Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During sprint planning for a fintech application, the development team proposes adding a recently released open-source encryption library pulled directly from a public Git repository. To adhere to secure coding practices for trusted versus untrusted libraries, what should the security champion do first before approving its inclusion?

  • Encrypt all runtime communication between the application and the library using TLS to protect data in transit.

  • Store the library binaries on a read-only file system so they cannot be modified after deployment.

  • Run software composition analysis to verify the library's origin, license, and any published vulnerabilities before adding it to the codebase.

  • Compile the library with all available compiler security-hardening flags and proceed with integration.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot