Practice Question · CISSP Study Group

Practice Question

A software development team is building a mobile banking application. The application will support biometric authentication and provide users with account management features. During the development phase, the team conducts regular static and dynamic code analysis to detect security vulnerabilities. However, after the application is deployed, several users report unauthorized transactions, leading to concerns of potential API exploitation.

Which of the following should the team implement to mitigate this risk in the future?

A) Conduct threat modeling to identify potential attack vectors during the design phase.

B) Enable detailed application logging to monitor all API requests.

C) Implement network-level monitoring and intrusion detection.

D) Increase the frequency of penetration tests on production systems.

11 comments