New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

CSSLP Certified Secure Software Lifecycle Professional Questions and Answers

Questions 4

Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

Options:

A.

File and object access

B.

Data downloading from the Internet

C.

Printer access

D.

Network logons and logoffs

Buy Now
Questions 5

The Software Configuration Management (SCM) process defines the need to trace changes, and the ability to verify that the final delivered software has all of the planned enhancements that are supposed to be included in the release. What are the procedures that must be defined for each software project to ensure that a sound SCM process is implemented? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Configuration status accounting

B.

Configuration change control

C.

Configuration identification

D.

Configuration audits

E.

Configuration implementation

F.

Configuration deployment

Buy Now
Questions 6

Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Change and Configuration Control

B.

Security Certification and Accreditation (C&A)

C.

Vulnerability Assessment and Penetration Testing

D.

Risk Adjustments

Buy Now
Questions 7

Billy is the project manager of the HAR Project and is in month six of the project. The project is scheduled to last for 18 months. Management asks Billy how often the project team is participating in risk reassessment in this project. What should Billy tell management if he's following the best practices for risk management?

Options:

A.

Project risk management happens at every milestone.

B.

Project risk management has been concluded with the project planning.

C.

Project risk management is scheduled for every month in the 18-month project.

D.

At every status meeting the project team project risk management is an agenda item.

Buy Now
Questions 8

Which of the following testing methods tests the system efficiency by systematically selecting the suitable and minimum set of tests that are required to effectively cover the affected changes?

Options:

A.

Unit testing

B.

Integration testing

C.

Acceptance testing

D.

Regression testing

Buy Now
Questions 9

Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS?

Options:

A.

DIAP

B.

DTIC

C.

DARPA

D.

DISA

Buy Now
Questions 10

Which of the following is the process of finding weaknesses in cryptographic algorithms and obtaining the plaintext or key from the ciphertext?

Options:

A.

Cryptographer

B.

Cryptography

C.

Kerberos

D.

Cryptanalysis

Buy Now
Questions 11

Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy?

Options:

A.

Common data security architecture (CDSA)

B.

Application program interface (API)

C.

Trusted computing base (TCB)

D.

Internet Protocol Security (IPSec)

Buy Now
Questions 12

You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network. While auditing the company's network, you are facing problems in searching the faults and other entities that belong to it. Which of the following risks may occur due to the existence of these problems?

Options:

A.

Residual risk

B.

Secondary risk

C.

Detection risk

D.

Inherent risk

Buy Now
Questions 13

Joseph works as a Software Developer for WebTech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software?

Options:

A.

Code Security law

B.

Patent laws

C.

Trademark laws

D.

Copyright laws

Buy Now
Questions 14

Martha registers a domain named Microsoft.in. She tries to sell it to Microsoft Corporation. The infringement of which of the following has she made?

Options:

A.

Copyright

B.

Trademark

C.

Patent

D.

Intellectual property

Buy Now
Questions 15

Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life?

Options:

A.

National Security Agency (NSA)

B.

National Institute of Standards and Technology (NIST)

C.

United States Congress

D.

Committee on National Security Systems (CNSS)

Buy Now
Questions 16

Which of the following terms ensures that no intentional or unintentional unauthorized modification is made to data?

Options:

A.

Non-repudiation

B.

Integrity

C.

Authentication

D.

Confidentiality

Buy Now
Questions 17

Security controls are safeguards or countermeasures to avoid, counteract, or minimize security risks. Which of the following are types of security controls? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Common controls

B.

Hybrid controls

C.

Storage controls

D.

System-specific controls

Buy Now
Questions 18

The mission and business process level is the Tier 2. What are the various Tier 2 activities? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Developing an organization-wide information protection strategy and incorporating high-level information security requirements

B.

Defining the types of information that the organization needs, to successfully execute the stated missions and business processes

C.

Specifying the degree of autonomy for the subordinate organizations

D.

Defining the core missions and business processes for the organization

E.

Prioritizing missions and business processes with respect to the goals and objectives of the organization

Buy Now
Questions 19

Which of the following methods is a means of ensuring that system changes are approved before being implemented, only the proposed and approved changes are implemented, and the implementation is complete and accurate?

Options:

A.

Configuration control

B.

Documentation control

C.

Configuration identification

D.

Configuration auditing

Buy Now
Questions 20

In which of the following levels of exception safety are operations succeeded with full guarantee and fulfill all needs in the presence of exceptional situations?

Options:

A.

Commit or rollback semantics

B.

Minimal exception safety

C.

Failure transparency

D.

Basic exception safety

Buy Now
Questions 21

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the U.S. Federal Government information security standards? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

IR Incident Response

B.

Information systems acquisition, development, and maintenance

C.

SA System and Services Acquisition

D.

CA Certification, Accreditation, and Security Assessments

Buy Now
Questions 22

Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work. What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?

Options:

A.

Configuration management system

B.

Scope change control system

C.

Cost change control system

D.

Integrated change control

Buy Now
Questions 23

Which of the following processes identifies the threats that can impact the business continuity of operations?

Options:

A.

Function analysis

B.

Risk analysis

C.

Business impact analysis

D.

Requirement analysis

Buy Now
Questions 24

Which of the following security models focuses on data confidentiality and controlled access to classified information?

Options:

A.

Clark-Wilson model

B.

Biba model

C.

Take-Grant model

D.

Bell-La Padula model

Buy Now
Questions 25

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls are tested and reviewed?

Options:

A.

Level 4

B.

Level 5

C.

Level 2

D.

Level 3

E.

Level 1

Buy Now
Questions 26

Which of the following refers to a process that is used for implementing information security?

Options:

A.

Classic information security model

B.

Five Pillars model

C.

Certification and Accreditation (C&A)

D.

Information Assurance (IA)

Buy Now
Questions 27

Which of the following scanning techniques helps to ensure that the standard software configuration is currently with the latest security patches and software, and helps to locate uncontrolled or unauthorized software?

Options:

A.

Port Scanning

B.

Discovery Scanning

C.

Server Scanning

D.

Workstation Scanning

Buy Now
Questions 28

Which of the following techniques is used when a system performs the penetration testing with the objective of accessing unauthorized information residing inside a computer?

Options:

A.

Biometrician

B.

Van Eck Phreaking

C.

Port scanning

D.

Phreaking

Buy Now
Questions 29

Which of the following policies can explain how the company interacts with partners, the company's goals and mission, and a general reporting structure in different situations?

Options:

A.

Informative

B.

Advisory

C.

Selective

D.

Regulatory

Buy Now
Questions 30

Drag and drop the appropriate principle documents in front of their respective functions.

Options:

Buy Now
Questions 31

Drag and drop the appropriate external constructs in front of their respective functions.

Options:

Buy Now
Questions 32

Which of the following security related areas are used to protect the confidentiality, integrity, and availability of federal information systems and information processed by those systems?

Options:

A.

Personnel security

B.

Access control

C.

Configuration management

D.

Media protection

E.

Risk assessment

Buy Now
Questions 33

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

Options:

A.

Configuration Identification

B.

Configuration Verification and Auditing

C.

Configuration Status Accounting

D.

Configuration Item Costing

Buy Now
Questions 34

The LeGrand Vulnerability-Oriented Risk Management method is based on vulnerability analysis and consists of four principle steps. Which of the following processes does the risk assessment step include? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Remediation of a particular vulnerability

B.

Cost-benefit examination of countermeasures

C.

Identification of vulnerabilities

D.

Assessment of attacks

Buy Now
Questions 35

Which of the following methods offers a number of modeling practices and disciplines that contribute to a successful service-oriented life cycle management and modeling?

Options:

A.

Service-oriented modeling framework (SOMF)

B.

Service-oriented architecture (SOA)

C.

Sherwood Applied Business Security Architecture (SABSA)

D.

Service-oriented modeling and architecture (SOMA)

Buy Now
Questions 36

Which of the following access control models are used in the commercial sector? Each correct answer represents a complete solution. Choose two.

Options:

A.

Biba model

B.

Clark-Biba model

C.

Clark-Wilson model

D.

Bell-LaPadula model

Buy Now
Questions 37

Which of the following statements describe the main purposes of a Regulatory policy? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It acknowledges the importance of the computing resources to the business model

B.

