Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During contract negotiations for a critical third-party software component, your organization insists on a clause that will let it independently confirm that the supplier continues to follow agreed secure development practices after the contract is signed. Which contractual language best satisfies this requirement?

  • The supplier must deposit current source code with a neutral escrow agent to be released if the supplier declares bankruptcy.

  • The supplier is required to maintain at least USD 5 million in cyber-liability insurance coverage for security breaches.

  • The supplier must notify the customer within 24 hours of any security incident that could affect customer data.

  • The contract grants the customer or its appointed auditor on-site or remote access to the supplier's systems, documentation, and personnel, with reasonable notice, to verify implementation of agreed security controls.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Supply Chain
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot