Certified Information Systems Security Professional (CISSP) — Question 361

When developing an external facing web-based system, which of the following would be the MAIN focus of the security assessment prior to implementation and production?

Answer options

• A. Ensuring Secure Sockets Layer (SSL) certificates are signed by a certificate authority
• B. Ensuring Secure Sockets Layer (SSL) certificates are internally signed
• C. Assessing the Uniform Resource Locator (URL)
• D. Ensuring that input validation is enforced

Correct answer: D

Explanation

The correct answer is D because enforcing input validation is crucial to prevent attacks such as SQL injection and cross-site scripting. While SSL certificate validation is important for secure connections, it is a secondary concern compared to ensuring that user inputs are validated to protect the system from vulnerabilities. Assessing URLs and the type of SSL certificates are also relevant but do not address the core security issue as directly as input validation does.