Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

While reviewing an application's end-user documentation you observe that it instructs support staff to leave the default behavior in which database exceptions such as "ORA-01017: invalid username/password; logon denied" are displayed directly to users. From a security documentation standpoint, which corrective action should you recommend to mitigate the primary risk this practice introduces?

  • Expand the documentation to include a comprehensive appendix of all database error codes so users can diagnose issues themselves.

  • Keep the current behavior but instruct users to capture and email screenshots of any error dialog to the help desk for analysis.

  • Revise the guide to mandate replacing specific database error codes with generic user messages, recording full details only in secured server logs.

  • Direct developers to turn off structured exception handling so that the web server returns standard HTTP 500 pages whenever a failure occurs.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot