https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/48511#M139 <P>Hi Need some help with the below question.</P><P>&nbsp;</P><P>Most software vulnerabilities exist because of a lack of secure or defensive coding practises used by developers. Which of the following is<U><EM><STRONG> not</STRONG></EM></U> considered a secure coding technique. (Choose all that apply)</P><P>A. Using immutable systems</P><P>B. Using stored procedures</P><P>C. Using code signing</P><P>D. Using Server side validation</P><P>E Optimizing file sizes</P><P>F Using third-party software libraries.</P><P>&nbsp;</P> Sat, 04 Dec 2021 00:39:50 GMT gopalk 2021-12-04T00:39:50Z https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/48511#M139 <P>Hi Need some help with the below question.</P><P>&nbsp;</P><P>Most software vulnerabilities exist because of a lack of secure or defensive coding practises used by developers. Which of the following is<U><EM><STRONG> not</STRONG></EM></U> considered a secure coding technique. (Choose all that apply)</P><P>A. Using immutable systems</P><P>B. Using stored procedures</P><P>C. Using code signing</P><P>D. Using Server side validation</P><P>E Optimizing file sizes</P><P>F Using third-party software libraries.</P><P>&nbsp;</P> Sat, 04 Dec 2021 00:39:50 GMT https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/48511#M139 gopalk 2021-12-04T00:39:50Z https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/48512#M140 <P>Answer Key reveals ABCD. But I think the "NOT" was not considered.</P> Sat, 04 Dec 2021 00:42:08 GMT https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/48512#M140 gopalk 2021-12-04T00:42:08Z https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/49717#M172 I think the answer should be a, e and f? Tue, 15 Feb 2022 16:14:55 GMT https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/49717#M172 radhika_ajay 2022-02-15T16:14:55Z https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/49745#M173 <P>Not to sound snarky but the answers in the appendix do a fantastic job at explaining the answers.&nbsp;</P><P>&nbsp;</P><P>That said, I found some errors within multiple books and reported them to the publishers.&nbsp;</P><P>&nbsp;</P><P>Good luck!</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 16 Feb 2022 14:15:48 GMT https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/49745#M173 BrianF 2022-02-16T14:15:48Z https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/49847#M180 <P>A&nbsp; &nbsp;using immutable system is not secure coding technique.</P> Wed, 23 Feb 2022 15:19:48 GMT https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/49847#M180 azekta 2022-02-23T15:19:48Z https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/59683#M813 <P>I messaged ISC2 for the answer and still waiting on a response.</P> Sun, 04 Jun 2023 14:48:05 GMT https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/59683#M813 dpower 2023-06-04T14:48:05Z https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/64081#M986 <P>Is this it:</P><P><A href="https://www.wiley.com/en-us/%28ISC%292+CISSP+Certified+Information+Systems+Security+Professional+Official+Study+Guide%2C+9th+Edition-p-9781119786238#errata-section" target="_blank" rel="noopener">(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition | Wiley</A></P><P>(in case the url is removed: it is from wiley dot com in an errata section of the book --google the name of the book and errata)</P><P>&nbsp;</P><P><EM>"This should read:</EM><BR /><BR /><EM>40. B, C, D. Programmers need to adopt secure coding practices, which include using stored procedures, code signing, and server-side validation."</EM></P><P>&nbsp;</P><P>This could still be wrong, and it may fit with the claim they forgot the "not"</P> Wed, 01 Nov 2023 10:09:46 GMT https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/64081#M986 JohnEricsson 2023-11-01T10:09:46Z https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/73972#M1675 <P>In the context of secure coding techniques, the following options are <STRONG>not</STRONG> considered secure coding practices:</P><P>E. Optimizing file sizes<BR />F. Using third-party software libraries</P><P>While optimizing file sizes can improve performance, it does not directly relate to security practices. Similarly, using third-party software libraries can introduce vulnerabilities if those libraries are not properly vetted or maintained.</P><P>The other options—using immutable systems, stored procedures, code signing, and server-side validation—are all considered secure coding practices.</P> Fri, 20 Sep 2024 08:28:35 GMT https://community.isc2.org/t5/CISSP-Study-Group/Answer-Explanation-for-Assessment-Test-Question-40-Sybex/m-p/73972#M1675 Mahender 2024-09-20T08:28:35Z