2d • 🙋♂️ CISSP
CISSP Practice Question (Domain 8: Software Development Security)
A development team integrates a generative AI coding assistant that was trained on public repositories. The tool accelerates feature delivery but occasionally references deprecated libraries. Legal warns that AI-generated code may contain license violations or expose proprietary logic if the model was trained on leaked internal code.
What should the security manager do FIRST?
A. Engage legal counsel to review the AI vendor's training data sources and contractual indemnification clauses
B. Implement software composition analysis (SCA) and require all AI-generated code to be digitally signed before commit
C. Restrict the AI tool's access to internal repositories and enforce output review through secure-coding peer validation
D. Retrain or fine-tune the AI model using only vetted, license-compliant code from approved sources
1
16 comments
CISSP Practice Question (Domain 8: Software Development Security)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+90
2
+51
3
+42
4
+39
5
+34
Powered by