It provides a statement of support for information security throughout the enterprise

C.

It ensures that an organization is following the standard procedures or base practices of operation in its specific industry.

D.

It gives an organization the confidence that it is following the standard and accepted industry policy.

Buy Now
Questions 38

Which of the following penetration testing techniques automatically tests every phone line in an exchange and tries to locate modems that are attached to the network?

Options:

A.

Demon dialing

B.

Sniffing

C.

Social engineering

D.

Dumpster diving

Buy Now
Questions 39

Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle?

Options:

A.

Phase 3, Validation

B.

Phase 1, Definition

C.

Phase 2, Verification

D.

Phase 4, Post Accreditation Phase

Buy Now
Questions 40

Which of the following is an example of over-the-air (OTA) provisioning in digital rights management?

Options:

A.

Use of shared secrets to initiate or rebuild trust.

B.

Use of software to meet the deployment goals.

C.

Use of concealment to avoid tampering attacks.

D.

Use of device properties for unique identification.

Buy Now
Questions 41

Which of the following rated systems of the Orange book has mandatory protection of the TCB?

Options:

A.

A-rated

B.

B-rated

C.

D-rated

D.

C-rated

Buy Now
Questions 42

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

Options:

A.

Physical

B.

Technical

C.

Administrative

D.

Automatic

Buy Now
Questions 43

Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?

Options:

A.

DoD 8910.1

B.

DoD 7950.1-M

C.

DoDD 8000.1

D.

DoD 5200.22-M

E.

DoD 5200.1-R

Buy Now
Questions 44

You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team has successfully completed the risk response planning and now you must initiate what risk process it is. Which of the following risk processes is repeated after the plan risk responses to determine if the overall project risk has been satisfactorily decreased?

Options:

A.

Quantitative risk analysis

B.

Risk identification

C.

Risk response implementation

D.

Qualitative risk analysis

Buy Now
Questions 45

Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls?

Options:

A.

Information Assurance (IA)

B.

Information systems security engineering (ISSE)

C.

Certification and accreditation (C&A)

D.

Risk Management

Buy Now
Questions 46

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Certification agent

B.

Designated Approving Authority

C.

IS program manager

D.

Information Assurance Manager

E.

User representative

Buy Now
Questions 47

Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States?

Options:

A.

Computer Misuse Act

B.

Lanham Act

C.

Computer Fraud and Abuse Act

D.

FISMA

Buy Now
Questions 48

In which of the following SDLC phases is the system's security features configured and enabled, the system is tested and installed or fielded, and the system is authorized for processing?

Options:

A.

Development/Acquisition Phase

B.

Operation/Maintenance Phase

C.

Implementation Phase

D.

Initiation Phase

Buy Now
Questions 49

Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Right-Up Approach

B.

Left-Up Approach

C.

Top-Down Approach

D.

Bottom-Up Approach

Buy Now
Questions 50

Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.

Options:

A.

It ensures that unauthorized modifications are not made to data by authorized personnel or processes.

B.

It determines the actions and behaviors of a single individual within a system

C.

It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

D.

It ensures that modifications are not made to data by unauthorized personnel or processes.

Buy Now
Questions 51

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He finds that the We-are-secure server is vulnerable to attacks. As a countermeasure, he suggests that the Network Administrator should remove the IPP printing capability from the server. He is suggesting this as a countermeasure against __________.

Options:

A.

SNMP enumeration

B.

IIS buffer overflow

C.

NetBIOS NULL session

D.

DNS zone transfer

Buy Now
Questions 52

You work as a Network Administrator for uCertify Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recommend for providing security?

Options:

A.

SSL

B.

VPN

C.

S/MIME

D.

HTTP

Buy Now
Exam Code: CSSLP
Exam Name: Certified Secure Software Lifecycle Professional
Last Update: Dec 26, 2024
Questions: 0
CSSLP pdf

CSSLP PDF

$25.5  $84.99
CSSLP Engine

CSSLP Testing Engine

$30  $99.99
CSSLP PDF + Engine

CSSLP PDF + Testing Engine

$255  $850