Medium1 markMultiple Choice

Area I: Information SystemsChange ManagementArea I

CPA · Question 76 · Area I: Information Systems

An auditor is reviewing the 'System Development Life Cycle' (SDLC). Which phase should include the definition of security requirements?

Answer options:

A.

Testing

B.

Deployment

C.

Requirements Analysis / Planning

D.

Maintenance

How to approach this question

Apply 'Shift Left' or 'Security by Design'.

Full Answer

C.Requirements Analysis / Planning✓ Correct

Requirements Analysis / Planning

Defining security requirements early prevents costly rework and vulnerabilities.

Common mistakes

Thinking security happens during testing.

Question 75 All questions Question 77

Practice the full CPA ISC Practice Exam 2

82 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01A service organization provides a cloud-based payroll platform where clients access the software ...Medium Q02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...Hard Q03During a walkthrough of the change management process, an auditor observes that developers have w...Medium Q04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...Hard Q05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium

View all 82 questions →