Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

In a peer code review, you find a utility class that checks the HTTP header X-Admin-Token against the hard-coded value 9beef42. If it matches, the code calls grantAdministrator() and bypasses normal authentication and audit logging. This behavior is undocumented and unknown to operations staff. Which type of malicious code does this most likely represent?

  • Backdoor that grants covert administrative access

  • Race condition caused by unsynchronized authentication calls

  • Logic bomb that activates under specific conditions to damage data

  • Rootkit designed to conceal malicious processes

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot