ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
While reviewing a new web application's installation guide during the verification phase, you observe two steps: (1) disable the operating system's mandatory access-control module (SELinux) and (2) import the application's database schema by running a setup script as the database's root (superuser) account. No security justification or alternative procedures are documented. According to secure software lifecycle practices for verifying installation and setup instructions, what is the most appropriate action?
Approve the guide because disabling SELinux avoids compatibility issues and installation speed is the priority.
Delete the controversial steps from the guide so that no potentially harmful advice is published.
Return the document for revision, requiring it to justify the risky steps and include secure, least-privilege alternatives.
Proceed with code review and penetration testing; documentation issues are out of scope for security testing.
Guidance that tells administrators to disable an operating system security control such as SELinux and to run scripts with unrestricted database privileges presents clear security risks. Verification of installation documentation must ensure that security is not weakened and that safer, least-privilege alternatives (for example, adjusting specific SELinux policies or using a limited-privilege database account) are explained. Because the current guide omits this analysis and directs risky actions without rationale, it should be sent back for revision so that security impacts and mitigations are fully documented before approval. Simply approving, ignoring, or deleting the instructions would either perpetuate the weakness or remove information without supplying a secure, workable process, and therefore would not satisfy the requirement to review and test the security implications and accuracy of installation documentation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SELinux and why is it important for security?
Open an interactive chat with Bash
What does 'least-privilege' mean in database security?
Open an interactive chat with Bash
What is the significance of verifying installation documentation in secure software development?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .