ISC Certified Information Systems Security Professional (CISSP) CISSP Question # 64 Topic 7 Discussion

CISSP Exam Topic 7 Question 64 Discussion:

Question #: 64

Topic #: 7

Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).

Get Premium CISSP Questions

Explanation

The correct matches are as follows:

Secure Architecture -> Do you advertise shared security services with guidance for project teams?

Education & Guidance -> Are most people tested to ensure a baseline skill-set for secure development practices?

Strategy & Metrics -> Does most of the organization know about what’s required based on risk ratings?

Vulnerability Management -> Are most project teams aware of their security point(s) of contact and response team(s)?

Comprehensive Explanation: These matches are based on the definitions and objectives of the four governance domain practices in the Software Assurance Maturity Model (SAMM). SAMM is a framework to help organizations assess and improve their software security posture. The governance domain covers the organizational aspects of software security, such as policies, metrics, and roles.

Secure Architecture: This practice aims to provide a consistent and secure design for software projects, as well as reusable security services and components. The assessment question measures the availability and guidance of these shared security services for project teams.

Education & Guidance: This practice aims to raise the awareness and skills of the staff involved in software development, as well as provide them with the necessary tools and resources. The assessment question measures the level of testing and verification of the staff’s secure development knowledge and abilities.

Strategy & Metrics: This practice aims to define and communicate the software security strategy, goals, and priorities, as well as measure and monitor the progress and effectiveness of software security activities. The assessment question measures the degree of awareness and alignment of the organization with the risk-based requirements for software security.

Vulnerability Management: This practice aims to identify and remediate the vulnerabilities in the software products, as well as prevent or mitigate the impact of potential incidents. The assessment question measures the level of awareness and collaboration of the project teams with the security point(s) of contact and response team(s).

References: SAMM Governance Domain; Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 8, page 452

Actual exam question for ISC CISSP exam by Ember6259 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

ISC Certified Information Systems Security Professional (CISSP) CISSP Question # 64 Topic 7 Discussion

ISC Certified Information Systems Security Professional (CISSP) CISSP Question # 64 Topic 7 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

ISC Certified Information Systems Security Professional (CISSP) CISSP Question # 64 Topic 7 Discussion

ISC Certified Information Systems Security Professional (CISSP) CISSP Question # 64 Topic 7 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval