CSSLP Exam Questions To Become Certified Secure Software Lifecycle Professional

CSSLP (certified secure software lifecycle professional) is a certification from (ISC)2 that focuses on application security within the software development lifecycle (SDLC). CSSLP is intended to help candidates validate their expertise in application security, be able to better handle application vulnerabilities and demonstrate a working knowledge of application security.

PassQuestion CSSLP Exam Questions can help you to come true your dreams. Because it contains all the questions of CSSLP examination. With PassQuestion CSSLP Exam Questions, you could throw yourself into the exam preparation completely. With high quality CSSLP Exam Questions by PassQuestion provided, you will certainly pass the exam.

CSSLP Exam Questions To Become Certified Secure Software Lifecycle Professional

1. You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network. While auditing the company’s network, you are facing problems in searching the faults and other entities that belong to it.

Which of the following risks may occur due to the existence of these problems?

 
 
 
 

2. The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information.

Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.

 
 
 
 
 

3. Which of the following penetration testing techniques automatically tests every phone line in an exchange and tries to locate modems that are attached to the network?

 
 
 
 

4. Which of the following roles is also known as the accreditor?

 
 
 
 

5. DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels.

Which of the following MAC levels requires high integrity and medium availability?

 
 
 
 

6. Microsoft software security expert Michael Howard defines some heuristics for determining code review in “A Process for Performing Security Code Reviews”.

Which of the following heuristics increase the application’s attack surface? Each correct answer represents a complete solution. Choose all that apply.

 
 
 
 
 
 

7. Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

 
 
 
 

8. What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete solution. Choose all that apply.

 
 
 
 

9. You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project.

Which risk management process can satisfy management’s objective for your project?

 
 
 
 

10. Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject?

 
 
 
 

11. You are the project manager for GHY Project and are working to create a risk response for a negative risk. You and the project team have identified the risk that the project may not complete on time, as required by the management, due to the creation of the user guide for the software you’re creating. You have elected to hire an external writer in order to satisfy the requirements and to alleviate the risk event.

What type of risk response have you elected to use in this instance?

 
 
 
 

12. Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies?

 
 
 
 

13. Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes.

You tell her that all of the following are valid configuration management activities except for which one?

 
 
 
 

14. Which of the following types of redundancy prevents attacks in which an attacker can get physical control of a machine, insert unauthorized software, and alter data?

 
 
 
 

15. Which of the following individuals inspects whether the security policies, standards, guidelines, and procedures are efficiently performed in accordance with the company’s stated security objectives?

 
 
 
 

16. Which of the following process areas does the SSE-CMM define in the ‘Project and Organizational Practices’ category? Each correct answer represents a complete solution. Choose all that apply.

 
 
 
 

17. The LeGrand Vulnerability-Oriented Risk Management method is based on vulnerability analysis and consists of four principle steps.

Which of the following processes does the risk assessment step include? Each correct answer represents a part of the solution. Choose all that apply.

 
 
 
 

18. You work as a Security Manager for Tech Perfect Inc. You have set up a SIEM server for the following purposes: Analyze the data from different log sources Correlate the events among the log entries Identify and prioritize significant events Initiate responses to events if required One of your log monitoring staff wants to know the features of SIEM product that will help them in these purposes.

What features will you recommend? Each correct answer represents a complete solution. Choose all that apply.

 
 
 
 
 

19. According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls.

Which of the following are among the eight areas of IA defined by DoD? Each correct answer represents a complete solution. Choose all that apply.

 
 
 
 

20. The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively.

Which of the following statements are true about ISSO and ISSE? Each correct answer represents a complete solution. Choose all that apply.

 
 
 
 

CAP Certification Free Questions - Certified Authorization Professional

Leave a Reply

Your email address will not be published. Required fields are marked *