Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your team is developing a cross-platform mobile health application that must cache an OAuth 2.0 refresh token so users remain logged in after device reboots. To minimize the risk that malware with normal user privileges on a rooted or jail-broken phone can steal the token, which storage approach is MOST appropriate?

  • Store the refresh token in the platform's secure credential store (Android Keystore or iOS Keychain) protected by hardware-backed encryption and biometric unlock.

  • Split the token, save half in SharedPreferences/UserDefaults and fetch the other half from the server at each launch.

  • Encrypt the refresh token with an app-specific key and save it in the app's internal storage directory.

  • Embed an obfuscated copy of the refresh token inside the application package to prevent static analysis.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Architecture and Design
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot