cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gopalk
Reader I

Answer Explanation for Assessment Test Question 40 Sybex Official Study Guide.

Hi Need some help with the below question.

 

Most software vulnerabilities exist because of a lack of secure or defensive coding practises used by developers. Which of the following is not considered a secure coding technique. (Choose all that apply)

A. Using immutable systems

B. Using stored procedures

C. Using code signing

D. Using Server side validation

E Optimizing file sizes

F Using third-party software libraries.

 

7 Replies
gopalk
Reader I

Answer Key reveals ABCD. But I think the "NOT" was not considered.

radhika_ajay
Viewer II

I think the answer should be a, e and f?
BrianF
Newcomer III

Not to sound snarky but the answers in the appendix do a fantastic job at explaining the answers. 

 

That said, I found some errors within multiple books and reported them to the publishers. 

 

Good luck!

 

 

azekta
Viewer II

A   using immutable system is not secure coding technique.

dpower
Newcomer I

I messaged ISC2 for the answer and still waiting on a response.

JohnEricsson
Newcomer I

Is this it:

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition |...

(in case the url is removed: it is from wiley dot com in an errata section of the book --google the name of the book and errata)

 

"This should read:

40. B, C, D. Programmers need to adopt secure coding practices, which include using stored procedures, code signing, and server-side validation."

 

This could still be wrong, and it may fit with the claim they forgot the "not"

Mahender
Newcomer II

In the context of secure coding techniques, the following options are not considered secure coding practices:

E. Optimizing file sizes
F. Using third-party software libraries

While optimizing file sizes can improve performance, it does not directly relate to security practices. Similarly, using third-party software libraries can introduce vulnerabilities if those libraries are not properly vetted or maintained.

The other options—using immutable systems, stored procedures, code signing, and server-side validation—are all considered secure coding practices.