CompTIA CySA+ Practice Test

Which control category would contain best security practices to implement within the software development lifecycle?

• A. Inventory of authorized/unauthorized devices
• B. Controlled use of administrative privileges
• C. Application software security
• D. Malware defenses

The correct answer is: Application software security

The correct choice focuses on "Application software security," which is critical within the software development lifecycle (SDLC). This category encompasses practices designed to protect applications from security threats throughout their development and maintenance phases. Implementing security measures early in the SDLC is essential since it helps to identify and mitigate vulnerabilities before the software is deployed, thereby reducing the risk of exploitation once the application is in use. Best security practices in this category may include secure coding standards, regular security assessments, and threat modeling. By embedding security into the development process, organizations can ensure that their software products are resilient against attacks and comply with industry standards. In contrast, the other choices, while still important to an overall security posture, do not specifically target the software development lifecycle. For instance, managing inventory of devices concentrates on physical assets rather than the security of software. Controlled use of administrative privileges pertains more to access management and does not inherently address the unique challenges of securing software. Malware defenses focus on detection and prevention of malicious software but do not relate directly to the practices needed during software development.