ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

While reviewing the operational risk register for a newly deployed CRM application, you note that all end users completed a mandatory annual security awareness course, but system administrators only receive the same generic training and no role-specific instruction. Which risk is most heightened by this training imbalance, and what is the most effective mitigation?

Higher risk of malware infection through phishing; deploy advanced email filtering and multifactor authentication.
Greater exposure to injection flaws in the application; require all developers to complete secure-coding courses.
Elevated chance of service outages from unpatched software; enforce an automated patch-management program.
Increased likelihood of privilege misuse by administrators; implement role-based security training tailored to privileged roles.

Report Issue

Answer Description

System administrators possess elevated privileges that can directly affect the confidentiality, integrity, and availability of production systems. When they receive only generic user-level awareness training, the likelihood of accidental or intentional misuse of privileged accounts increases. Role-based security training mapped to administrators' specific duties reduces this risk by ensuring they understand secure configuration practices, change-control requirements, logging obligations, and the consequences of policy violations. The other options address real concerns, but phishing protection, developer secure-coding instruction, and patch-management automation are not the primary gaps highlighted in the scenario.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.