Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Hot Vendors

CSSLP Certified Secure Software Lifecycle Professional Questions and Answers

Questions 4

Which of the following statements about the authentication concept of information security management is true?

Options:

A.

It establishes the users' identity and ensures that the users are who they say they are.

B.

It ensures the reliable and timely access to resources.

C.

It determines the actions and behaviors of a single individual within a system, and identifies that particular individual.

D.

It ensures that modifications are not made to data by unauthorized personnel or processes.

Buy Now
Questions 5

In which of the following deployment models of cloud is the cloud infrastructure operated exclusively for an organization?

Options:

A.

Public cloud

B.

Community cloud

C.

Private cloud

D.

Hybrid cloud

Buy Now
Questions 6

Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Security accreditation decision

B.

Security control monitoring and impact analyses of changes to the information system

C.

Security accreditation documentation

D.

Configuration management and control

E.

Status reporting and documentation

Buy Now
Questions 7

Fill in the blank with the appropriate security mechanism. is a computer hardware mechanism or programming language construct which handles the occurrence of exceptional events.

Options:

A.

Exception handling

Buy Now
Questions 8

Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

Options:

A.

Contingency plan

B.

Business continuity plan

C.

Crisis communication plan

D.

Disaster recovery plan

Buy Now
Questions 9

Which of the following provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application?

Options:

A.

Watermarking

B.

Code obfuscation

C.

Encryption wrapper

D.

ESAPI

Buy Now
Questions 10

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Certification agent

B.

Designated Approving Authority

C.

IS program manager

D.

Information Assurance Manager

E.

User representative

Buy Now
Questions 11

The service-oriented modeling framework (SOMF) provides a common modeling notation to address alignment between business and IT organizations. Which of the following principles does the SOMF concentrate on? Each correct answer represents a part of the solution. Choose all that apply.

Options:

A.

Architectural components abstraction

B.

SOA value proposition

C.

Business traceability

D.

Disaster recovery planning

E.

Software assets reuse

Buy Now
Questions 12

Which of the following NIST Special Publication documents provides a guideline on network security testing?

Options:

A.

NIST SP 800-42

B.

NIST SP 800-53A

C.

NIST SP 800-60

D.

NIST SP 800-53

E.

NIST SP 800-37

F.

NIST SP 800-59

Buy Now
Questions 13

Which of the following access control models are used in the commercial sector? Each correct answer represents a complete solution. Choose two.

Options:

A.

Biba model

B.

Clark-Biba model

C.

Clark-Wilson model

D.

Bell-LaPadula model

Buy Now
Questions 14

Which of the following are examples of the application programming interface (API)? Each correct answer represents a complete solution. Choose three.

Options:

A.

HTML

B.

PHP

C.

.NET

D.

Perl

Buy Now
Questions 15

Which of the following access control models uses a predefined set of access privileges for an object of a system?

Options:

A.

Role-Based Access Control

B.

Discretionary Access Control

C.

Policy Access Control

D.

Mandatory Access Control

Buy Now
Questions 16

What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Conduct validation activities.

B.

Execute and update IA implementation plan.

C.

Combine validation results in DIACAP scorecard.

D.

Conduct activities related to the disposition of the system data and objects.

Buy Now
Questions 17

At which of the following levels of robustness in DRM must the security functions be immune to widely available tools and specialized tools and resistant to professional tools?

Options:

A.

Level 2

B.

Level 4

C.

Level 1

D.

Level 3

Buy Now
Questions 18

Which of the following tiers addresses risks from an information system perspective?

Options:

A.

Tier 0

B.

Tier 3

C.

Tier 2

D.

Tier 1

Buy Now
Questions 19

Which of the following security models characterizes the rights of each subject with respect to every object in the computer system?

Options:

A.

Clark-Wilson model

B.

Bell-LaPadula model

C.

Biba model

D.

Access matrix

Buy Now
Questions 20

You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the person who made that change. What is this called?

Options:

A.

Availability

B.

Confidentiality

C.

Non repudiation

D.

Data Protection

Buy Now
Questions 21

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

Options:

A.

NSA-IAM

B.

NIACAP

C.

ASSET

D.

