During a Product Backlog refinement meeting, the Product Owner introduces a business objective that will be worked on for the next several Sprints. The Product Owner envisions several key features necessary to be delivered in order to meet the business objective. As the features will be using sensitive user data it will be subjected to external security audits. These non-functional security requirements were not applicable to previous Increments.
What are two good ways the Development Team can handle these high-security concerns? (Choose two.)
A. They should be planned in parallel Sprints so not to disrupt the Development Team during feature development. After security concerns have been finalized, they will be applied to the work that is already completed before new feature development can continue.
B. They should be handled in a parallel Sprint by a separate security team so that security can be resolved through application enhancements without impacting the functional development.
C. A complete list of security-related Product Backlog items needs to be created before starting a new Sprint.
D. During the Sprint Retrospective, the Development Team assesses how to add these expectations to their Definition of Done so every future Increment will meet these security requirements. If needed they can work with external specialists to better understand the requirements.
E. They are added to the Product Backlog and addressed throughout the next Sprints, combined with creating the business functionality in those Sprints, no matter how small the business functionality.