Certified Chief Information Security Officer (CCISO) — Question 119

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application.
Which of the following is MOST likely the reason for this recurring issue?

Answer options

• A. Lack of version/source controls
• B. Lack of change management controls
• C. Ineffective configuration management controls
• D. High turnover in the application development department

Correct answer: A

Explanation

The correct answer is A, as a lack of version/source controls can lead to previously fixed vulnerabilities reappearing due to improper tracking of changes. Options B and C pertain to different aspects of software management that, while important, would not directly cause the re-emergence of a known flaw. Option D, while it might affect team consistency, does not directly relate to the recurrence of specific application vulnerabilities.