DITSCAP

Buy Now
Questions 22

In which of the following architecture styles does a device receive input from connectors and generate transformed outputs?

Options:

A.

N-tiered

B.

Heterogeneous

C.

Pipes and filters

D.

Layered

Buy Now
Questions 23

What project management plan is most likely to direct the quantitative risk analysis process for a project in a matrix environment?

Options:

A.

Risk analysis plan

B.

Staffing management plan

C.

Risk management plan

D.

Human resource management plan

Buy Now
Questions 24

FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals?

Options:

A.

Moderate

B.

Low

C.

Medium

D.

High

Buy Now
Questions 25

Adrian is the project manager of the NHP Project. In her project there are several work packages that deal with electrical wiring. Rather than to manage the risk internally she has decided to hire a vendor to complete all work packages that deal with the electrical wiring. By removing the risk internally to a licensed electrician Adrian feels more comfortable with project team being safe. What type of risk response has Adrian used in this example?

Options:

A.

Acceptance

B.

Avoidance

C.

Mitigation

D.

Transference

Buy Now
Questions 26

You work as a Security Manager for Tech Perfect Inc. You want to save all the data from the SQL injection attack, which can read sensitive data from the database and modify database data using some commands, such as Insert, Update, and Delete. Which of the following tasks will you perform? Each correct answer represents a complete solution. Choose three.

Options:

A.

Apply maximum number of database permissions.

B.

Use an encapsulated library for accessing databases.

C.

Create parameterized stored procedures.

D.

Create parameterized queries by using bound and typed parameters.

Buy Now
Questions 27

Which of the following are the basic characteristics of declarative security? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It is a container-managed security.

B.

It has a runtime environment.

C.

All security constraints are stated in the configuration files.

D.

The security policies are applied at the deployment time.

Buy Now
Questions 28

Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

Options:

A.

Configuration management

B.

Risk management

C.

Change management

D.

Procurement management

Buy Now
Questions 29

"Enhancing the Development Life Cycle to Produce Secure Software" summarizes the tools and practices that are helpful in producing secure software. What are these tools and practices? Each correct answer represents a complete solution. Choose three.

Options:

A.

Leverage attack patterns

B.

Compiler security checking and enforcement

C.

Tools to detect memory violations

D.

Safe software libraries E. Code for reuse and maintainability

Buy Now
Questions 30

The Systems Development Life Cycle (SDLC) is the process of creating or altering the systems; and the models and methodologies that people use to develop these systems. Which of the following are the different phases of system development life cycle? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Testing

B.

Implementation

C.

Operation/maintenance

D.

Development/acquisition

E.

Disposal

F.

Initiation

Buy Now
Questions 31

Which of the following is an attack with IP fragments that cannot be reassembled?

Options:

A.

Password guessing attack

B.

Teardrop attack

C.

Dictionary attack

D.

Smurf attack

Buy Now
Questions 32

Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality?

Options:

A.

Information Protection Policy (IPP)

B.

IMM

C.

System Security Context

D.

CONOPS

Buy Now
Questions 33

Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

Options:

A.

Confidentiality

B.

Non-repudiation

C.

Authentication

D.

Integrity

Buy Now
Questions 34

Which of the following are examples of passive attacks? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Dumpster diving

B.

Placing a backdoor

C.

Eavesdropping

D.

Shoulder surfing

Buy Now
Questions 35

Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site. Which of the following is violated in a shoulder surfing attack?

Options:

A.

Integrity

B.

Availability

C.

Confidentiality

D.

Authenticity

Buy Now
Questions 36

You work as a Security Manager for Tech Perfect Inc. You find that some applications have failed to encrypt network traffic while ensuring secure communications in the organization. Which of the following will you use to resolve the issue?

Options:

A.

SCP

B.

TLS

C.

IPSec

D.

HTTPS

Buy Now
Questions 37

Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document is Frank and the NHH Project team creating in this scenario?

Options:

A.

Risk management plan

B.

Project plan

C.

Project management plan

D.

Resource management plan

Buy Now
Questions 38

Which of the following statements describe the main purposes of a Regulatory policy? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It acknowledges the importance of the computing resources to the business model

B.

It provides a statement of support for information security throughout the enterprise

C.

