ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During a design review, a CSSLP is tasked with defining the minimum set of application events that must be captured and retained for security monitoring. Which event category is most critical to include in the application's log records?

Routine garbage-collection cycles executed by the application runtime
Client-side mouse movement events collected for user-experience analytics
Successful and failed user authentication attempts, including user ID and timestamp
Browser-stored encrypted session cookies captured at each request

Report Issue

Answer Description

Authentication attempts-both successful and failed-provide definitive evidence of who tried to access the system and when, making them indispensable for detecting brute-force attacks, credential stuffing, and account misuse. Capturing the user identifier and timestamp supports correlation with other security data and incident response. Routine garbage-collection messages, user-interface mouse movements, and storing encrypted session cookies offer negligible value for security monitoring and may add noise or expose sensitive data. Therefore, logging authentication events is the highest priority for a secure audit trail.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

Why are authentication attempts considered the most critical events to log?

Open an interactive chat with Bash

What is brute-force and credential-stuffing, and why are they significant for security monitoring?

Open an interactive chat with Bash

Why is logging browser-stored cookies or mouse movements not valuable for security monitoring?

Open an interactive chat with Bash

Why are successful and failed authentication attempts critical to security monitoring?

Open an interactive chat with Bash

What is credential stuffing, and how does logging authentication attempts help detect it?

Open an interactive chat with Bash

How does correlating authentication logs with other security data improve incident response?

Open an interactive chat with Bash

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)

Secure Software Implementation

Your Score:

Settings & Objectives

Secure Software Concepts

Secure Software Lifecycle Management

Secure Software Requirements

Secure Software Architecture and Design

Secure Software Implementation

Secure Software Testing

Secure Software Deployment, Operations, Maintenance

Secure Software Supply Chain

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot

AI Bot