CISSP Practice Question: In a financial services firm, what would MOST likely happen if security…
Correct Answer: A. Security vulnerabilities may be detected late, increasing remediation costs.
Explanation (CISSP Manager Logic):
Integrating security early, known as "shifting left," minimizes technical debt and prevents expensive architectural changes late in the lifecycle. From a business perspective, fixing a flaw during design is significantly cheaper and less disruptive than patching a production system or managing a post-release breach.
By integrating security early, you:
- Reduce the total cost of ownership for software products.
- Improve time-to-market by avoiding emergency late-stage redesigns.
- Enhance the organization's risk posture and brand reputation.
While the other options are relevant, they fall short because:
- B: Skipping security creates rework and technical debt, which decreases long-term efficiency and increases total costs.
- C: Neglecting early testing increases the likelihood of vulnerabilities reaching production, making breaches more probable.
- D: Compliance requires proactive verification and documentation; it is never an automatic byproduct of ignoring security.
Think like a manager:
Prioritize cost-effective risk management by addressing security requirements at the earliest possible stage. This ensures security is a business enabler rather than a bottleneck.
Ready to find out if you'd pass?
5,000+ expert-calibrated questions, adaptive CAT mock exams, and gap analysis that shows exactly what to study next.
Try 5 free questions Start 7-day free trial