CompTIA Security Exam Practice Questions Sample SY0 501 Q201

A security analyst has been asked to perform a review of an organization’s software development lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer’s code.
Which of the following assessment techniques is BEST described in the analyst’s report?

A. Architecture evaluation
B. Baseline reporting
C. Whitebox testing
D. Peer review

Correct Answer: D