ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

While reviewing overnight security alerts, an analyst notes four separate events: 1) anti-malware removed adware from a single marketing PC that holds no confidential data; 2) the IDS reports a confirmed SQL injection against the public customer portal, which stores personal information; 3) a test server in a development VLAN shows one failed logon immediately followed by a successful one from an internal IP; and 4) the firewall blocked repeated external brute-force attempts against the VPN gateway. Following standard incident-triage practices for severity and business impact, which event should receive the highest priority for investigation and response?

The confirmed SQL injection compromise of the public customer portal
The adware infection on the marketing workstation
The suspicious internal logon to the nonproduction test server
The blocked external brute-force attempts against the VPN gateway

Report Issue

Answer Description

During triage, incidents are ranked by factors such as scope, data sensitivity, and potential business impact. A confirmed compromise of a public-facing application that processes customers' personal data represents a high functional and information impact and may trigger legal or regulatory breach-notification requirements. The adware infection is low severity because it is contained and involves no sensitive data. A single suspicious logon on a nonproduction server warrants attention but affects a limited asset with low business impact. Repeated but unsuccessful brute-force attempts are hostile activity; however, because the firewall blocked them and no asset was compromised, their priority is lower than an actual confirmed breach. Therefore, the SQL injection incident deserves the highest priority.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.