It ensures that an organization is following the standard procedures or base practices of operation in its specific industry.

D.

It gives an organization the confidence that it is following the standard and accepted industry policy.

Buy Now
Questions 39

The service-oriented modeling framework (SOMF) introduces five major life cycle modeling activities that drive a service evolution during design-time and run-time. Which of the following activities integrates SOA software assets and establishes SOA logical environment dependencies?

Options:

A.

Service-oriented discovery and analysis modeling

B.

Service-oriented business integration modeling

C.

Service-oriented logical architecture modeling

D.

Service-oriented logical design modeling

Buy Now
Questions 40

Which of the following statements about a host-based intrusion prevention system (HIPS) are true? Each correct answer represents a complete solution. Choose two.

Options:

A.

It can detect events scattered over the network.

B.

It is a technique that allows multiple computers to share one or more IP addresses.

C.

It can handle encrypted and unencrypted traffic equally.

D.

It cannot detect events scattered over the network.

Buy Now
Questions 41

Rob is the project manager of the IDLK Project for his company. This project has a budget of $5,600,000 and is expected to last 18 months. Rob has learned that a new law may affect how the project is allowed to proceed - even though the organization has already invested over $750,000 in the project. What risk response is the most appropriate for this instance?

Options:

A.

Transference

B.

Enhance

C.

Mitigation

D.

Acceptance

Buy Now
Questions 42

Security controls are safeguards or countermeasures to avoid, counteract, or minimize security risks. Which of the following are types of security controls? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

Common controls

B.

Hybrid controls

C.

Storage controls

D.

System-specific controls

Buy Now
Questions 43

Who amongst the following makes the final accreditation decision?

Options:

A.

ISSE

B.

CRO

C.

DAA

D.

ISSO

Buy Now
Questions 44

Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject?

Options:

A.

Take-Grant Protection Model

B.

Biba Integrity Model

C.

Bell-LaPadula Model

D.

Access Matrix

Buy Now
Questions 45

Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?

Options:

A.

Phase 4

B.

Phase 3

C.

Phase 1

D.

Phase 2

Buy Now
Questions 46

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. In order to do so, he performs the following steps of the pre-attack phase successfully: Information gathering Determination of network range Identification of active systems Location of open ports and applications Now, which of the following tasks should he perform next?

Options:

A.

Perform OS fingerprinting on the We-are-secure network.

B.

Map the network of We-are-secure Inc.

C.

Install a backdoor to log in remotely on the We-are-secure server.

D.

Fingerprint the services running on the we-are-secure network.

Buy Now
Questions 47

Which of the following is a signature-based intrusion detection system (IDS) ?

Options:

A.

RealSecure

B.

StealthWatch

C.

Tripwire

D.

Snort

Buy Now
Questions 48

An asset with a value of $600,000 is subject to a successful malicious attack threat twice a year. The asset has an exposure of 30 percent to the threat. What will be the annualized loss expectancy?

Options:

A.

$360,000

B.

$180,000

C.

$280,000

D.

$540,000

Buy Now
Questions 49

Which of the following tools is used to attack the Digital Watermarking?

Options:

A.

Steg-Only Attack

B.

Active Attacks

C.

2Mosaic

D.

Gifshuffle

Buy Now
Questions 50

Which of the following actions does the Data Loss Prevention (DLP) technology take when an agent detects a policy violation for data of all states? Each correct answer represents a complete solution. Choose all that apply.

Options:

A.

It creates an alert.

B.

It quarantines the file to a secure location.

C.

It reconstructs the session.

D.

It blocks the transmission of content.

Buy Now
Questions 51

Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

Options:

A.

Copyright

B.

Snooping

C.

Utility model

D.

Patent

Buy Now
Questions 52

You work as a systems engineer for BlueWell Inc. Which of the following tools will you use to look outside your own organization to examine how others achieve their performance levels, and what processes they use to reach those levels?

Options:

A.

Benchmarking

B.

Six Sigma

C.

ISO 9001:2000

D.

SEI-CMM

Buy Now
Exam Code: CSSLP
Exam Name: Certified Secure Software Lifecycle Professional
Last Update: Nov 16, 2024
Preorder
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 23 Nov 2024