Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During a security-focused sprint review, a tester submits an excessively long string in a search field and causes an unhandled exception that returns a complete Java stack trace to the user, exposing file paths and class names. Under a formal security bug-tracking taxonomy, how should the team record this finding to ensure proper risk prioritisation?

  • Record it as a defect, because it is a coding flaw affecting normal functionality rather than security.

  • Log it as an enhancement request, because suppressing stack traces would merely improve user experience, not security.

  • Record it as a vulnerability, since it creates an information-disclosure weakness that attackers could exploit.

  • Record it as an error, since it reflects a developer's mistake that happens before code execution.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot