CISSP PRACTICE QUESTIONS – 20191027

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development team is developing the front-end user experience (UX) using JavaScript and evaluating solutions to protect the client scripts from being comprehended or investigated. Which of the following is the best to do so?
A. Native code compiler
B. Obfuscator
C. Symmetric cipher
D. Code signing


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Obfuscator.

JavaScript

Native code compiler

JavaScript in the context of a web browser is an interpreted language. It doesn’t need to be transformed into object code by a compiler.

The WebAssembly is an initiative to run binary code in a browser. In the future, JavaScript scripts may be compiled into WebAssembly to improve performance. However, WebAssembly is executed in the same sandbox as the regular JavaScript code. The WebAssembly is binary code, but it doesn’t necessarily native machine code.

Symmetric cipher

If the JavaScript code is encrypted, the script won’t work in the browser.

Code signing

Code signing is typically applied to binary code to enforce security. A software publisher signs the code module or software they delivered. When installing the software, Users can decide whether to install it or not based on the publisher’s identity.

Obfuscator

In software development, obfuscation is the deliberate act of creating source or machine code that is difficult for humans to understand. An obfuscator is a tool that conducts obfuscation. The following are common obfuscation techniques:

  • Lexical transformation
  • Data transformation
  • Control transformation
  • Call-flow transformation

Leave a Reply