ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 274 discussion

Actual exam question from ISC's CISSP
Question #: 274
Topic #: 1
[All CISSP Questions]

An organization purchased a commercial off-the-shelf (COTS) software several years ago. The information technology (IT) Director has decided to migrate the application into the cloud, but is concerned about the application security of the software in the organization's dedicated environment with a cloud service provider.
What is the BEST way to prevent and correct the software's security weaknesses?

  • A. Follow the software end-of-life schedule
  • B. Implement a dedicated COTS sandbox environment
  • C. Transfer the risk to the cloud service provider
  • D. Examine the software updating and patching process
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Humongous1593 at Oct. 4, 2022, 1:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gjimenezf
Highly Voted 8 months ago
Selected Answer: D
They ask to correct the security weakness, only way to do it is to update it and patch it
upvoted 5 times
...
sausageman
Highly Voted 1 year, 6 months ago
Again, poor wording of question and answers
upvoted 5 times
...
HughJassole
Most Recent 1 year, 3 months ago
D. The software is already implemented and they are migrating it, so clearly it is not end-of-life. The question asks for "prevent and correct". This means that the vendor has to release patches which need to be installed.
upvoted 3 times
...
omarb79
1 year, 5 months ago
Applying Patches is a corrective control and examine the process is due diligence and isn't preventive so i believe that the sandbox the correct answer.
upvoted 1 times
jackdryan
1 year, 4 months ago
D is correct
upvoted 1 times
...
...
FredDurst
1 year, 5 months ago
Selected Answer: D
D. Examine the software updating and patching process. To prevent and correct security weaknesses in the COTS software that is being migrated to the cloud, the best approach would be to examine the software updating and patching process. This would involve a review of the software vendor's patching and update schedules, and an assessment of how quickly the vendor releases patches in response to newly discovered vulnerabilities. This can help ensure that any known security weaknesses in the software are addressed in a timely manner, reducing the risk of exploitation.
upvoted 1 times
...
Dee83
1 year, 8 months ago
D. Examine the software updating and patching process It is important to ensure that the software is updated and patched regularly to address known security vulnerabilities. This may include reviewing the software's end-of-life schedule and implementing a dedicated COTS sandbox environment for testing updates and patches before deploying them to the production environment. Additionally, it's important to review and assess the security of the cloud service provider and their ability to mitigate vulnerabilities in the COTS application.
upvoted 1 times
...
Delab202
1 year, 9 months ago
but is concerned about the application security of the software in the organization's dedicated environment with a cloud service provider- aka live environment.
upvoted 1 times
...
abb77
1 year, 11 months ago
Selected Answer: B
Option D would have been the best but the framing of the questions suggests the update and patching process is still under review ("examine") of the change control process. I will compesate with option B while waiting for approval for update and patch.
upvoted 3 times
...
franbarpro
1 year, 11 months ago
Selected Answer: D
The BEST way to prevent and correct the software's security weaknesses is by keeping the software up to date with the latest patches. So, I am going with "D" on this one.
upvoted 3 times
oudmaster
1 year, 9 months ago
but option D does not prevent and correct. It only check/examine.
upvoted 3 times
...
...
Humongous1593
1 year, 11 months ago
Selected Answer: D
Prevent and Correct the weaknesses. Just because they bought it years ago doesn't mean it isn't being maintained.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago