Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your team plans to add an open-source JSON parsing library from a public repository to a microservice that accepts user-supplied input. Because the code will run inside the production container image, which action should they take FIRST to address the main security risk associated with untrusted libraries?

  • Enable compiler stack-canary and position-independent execution flags when building the microservice.

  • Scan the library and all of its transitive dependencies with a software composition analysis tool to identify published vulnerabilities.

  • Benchmark the library in a staging environment to measure its impact on application performance.

  • Obfuscate the library's source code before compiling to make reverse engineering more difficult.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot