Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 351 discussion

Actual exam question from ISC's CISSP
Question #: 351
Topic #: 1
[All CISSP Questions]

Commercial off-the-shelf (COTS) software presents which of the following additional security concerns?

  • A. Vendors take on the liability for COTS software vulnerabilities.
  • B. In-house developed software is inherently less secure.
  • C. COTS software is inherently less secure.
  • D. Exploits for COTS software are well documented and publicly available.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by krassko at Sept. 26, 2022, 11:06 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
CuteRabbit168
Highly Voted 2 years, 1 month ago
Selected Answer: D
"COTS applications are much more easily available in the black hat community. Information such as vulnerabilities and various attack patterns are freely discussed and plotted to someone’s gain, which is a huge security risk for customers of the product." https://www.infosectrain.com/blog/security-in-cots-software-in-sdlc/
upvoted 10 times
jackdryan
1 year, 6 months ago
D is correct
upvoted 1 times
...
...
klarak
Most Recent 6 months, 3 weeks ago
Selected Answer: D
D is a gimme. Most of these are strengths of COTS or just incorrect.
upvoted 1 times
...
Delab202
1 year, 11 months ago
On the other hand, you don't always know how securely COTS products were developed or whether the vendor would use its flaws against you. There’s also the question of what happens when the vendor discontinues updates and support. For these reasons, you must evaluate COTS vendors as a supply chain security issue.
upvoted 2 times
...
franbarpro
2 years, 1 month ago
Selected Answer: D
Think about the dark web.... or hacking forums.
upvoted 1 times
...
krassko
2 years, 2 months ago
Selected Answer: C
From CISSP student guide 6th edition: "...COTS software can mean that security is too generic or just simply doesn't exist". bdw, I think it's the best book to study but very difficult to get it.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel