A wins over C because CISSP prioritizes validating adherence to secure coding practices through collaborative, repeatable processes, not just automated detection of vulnerabilities. Furthermore, the question specifically calls out "validate secure coding techniques", automated scanning doesn't validate coding techniques. To me personally, the only correct answer here is A. I agree automated scanning would be more efficient and cost effective, but this question doesn't care about that -- it wants the BEST method, and A is just that.
Changing my answer to C. I realised the question is asking to "validate" secure coding techniques, not review them. For that reason, I would use automated tools to VALIDATE that secure coding techniques have prevented injection flaws. A would be correct if we were reviewing secure coding techniques.
C. Using automated programs to test for the latest known vulnerability patterns.....security testing tools like dynamic and static analysis are automated and can help detect injection attacks and buffer overflow attacks among others.
C is correct. It's the BEST option because it's automated. I'm thinking of something like a SonarQube scan which provides code hotspots to be reviewed.
I would say it's NOT option A because code can get longggg and really complex. Having a team of people review coding styles and techniques against injection and overflow attacks would take a long time. If anything, the team could get together and review the results from the automated program (making option C necessary FIRST, for option A to be more beneficial).
I thought we would have to think like a manager. Wouldn't it be "Scheduled team review of coding style and techniques for vulnerability patterns." Since scheduling would be the indicator for manager resposibilities.
Why it is not Option C, "Using automated programs to test for the latest known vulnerability patterns," is a useful method for identifying potential security vulnerabilities in code, but it is not the best method for validating secure coding techniques against injection and overflow attacks. Automated programs can only detect known vulnerabilities, and may not be able to identify new or unknown injection or overflow attacks. A combination of automated testing and human review, such as in option A, is often considered the best method for identifying and mitigating these types of attacks.
yeah, B and D are easy to eliminate but A and C both sound right. But, with A, a human would not be updated with the latest vulnerability all the time. Hence, the automation sound right.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
c544a39
2 weeks agoc544a39
1 week, 4 days agoRider2053
3 weeks, 6 days agoTemiii
2 months, 1 week agoEKP
2 months, 4 weeks agoBigITGuy
4 months, 3 weeks agod7034bf
8 months, 2 weeks agosomsom
10 months, 1 week agoVasyamba1
1 year, 5 months agoSoleandheel
1 year, 8 months agovorozco
2 years, 1 month agoBLADESWIFTKNIFE
2 years, 2 months agodumdada
2 years, 2 months agoNodummyIQ
2 years, 6 months agojackdryan
2 years, 3 months agorootic
2 years, 9 months agoEltooth
2 years, 9 months agofranbarpro
2 years, 11 months agoNickolos
2 years, 11 months agodev46
2 years, 11 months ago