An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?
A.
Perform security code reviews on the entire application
B.
Scan the entire application using a vulnerability scanning tool
C.
Monitor Internet traffic for sensitive information leakage
D.
Run the application from a high-privileged account on a test system
I go with C. Monitor Internet traffic for sensitive info leakage. This provides evidence of possible info leakage. It treats the app like a black box and watches what it actually does.
About A: secure code reviews, this should be happening anyway and really it's a static check—it won’t tell you what the app actually does in real time. Backdoors can be obfuscated or disguised in a way that makes them very hard to spot manually.
A. Perform security code reviews on the entire application
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SHERLOCKAWS
3 weeks, 3 days agorichck102
10 months ago