Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During black-box security testing of a third-party REST service, you believe an undocumented /admin endpoint might exist even though it does not appear in the vendor's specification. With no access to source code, which single action will most directly confirm or disprove the presence of that endpoint?

  • Run a black-box directory and parameter fuzzing tool against the API to look for unexpected successes.

  • Manually issue an HTTP request to the suspected /admin path and inspect the response status code.

  • Capture normal network traffic and review only the TLS cipher-suite negotiation details.

  • Execute the vendor's functional regression test suite to observe any references to the /admin route.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot