Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

A development team is designing a public-facing API that will handle sensitive customer data. To apply defense in depth, they want security controls that operate at different layers so that a single failure will not expose data. Which approach best meets this goal?

  • Filter inbound ports with a network firewall, place a web application firewall in front of the API, validate inputs with parameterized queries, and restrict database accounts to least privilege.

  • Schedule nightly database backups and install an uninterruptible power supply in the data center.

  • Use autoscaling and a content-delivery network to absorb traffic spikes and improve latency.

  • Rely solely on prepared statements in the service code and perform quarterly secure code reviews.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot