21d • 🙋♂️ CISSP
CISSP Practice Question – Software Development Security (AI-Assisted SDLC & Risk Governance)
A global fintech company adopts an AI-assisted code-generation platform to accelerate development.The CISO learns that developers sometimes allow the tool to access proprietary source repositories and external training data. Management wants faster delivery but is concerned about intellectual-property leakage and unvetted open-source dependencies being inserted into production builds.
What is the BEST control to implement FIRST?
A. Require legal review of the vendor’s AI license terms and intellectual-property indemnification clauses.
B. Integrate automated software-composition analysis (SCA) and code-signing into the CI/CD pipeline to validate all generated components.
C. Restrict the AI tool’s access to internal repositories and enforce output review through secure-coding peer validation.
D. Mandate retraining of the AI model using only internal proprietary data to eliminate third-party influence.
4
14 comments
CISSP Practice Question – Software Development Security (AI-Assisted SDLC & Risk Governance)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+30
3
+30
4
+26
5
+15
Powered by