nerdexam
(ISC)2

CISSP · Question #7

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security featur

The correct answer is A. Least privilege. Java's security model enforces least privilege by default, restricting programs from performing network and file operations across multiple systems unless explicitly granted permissions.

Submitted by miguelv· Mar 5, 2026Security Engineering

Question

A Java program is being developed to read a file from computer A and write it to computer B, using a third computer C. The program is not working as expected. What is the MOST probable security feature of Java preventing the program from operating as intended?

Options

  • ALeast privilege
  • BPrivilege escalation
  • CDefense in depth
  • DPrivilege bracketing

How the community answered

(48 responses)
  • A
    71% (34)
  • B
    8% (4)
  • C
    17% (8)
  • D
    4% (2)

Why each option

Java's security model enforces least privilege by default, restricting programs from performing network and file operations across multiple systems unless explicitly granted permissions.

ALeast privilegeCorrect

Java's security manager and sandbox model implement least privilege by denying access to sensitive resources such as file systems and network connections unless explicitly granted via a security policy. A program on computer C attempting to read from computer A and write to computer B would be blocked by default because it has not been granted the specific permissions required for cross-host file and network operations. This is a core Java security principle that limits what code can do to only what is minimally necessary.

BPrivilege escalation

Privilege escalation is a security threat or attack vector where an attacker gains elevated permissions, not a Java security feature that would restrict program functionality.

CDefense in depth

Defense in depth is a layered security strategy concept applied broadly across systems and architectures, not a specific Java security mechanism that would block file or network access between computers.

DPrivilege bracketing

Privilege bracketing is a technique of acquiring privileges only when needed and releasing them immediately after, which is a programming best practice but is not a built-in Java security feature that would cause the described program failure.

Concept tested: Java security model and least privilege principle

Source: https://docs.oracle.com/javase/tutorial/security/overview/jsoverview.html

Topics

#least privilege#application security#Java security model#secure coding

Community Discussion

No community discussion yet for this question.

Full CISSP Practice