Certbus > ISC > ISC Certification > CSSLP > CSSLP Online Practice Questions and Answers

CSSLP Online Practice Questions and Answers

Questions 4

You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project?

A. Qualitative risk analysis

B. Historical information

C. Rolling wave planning

D. Quantitative analysis

Browse 354 Q&As
Questions 5

Which of the following methods does the Java Servlet Specification v2.4 define in the HttpServletRequest interface that control programmatic security? Each correct answer represents a complete solution. Choose all that apply.

A. getCallerIdentity()

B. isUserInRole()

C. getUserPrincipal()

D. getRemoteUser()

Browse 354 Q&As
Questions 6

You have a storage media with some data and you make efforts to remove this data. After performing this, you analyze that the data remains present on the media. Which of the following refers to the above mentioned condition?

A. Object reuse

B. Degaussing

C. Residual

D. Data remanence

Browse 354 Q&As
Questions 7

A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?

A. Trademark law

B. Security law

C. Privacy law

D. Copyright law

Browse 354 Q&As
Questions 8

In which of the following DIACAP phases is residual risk analyzed?

A. Phase 1

B. Phase 5

C. Phase 2

D. Phase 4

E. Phase 3

Browse 354 Q&As
Questions 9

Which of the following is a malicious exploit of a website, whereby unauthorized commands are transmitted from a user trusted by the website?

A. Cross-Site Scripting

B. Injection flaw

C. Side channel attack

D. Cross-Site Request Forgery

Browse 354 Q&As
Questions 10

The build environment of secure coding consists of some tools that actively support secure specification, design, and implementation. Which of the following features do these tools have? Each correct answer represents a complete solution. Choose all that apply.

A. They decrease the exploitable flaws and weaknesses.

B. They reduce and restrain the propagation, extent, and damage that have occurred by insecure software behavior.

C. They decrease the attack surface.

D. They employ software security constraints, protections, and services. E. They decrease the level of type checking and program analysis.

Browse 354 Q&As
Questions 11

Which of the following are the principle duties performed by the BIOS during POST (power-on- self-test)? Each correct answer represents a part of the solution. Choose all that apply.

A. It provides a user interface for system's configuration.

B. It identifies, organizes, and selects boot devices.

C. It delegates control to other BIOS, if it is required.

D. It discovers size and verifies system memory.

E. It verifies the integrity of the BIOS code itself.

F. It interrupts the execution of all running programs.

Browse 354 Q&As
Questions 12

Which of the following scanning techniques helps to ensure that the standard software configuration is currently with the latest security patches and software, and helps to locate uncontrolled or unauthorized software?

A. Port Scanning

B. Discovery Scanning

C. Server Scanning

D. Workstation Scanning

Browse 354 Q&As
Questions 13

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?

A. Level 4

B. Level 5

C. Level 2

D. Level 3

E. Level 1

Browse 354 Q&As
Questions 14

In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation and training?

A. Design

B. Evaluation and acceptance

C. Programming and training

D. Initiation

Browse 354 Q&As
Questions 15

Which of the following US Acts emphasized a "risk-based policy for cost-effective security" and makes mandatory for agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency's information security program and report the results to Office of Management and Budget?

A. Federal Information Security Management Act of 2002 (FISMA)

B. The Electronic Communications Privacy Act of 1986 (ECPA)

C. The Equal Credit Opportunity Act (ECOA)

D. The Fair Credit Reporting Act (FCRA)

Browse 354 Q&As
Questions 16

Which of the following security architectures defines how to integrate widely disparate applications for a world that is Web-based and uses multiple implementation platforms?

A. Sherwood Applied Business Security Architecture

B. Enterprise architecture

C. Service-oriented architecture

D. Service-oriented modeling and architecture

Browse 354 Q&As
Questions 17

Audit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Under which of the following controls does audit control come?

A. Reactive controls

B. Detective controls

C. Protective controls

D. Preventive controls

Browse 354 Q&As
Questions 18

Which of the following DoD directives defines DITSCAP as the standard CandA process for the Department of Defense?

A. DoD 8910.1

B. DoD 5200.22-M

C. DoD 8000.1

D. DoD 5200.40

Browse 354 Q&As
Exam Code: CSSLP
Exam Name: Certified Secure Software Lifecycle Professional Practice Test
Last Update: Mar 23, 2024
Questions: 354 Q&As

PDF

$45.99

VCE

$49.99

PDF + VCE

$59.99