ISC CSSLP: Which processes is known as decomposition process of verification system into CI?

Question

You work as the senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management you are decomposing the verification system into identifiable, understandable, manageable, traceable units that are known as Configuration Items (CIs). According to you, which of the following processes is known as the decomposition process of a verification system into Configuration Items?

A. Configuration status accounting
B. Configuration identification
C. Configuration auditing
D. Configuration control

Answer

B. Configuration identification

Explanation

The correct answer is B. Configuration identification.

Configuration identification is the process of identifying and defining all of the components of a system, including hardware, software, and data. The purpose of configuration identification is to create a baseline of the system that can be used to track changes throughout the system’s life cycle.

In the context of the question, the senior project manager is decomposing the verification system into identifiable, understandable, manageable, and traceable units that are known as Configuration Items (CIs). This is a process of configuration identification.

Here are the steps involved in configuration identification:

1. Identify all of the components of the system.
2. Define the characteristics of each component.
3. Assign a unique identifier to each component.
4. Create a configuration record for each component.
5. Store the configuration records in a configuration management database.

By following these steps, the senior project manager can create a baseline of the verification system that can be used to track changes throughout the system’s life cycle.

The other options are not correct.

• Configuration status accounting: Configuration status accounting is the process of tracking the status of configuration items throughout their life cycle.
• Configuration auditing: Configuration auditing is the process of verifying the accuracy and completeness of configuration records.
• Configuration control: Configuration control is the process of managing changes to configuration items.

Reference

• What is CSSLP (certified secure software lifecycle professional)? | Definition from TechTarget
• Decomposing software verification into off-the-shelf components | Proceedings of the 44th International Conference on Software Engineering (acm.org)
• Software Security Certification | CSSLP – Certified Secure Software Lifecycle Professional | (ISC)² (isc2.org)
• CSSLP Exam Outline (isc2.org)
• CSSLP-Exam-Outline-Sept2020.ashx (isc2.org)
• Requirements and the Flow Down Process (mit.edu)

ISC Certified Secure Software Lifecycle Professional CSSLP certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISC Certified Secure Software Lifecycle Professional CSSLP exam and earn ISC Certified Secure Software Lifecycle Professional CSSLP certification.