Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

A software assurance team must determine whether a new payment microservice is vulnerable to SQL injection before any executable build is deployed. Developers have delivered complete source code, architecture diagrams, and build instructions, but a running test environment is not yet available. Given this full internal knowledge, which security testing technique should the team apply first to meet the objective?

  • Conduct a black-box penetration test through the public API once it is published.

  • Run a static application security test (SAST) against the source code.

  • Perform dynamic application security testing (DAST) on the microservice in a staging environment.

  • Execute runtime fuzzing to bombard the service with malformed inputs.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot