Effective CISSP Questions

Alice and Bob work together to develop a log parser using C++.  Alice is linking the main program with the modules in object code developed by Bob. The log parser loads all the dependent modules when it starts. Which of the following best describes the role of Bob’s modules?
A. Software Development Kit (SDK)
B. Runtime library
C. Static library
D. Application Programming Interface (API)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Static library.

Static Library

A static library contains software components that can be loaded into a fixed relative memory address and reused by programs. Static libraries can be merged into the main program or exist as standalone files loaded into the fixed address space determined at compile-time/link-time when the main program starts.

Static libraries are either merged with other static libraries and object files during building/linking to form a single executable or loaded at run-time into the address space of their corresponding executable at a static memory offset determined at compile-time/link-time.

Source: Wikipedia

Application Programming Interface (API)

API is the “contract” between the service consumer and service provider. A contract defines the service or function name, input parameters, outputs, etc. An API, as a contract, doesn’t comprise implementations, or the software component itself. However, a library typically comprises implementations.

An API providing access to services can be implemented by local components or remote services. Local components can be missing and remote services may be not available. A program getting access to an API doesn’t mean it can execute normally. In other words, getting a contract doesn’t guarantee the fulfillment of the contract.

Software Development Kit (SDK)

“A software development kit (SDK) is a collection of software development tools in one installable package. They facilitate the creation of applications by having compiler, debugger and perhaps a software framework.” (Wikipedia) For example, Java Development Kit, iOS SDK, .NET Framework SDK.

Runtime Library

A runtime library should NOT be confused with a dynamic library, a library linked at run time. 

In computer programming, a runtime library is a set of low-level routines used by a compiler to invoke some of the behaviors of a runtime environment, by inserting calls to the runtime library into compiled executable binary.

Source: Wikipedia



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

Alice和Bob一起使用C ++開發一個日誌解析器。 Alice正在將主程序與Bob開發的目標代碼(object code)中的模塊鏈接起來。 日誌解析器在啟動時會加載所有從屬模塊。 以下哪一項最能描述Bob的模塊的作用?
A. 軟件開發套件 (SDK)
B. 運行時期程式庫 (Runtime library)
C. 靜態程式庫
D. 應用程序編程接口 (API)

1 thought on “CISSP PRACTICE QUESTIONS – 20200921


Leave a Reply