Certified Information Systems Security Professional (CISSP) — Question 169

In order to meet the project delivery deadline, a web application developer used readily available software components. Which is the BEST method for reducing the risk associated with this practice?

Answer options

• A. Ensure developers are using approved software development frameworks.
• B. Obtain components from official sources over secured link.
• C. Ensure encryption of all sensitive data in a manner that protects and defends against threats.
• D. Implement a process to verify the effectiveness of the software components and settings.

Correct answer: D

Explanation

Implementing a process to verify the effectiveness of the software components and settings helps ensure that these components function as intended and do not introduce vulnerabilities. While using approved frameworks and obtaining components from secure sources are important, they do not directly address the actual performance and security of the components in use. Ensuring encryption of sensitive data is also critical, but it doesn’t mitigate risks associated with the components themselves.