Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 274 discussion

Actual exam question from ISC's CISSP
Question #: 274
Topic #: 1
[All CISSP Questions]

An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization's dedicated environment with a cloud service provider.
What is the BEST way to prevent and correct the software's security weaknesses?

  • A. Follow the software end-of-life schedule
  • B. Implement a dedicated COTS sandbox environment
  • C. Transfer the risk to the cloud service provider
  • D. Examine the software updating and patching process
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Humongous1593 at Oct. 4, 2022, 1:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
gjimenezf
10 months ago
Selected Answer: D
They ask to correct the security weakness, only way to do it is to update it and patch it
upvoted 3 times
...
HughJassole
1 year, 5 months ago
D. The software is already implemented and they are migrating it, so clearly it is not end-of-life. The question asks for "prevent and correct". This means that the vendor has to release patches which need to be installed.
upvoted 2 times
...
omarb79
1 year, 7 months ago
Applying Patches is a corrective control and examine the process is due diligence and isn't preventive so i believe that the sandbox the correct answer.
upvoted 1 times
jackdryan
1 year, 6 months ago
D is correct
upvoted 1 times
...
...
FredDurst
1 year, 7 months ago
Selected Answer: D
D. Examine the software updating and patching process. To prevent and correct security weaknesses in the COTS software that is being migrated to the cloud, the best approach would be to examine the software updating and patching process. This would involve a review of the software vendor's patching and update schedules, and an assessment of how quickly the vendor releases patches in response to newly discovered vulnerabilities. This can help ensure that any known security weaknesses in the software are addressed in a timely manner, reducing the risk of exploitation.
upvoted 1 times
...
sausageman
1 year, 8 months ago
Again, poor wording of question and answers
upvoted 4 times
...
Dee83
1 year, 10 months ago
D. Examine the software updating and patching process It is important to ensure that the software is updated and patched regularly to address known security vulnerabilities. This may include reviewing the software's end-of-life schedule and implementing a dedicated COTS sandbox environment for testing updates and patches before deploying them to the production environment. Additionally, it's important to review and assess the security of the cloud service provider and their ability to mitigate vulnerabilities in the COTS application.
upvoted 1 times
...
Delab202
1 year, 11 months ago
but is concerned about the application security of the software in the organization's dedicated environment with a cloud service provider- aka live environment.
upvoted 1 times
...
abb77
2 years ago
Selected Answer: B
Option D would have been the best but the framing of the questions suggests the update and patching process is still under review ("examine") of the change control process. I will compesate with option B while waiting for approval for update and patch.
upvoted 3 times
...
franbarpro
2 years, 1 month ago
Selected Answer: D
The BEST way to prevent and correct the software's security weaknesses is by keeping the software up to date with the latest patches. So, I am going with "D" on this one.
upvoted 3 times
oudmaster
1 year, 11 months ago
but option D does not prevent and correct. It only check/examine.
upvoted 3 times
...
...
Humongous1593
2 years, 1 month ago
Selected Answer: D
Prevent and Correct the weaknesses. Just because they bought it years ago doesn't mean it isn't being maintained.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel