Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your team is adding automated security checks to the CI/CD pipeline for a newly deployed RESTful microservice running in a containerized staging environment. The goal is to discover authentication weaknesses and injection issues by interacting with the live endpoints, without requiring access to source code or instrumentation inside the containers. Which testing approach best meets this requirement?

  • Perform a static code analysis scan of the microservice's source repository during the build

  • Run a dynamic application security test that attacks the running service through its exposed REST endpoints

  • Execute a software composition analysis to inventory and flag vulnerable open-source libraries in the container images

  • Attach instrumentation agents to the containers and execute interactive application security testing during unit tests

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot