ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During a software composition analysis you uncover a medium-severity deserialization flaw in a third-party logging library that is deeply integrated into your product. Because the vendor has not yet issued a fix, the team adds strict input validation and runs the component inside a restricted sandbox to lower the likelihood of exploitation until the patch is available. Which risk response strategy does this approach exemplify?
Deploying additional controls (input validation and sandboxing) to reduce the probability or impact of a vulnerability is a form of risk mitigation. Mitigation lowers the risk to an acceptable level while the component continues to be used. Accepting the risk would involve knowingly taking no action. Avoidance would require removing or replacing the vulnerable library altogether, and transferring the risk would shift responsibility elsewhere through mechanisms such as insurance or contractual clauses. Because the team actively reduces, rather than ignores, eliminates, or transfers the risk, their choice is mitigation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is deserialization and why is it vulnerable?
Open an interactive chat with Bash
What is a sandbox and how does it improve security?
Open an interactive chat with Bash
How does input validation reduce exploitation risks?
Open an interactive chat with Bash
Why is mitigation the correct strategy in this context?
Open an interactive chat with Bash
What is deserialization and why can it lead to security vulnerabilities?
Open an interactive chat with Bash
How does sandboxing help reduce risk in these types of vulnerabilities?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .