SC-100 Certification Practice Question #199

Question

You are creating an application lifecycle management process based on the Microsoft Security Development Lifecycle (SDL).
You need to recommend a security standard for onboarding applications to Azure. The standard will include recommendations for application design, development, and deployment.
What should you include during the application design phase?

Accepted Answer

The Microsoft SDL explicitly designates threat modeling as the security activity for the design phase, and the Microsoft Threat Modeling Tool is the first-party tool built to facilitate it. The Suggested Answer, the unanimous Most Voted (10), and two highly voted comments all align with MS Learn. DAST and SAST belong to later (verification/implementation) phases, and the only dissent for A is a single low-vote, ChatGPT-derived comment. All high-weight signals converge on C.

More SC-100 practice questions