exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam

Exam CSSLP topic 2 question 49 discussion

Actual exam question from ISC's CSSLP
Question #: 49
Topic #: 2
[All CSSLP Questions]

The build environment of secure coding consists of some tools that actively support secure specification, design, and implementation. Which of the following features do these tools have? Each correct answer represents a complete solution. Choose all that apply.

  • A. They decrease the exploitable flaws and weaknesses.
  • B. They reduce and restrain the propagation, extent, and damage that have occurred by insecure software behavior.
  • C. They decrease the attack surface.
  • D. They employ software security constraints, protections, and services. E. They decrease the level of type checking and program analysis.
Show Suggested Answer Hide Answer
Suggested Answer: the behavior of insecure software. Answer: E is incorrect. This feature is not required for these tools. 🗳️
The tools that produce secure software have the following features: They decrease the exploitable flaws and weaknesses. They decrease the attack surface. They employ software security constraints, protections, and services. They reduce and restrain the propagation, extent, and damage that are caused by

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
74gjd_37
5 months, 2 weeks ago
Selected Answer: ACD
A. They decrease the exploitable flaws and weaknesses. C. They decrease the attack surface. D. They employ software security constraints, protections, and services. Secure coding tools help to reduce exploitable flaws and vulnerabilities in code, as well as decreasing the overall attack surface of an application or system by implementing secure software development practices and employing security-specific controls such as input validation mechanisms or access control measures. These tools also commonly include security constraints, protections, and services to prevent attacks or limit their impact on a system's functionality or data integrity. They do not decrease the level of type checking and program analysis; rather they typically include more rigorous checks for these elements in order to improve overall code quality and enhance security posture.
upvoted 1 times
74gjd_37
5 months, 2 weeks ago
Secure coding tools decrease the attack surface by employing secure software development practices that limit a system's potential vulnerabilities and weaknesses. This is done through various means, such as: 1. Input validation mechanisms to prevent injection attacks. 2. Secure parameter passing methods to protect against buffer overflow or format string vulnerabilities. 3. Improving code quality by reducing complexity, increasing modularity, and promoting more straightforward design. 4. The use of security-specific controls like access control lists (ACLs), digital signatures for sensitive data types/critical functions, encryption/decryption algorithms 5. Implementation of strict identity management provisions. All these measures help reduce the exposed attack surface area on an application or system thereby making it difficult for attackers to find loopholes in the system and exploit them with malicious intent
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago