Certified Information Systems Security Professional (CISSP) — Question 257

A breach investigation found a website was exploited through an open source component. What is the FIRST step in the process that could have prevented this breach?

Answer options

• A. Application whitelisting
• B. Vulnerability remediation
• C. Web application firewall (WAF)
• D. Software inventory

Correct answer: D

Explanation

The first step in preventing such breaches is maintaining a comprehensive Software inventory, which allows organizations to track all components in use, including open source ones. Without this inventory, it would be challenging to identify and address vulnerabilities in the software being utilized. The other options are important but come after ensuring a complete understanding of what software is deployed.