Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

You are leading the security V&V effort for a healthcare mobile app. The independent test team has completed security verification and discovered that the encryption module fails to enforce FIPS-validated ciphers. The agreed break/build criteria state any mandatory control failure halts release. What is the most appropriate next step?

  • Proceed with validation testing in parallel while development creates a hotfix to preserve the release schedule.

  • Reject the build and send it back to development for remediation before any further validation activities occur.

  • Publish the issue in the release notes and deploy the app, relying on network controls to mitigate the risk.

  • Ask the V&V team to perform a business risk assessment and approve an interim authority to operate if the risk is low.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot