Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During a peer review you notice a file-upload handler that blocks filenames containing ".exe", ".bat", or ".cmd". To follow secure coding guidance and minimize future maintenance, which change should you recommend to the developer?

  • Leave validation unchanged and rely on the operating system to stop execution of uploaded files.

  • Replace the deny-list with a small allow-list of approved extensions (for example, .jpg and .pdf only).

  • Extend the deny-list to cover every extension identified in current malware signature databases.

  • Use a regular expression to remove all period characters from the supplied filename.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot