Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During sprint planning, your team wants to strengthen its static application security testing (SAST) pipeline. You propose adding both a linter and an automated code-coverage tool to the continuous integration (CI) process. Which statement best explains how this combination helps reveal security weaknesses that might escape other SAST scanners?

  • Code-coverage analysis guarantees compliance with secure-coding standards by scanning source files, whereas the linter measures the percentage of code exercised by unit tests.

  • The linter records how often each statement executes during tests, and the coverage tool enforces naming conventions that reduce the attack surface.

  • Both tools only monitor the application in production, detecting attacks as they occur rather than during development.

  • The linter flags insecure patterns like unsanitized input and dangerous APIs at build time, while the coverage tool shows which lines and branches remain untested so the team can focus additional security testing there.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot