Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

While assessing a long-standing payment-processing system, you discover it relies on an in-house implementation of the SHA-256 hash. The team plans to replace this code with a mature, actively maintained cryptographic library that is already used elsewhere in the organization but does not hold a current FIPS validation. According to the component-reuse security design principle, what is the strongest justification for adopting the external library?

  • The library will automatically rectify any future weaknesses in SHA-256 without redeploying the application.

  • Standardizing on a single cryptographic library guarantees compliance with all relevant regulations.

  • Its broad peer review and ongoing maintenance make undiscovered implementation flaws far less likely than in the custom hashing code.

  • Using the library eliminates the need for static code analysis in future release cycles.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot