nerdexam
(ISC)2

CISSP · Question #936

From a security perspective, which of the following assumptions MUST be made about input to an application?

The correct answer is D. It is untrusted. From a security perspective, input to an application must always be considered untrusted. This assumption is crucial because malicious actors can attempt to manipulate or craft input in ways that exploit vulnerabilities in the application. Treating all input as untrusted helps to

Submitted by jian89· Mar 5, 2026Software Development Security

Question

From a security perspective, which of the following assumptions MUST be made about input to an application?

Options

  • AIt is tested
  • BIt is logged
  • CIt is verified
  • DIt is untrusted

How the community answered

(58 responses)
  • A
    2% (1)
  • B
    7% (4)
  • C
    2% (1)
  • D
    90% (52)

Explanation

From a security perspective, input to an application must always be considered untrusted. This assumption is crucial because malicious actors can attempt to manipulate or craft input in ways that exploit vulnerabilities in the application. Treating all input as untrusted helps to ensure that proper security controls-such as input validation, sanitization, and verification-are in place to prevent attacks like SQL injection, cross-site scripting (XSS), buffer overflows, or other forms of input-based exploitation.

Topics

#input validation#secure coding#application security principles

Community Discussion

No community discussion yet for this question.

Full CISSP Practice