ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
A development team discovers that an internal microservice has been exploited through a deserialization flaw and is actively exfiltrating customer data. Under the organization's incident response plan, which action best exemplifies the containment phase before moving to eradication and recovery?
Publish a detailed post-incident report outlining root cause analysis and preventive recommendations to stakeholders
Temporarily block the microservice's outbound network traffic and revoke its service account credentials while preserving forensic evidence
Apply the vendor patch to the vulnerable deserialization library and redeploy the microservice to production
Restore the latest known-good backup of the service's database to ensure data integrity
In the containment phase, the goal is to limit the incident's scope and prevent additional damage while preserving evidence for later analysis. Cutting off the exploited microservice's outbound communication and revoking its compromised credentials immediately stops further data loss yet keeps the system available for forensic capture. Applying patches or redeploying code addresses eradication-removing the root cause of the breach. Restoring from backups and returning the service to normal operations are recovery tasks. Producing a lessons-learned or post-incident report belongs to the post-incident activity phase, not containment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is deserialization in the context of software vulnerabilities?
Open an interactive chat with Bash
Why is preserving forensic evidence important during the containment phase?
Open an interactive chat with Bash
How does temporarily blocking outbound network traffic mitigate data exfiltration risks?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Lifecycle Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .