Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gopalk
Reader I
‎12-03-2021 07:39 PM
‎12-03-2021 07:39 PM

Answer Explanation for Assessment Test Question 40 Sybex Official Study Guide.

Hi Need some help with the below question.

 

Most software vulnerabilities exist because of a lack of secure or defensive coding practises used by developers. Which of the following is not considered a secure coding technique. (Choose all that apply)

A. Using immutable systems

B. Using stored procedures

C. Using code signing

D. Using Server side validation

E Optimizing file sizes

F Using third-party software libraries.

 

Reply
0 Kudos
7 Replies
gopalk
Reader I
‎12-03-2021 07:42 PM
‎12-03-2021 07:42 PM

Answer Key reveals ABCD. But I think the "NOT" was not considered.

Reply
0 Kudos
radhika_ajay
Viewer II
‎02-15-2022 11:14 AM
‎02-15-2022 11:14 AM

I think the answer should be a, e and f?
Reply
BrianF
Newcomer III
‎02-16-2022 09:15 AM
‎02-16-2022 09:15 AM

Not to sound snarky but the answers in the appendix do a fantastic job at explaining the answers. 

 

That said, I found some errors within multiple books and reported them to the publishers. 

 

Good luck!

 

 

Reply
azekta
Viewer II
‎02-23-2022 10:19 AM
‎02-23-2022 10:19 AM

A   using immutable system is not secure coding technique.

Reply
0 Kudos
dpower
Newcomer I
‎06-04-2023 10:48 AM
‎06-04-2023 10:48 AM

I messaged ISC2 for the answer and still waiting on a response.

Reply
0 Kudos
JohnEricsson
Newcomer I
‎11-01-2023 06:07 AM
‎11-01-2023 06:07 AM

Is this it:

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition |...

(in case the url is removed: it is from wiley dot com in an errata section of the book --google the name of the book and errata)

 

"This should read:

40. B, C, D. Programmers need to adopt secure coding practices, which include using stored procedures, code signing, and server-side validation."

 

This could still be wrong, and it may fit with the claim they forgot the "not"

Reply
0 Kudos
Mahender
Viewer
yesterday
yesterday

In the context of secure coding techniques, the following options are not considered secure coding practices:

E. Optimizing file sizes
F. Using third-party software libraries

While optimizing file sizes can improve performance, it does not directly relate to security practices. Similarly, using third-party software libraries can introduce vulnerabilities if those libraries are not properly vetted or maintained.

The other options—using immutable systems, stored procedures, code signing, and server-side validation—are all considered secure coding practices.

Reply
0 Kudos