ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During a peer review of a Java-based inventory microservice, you observe that two request-handling threads can call the following method at nearly the same time, which sometimes drives the shared in-memory stock counter below zero:
private static int stock = 10;
public void shipItem() {
if (stock > 0) {
stock--; // decrement
}
}
Which secure coding modification best prevents this race condition while keeping the counter in memory?
Move the counter to a database table and rely on optimistic locking during updates.
Surround the if check and decrement in a synchronized block that locks on a private final object.
Declare the stock variable as volatile so every thread always reads the latest value before decrementing.
Increase the JVM heap size to minimize garbage-collection pauses that delay thread execution.
The vulnerability is a classic race condition: two threads may read the same positive value of the shared variable stock, both pass the if test, and then each decrement, allowing the value to become negative. Declaring the variable volatile only guarantees visibility of the most recent value between threads; it does not make the compound check-then-act sequence atomic, so the race persists. Increasing the JVM heap size affects memory availability, not thread safety. Moving the counter to a database with optimistic locking could work, but it introduces latency and complexity unnecessary for a simple in-process counter. Placing the entire check-then-decrement logic inside a synchronized block (or using an AtomicInteger) ensures that only one thread executes the critical section at a time, providing the required mutual exclusion and eliminating the race condition. Therefore, wrapping the code in a synchronized block that locks on a dedicated object (or the class) is the most appropriate secure coding fix.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a race condition in programming?
Open an interactive chat with Bash
Why is the `volatile` keyword insufficient for solving race conditions?
Open an interactive chat with Bash
How does the `synchronized` block ensure thread safety?
Open an interactive chat with Bash
What is a race condition in programming?
Open an interactive chat with Bash
How does the `synchronized` block address race conditions?
Open an interactive chat with Bash
What is the difference between `volatile` and `synchronized` in Java?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .