ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your team is integrating a machine-learning fraud detector into an online payment service. The model is retrained weekly using transactions collected in production. To reduce the likelihood that an attacker can inject poisoned samples during this process without adding significant latency to inference, which architectural control is most appropriate?

Deploy a runtime adversarial-example detector at the prediction API to block anomalous input queries.
Adopt a federated learning approach so each client device contributes updates directly to the shared model without central preprocessing.
Encrypt all trained model artifacts at rest with AES-256 keys stored in a hardware security module.
Route production transaction logs through an access-controlled staging pipeline where data is validated and digitally signed before offline model training occurs.

Report Issue

Answer Description

Training-data poisoning targets the learning pipeline, not the deployed model. The most effective architectural mitigation is to decouple model training from the production environment, move it to a controlled offline pipeline, and require that any data entering this pipeline be rigorously validated and cryptographically signed. This prevents untrusted or malicious records from being incorporated during retraining. Encrypting model files protects confidentiality but does not stop tainted data from influencing the model. Federated learning can actually broaden the attack surface because model updates come from many endpoints and are harder to verify. Runtime adversarial example detection addresses inference-time manipulation, not poisoning of the training set.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.