ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
While reviewing a draft of an application's user guide, you discover a troubleshooting section that tells administrators to set a hidden environment variable which temporarily disables the product's authentication checks so that verbose debug logs are written. No compensating controls are mentioned. What is the MOST appropriate action before the guide is released to customers?
Leave the instruction in place but add a note telling administrators to re-enable authentication immediately after collecting logs.
Escalate the issue, work with engineering to provide a secure, documented diagnostic method that keeps authentication intact, and revise the guide accordingly.
Remove the entire troubleshooting instruction and direct customers to contact support whenever detailed logs are needed.
Approve the guide unchanged because the variable is undocumented and only skilled users will find it.
User-facing documentation that instructs readers to disable or weaken security controls creates a direct risk: some operators will follow the guidance in production, unintentionally leaving systems exposed. The CSSLP objective for verifying and validating documentation requires ensuring accuracy and assessing security impact. The safest response is to treat the recommendation itself as a defect, raise it with development, and update the guide to reference a secure, documented diagnostic feature that does not suppress authentication (or at least requires strong access control). Simply deleting the section (distractor) may leave support without a sanctioned method, encouraging ad-hoc insecure work-arounds. Approving the text as-is, or merely adding a caution, still publishes knowledge of - and tacitly legitimises - a built-in backdoor, contravening secure documentation practices. Therefore, coordinating a product change or alternative secure process and correcting the documentation is the most appropriate course.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does a hidden environment variable represent in software?
Open an interactive chat with Bash
Why is temporarily disabling authentication checks for debugging problematic?
Open an interactive chat with Bash
What steps can be taken to implement a secure diagnostic method without suppressing authentication?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .