validation while considering the complete problem.
– It integrates all the disciplines and specialty groups into a team effort forming a structured development process that proceeds from concept to production to operation.
– It considers both the business and the technical needs of all stakeholders with the goal of providing a quality product that meets the needs of users and other applicable stakeholders. This life cycle spans the conception of ideas through to the retirement of a system.
– It provides the processes for acquiring and supplying systems.
– It helps to improve communication and cooperation among the parties that create, utilize and manage modern systems in order that they can work in an integrated, coherent fashion.

Source: ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

工程是一種涉及開發解決方案的一組流程的方法,該解決方案可以是系統、軟件或任何可交付成果,從利益相關者的需求轉換而來,並在解決方案的整個生命週期中提供支持。 以下哪一項是最被普遍接受的正確說法? (Wentz QOTD)
A. ISO/IEC 15288規定了系統生命週期 (SLC) 的六個階段。
B. 軟件開發生命週期不同於系統的生命週期。
C. 驗證和確認(verification and validation)流程不會用在測試階段以外的其它階段。
D. 開發生命週期關注系統的構建而不是獲取。

Leave a Reply