CISSP Exam QuestionsBrowse all questions from this exam

CISSP Exam - Question 402


In order to meet the project delivery deadline, a web application developer used readily available software components. Which is the BEST method for reducing the risk associated with this practice?

Show Answer
Correct Answer: D

Using readily available software components can introduce risks such as security vulnerabilities, compatibility issues, and incorrect configurations. To reduce these risks, it is important to implement a process to verify the effectiveness of the software components and settings. This process should review components for known vulnerabilities, compatibility, and licensing compliance, as well as test them in the context of the web application to ensure they do not introduce new issues. This approach provides a comprehensive method for mitigating risks associated with using third-party components.

Discussion

11 comments
Sign in to comment
RollingalxOption: B
Feb 25, 2023

I go with B

jackdryan
May 14, 2023

B is correct

user009Option: D
Mar 4, 2023

Answer: D. Implement a process to verify the effectiveness of the software components and settings. Using readily available software components can be a time-saving practice for developers, but it also introduces certain risks, such as security vulnerabilities, compatibility issues, and license violations. To reduce the risk associated with this practice, it's essential to implement a process to verify the effectiveness of the software components and settings. Therefore, option D is the best method for reducing the risk associated with using readily available software components. This process should include reviewing the software components for known vulnerabilities, compatibility issues, and licensing restrictions. It should also include testing the components in the context of the web application to ensure that they work as expected and do not introduce any new vulnerabilities or issues.

Rollingalx
Mar 25, 2023

It may be difficult to detect new vulnerabilities that are introduced through the use of untrusted components.

SpaceMonkey1
Apr 2, 2023

D includes B

Rollingalx
Apr 8, 2023

Good point. Implementing a process to verify the effectiveness of the software components and settings would typically involve ensuring that the components were obtained from official sources over a secured link (option B). So D seems to be the correct answer.

[Removed]Option: B
Apr 6, 2023

I would suggest B. I think D is too narrow, we don't only want to take into account effectiveness, but mainly security.

Mickey321Option: D
Aug 31, 2023

I go with D

GoseuOption: B
Apr 2, 2023

I go with B

Delab202Option: D
Apr 3, 2023

A software security assessment involves analyzing the software components for vulnerabilities and other security weaknesses that could be exploited by attackers. The assessment should include a review of the software's code, configuration settings, and dependencies, as well as any known security issues or vulnerabilities. By conducting a software security assessment of the components, the developer can identify any security risks that may exist and take steps to address them before integrating the components into the web application. This can help to reduce the risk of security breaches, data loss, and other security incidents that could result from the use of insecure software components.

thanhlbOption: A
Oct 19, 2023

using approved software development framework means already tested/reviewed...by manager

SoleandheelOption: D
Dec 17, 2023

D. Implement a process to verify the effectiveness of the software components and settings. D. is a broader answer which includes B in it. So D. is a better answer choice to me than B.

gjimenezfOption: B
Feb 2, 2024

It asks to reduce risk of utilizing third-party software, B is the best option for that

73f8ac3Option: B
May 11, 2024

I see people going to D. D is 'nice', but is quite time consuming, so it contradict the purpose of 'meet the project deadline !" B is simple to put in place, and it addresses the main risk which is downloading the packages from an untrusted source

murphsealOption: D
Jul 19, 2024

While B ensures that components are acquired safely and likely from reputable sources, it does not provide assurance that the components themselves are free from vulnerabilities or fully effective.