DAU Program Management (PM) Practitioner Practice Exam

The correct answer is that cyber security planning activities, including writing the Cyber Security Strategy annex, should begin after the validation of the Capability Development Document (CDD). This is an essential step because the CDD serves as a foundational document that outlines the capabilities required for a system or program, including any cyber security requirements.

Once the CDD is validated, it provides a clear understanding of the operational needs and the associated risks that need to be addressed through cyber security measures. By starting the cyber security planning activities at this point, it ensures that the security strategy is aligned with the specific requirements of the capability being developed, enabling an effective approach to managing potential threats and ensuring compliance with relevant security standards.

Beginning planning activities before the CDD validation could lead to misalignment with the operational goals and requirements, potentially undermining the effectiveness of the cyber security strategy.