Certified Information Systems Security Professional (CISSP) — Question 176

An application developer is deciding on the amount of idle session time that the application allows before a timeout. Which of the following is the BEST reason for determining the session timeout requirement?

Answer options

• A. Application requirements
• B. Industry best practices
• C. Industry feedback
• D. Management feedback

Correct answer: A

Explanation

The most critical aspect for setting the session timeout is the specific needs and requirements of the application itself, as it directly impacts user experience and security. While industry best practices and feedback can provide guidance, they may not align perfectly with the unique context of the application, making option A the most relevant choice.