New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > ISC > ISC certification > CSSLP

CSSLP Certified Secure Software Lifecycle Professional Question and Answers

Note: This exam is available on Demand only. You can Pre-Order this Exam and we will arrange this for you.

Pre-Order Your "CSSLP - Certified Secure Software Lifecycle Professional" Exam

You can pre-order your "Certified Secure Software Lifecycle Professional" exam to us if you are in need this urgent. Dumpsmate.com Team will prepare your Exam Questions & Answers From Real Exam within next 2 to 3 Weeks Time only.

How to Make Pre-Order You Exams:

  1. 1. Click to "Add to Cart" Button.
  2. 2. Our Expert will arrange real Exam Questions within 2 to 3 weeks especially for you.
  3. 3. You will be notified within 2 to 3 Weeks' time once your Exam is ready with all Real Questions and Possible Answers with PDF + Testing Engine format.

Why to Choose DumpsMate?

  • We are Only can give you this service online in this portal. Whether or not your required exam is available with us or not, Our Team will get it ready for you for the nominal price!
  • Over 1000+ customers worldwide are using pre-ordering service.
  • Average 99.8% pass rate among our customers - at their first attempt!
  • 90 days of free updates included!

In the unlikely event if we can't make this exam available to you then you will issue a full refund! So there is no risk.

READY TO MAKE YOUR "CSSLP" PRE-ORDER?

$850

 Add To Cart
Question # 4

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE? Each correct answer represents a complete solution. Choose all that apply.

A.

An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).

B.

An ISSE provides advice on the continuous monitoring of the information system.

C.

An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).

D.

An ISSE provides advice on the impacts of system changes. E. An ISSO takes part in the development activities that are required to implement system changes.

Full Access
Question # 5

In which of the following cryptographic attacking techniques does an attacker obtain encrypted messages that have been encrypted using the same encryption algorithm?

A.

Chosen plaintext attack

B.

Chosen ciphertext attack

C.

Ciphertext only attack

D.

Known plaintext attack

Full Access
Question # 6

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. In order to do so, he performs the following steps of the pre-attack phase successfully: Information gathering Determination of network range Identification of active systems Location of open ports and applications Now, which of the following tasks should he perform next?

A.

Perform OS fingerprinting on the We-are-secure network.

B.

Map the network of We-are-secure Inc.

C.

Install a backdoor to log in remotely on the We-are-secure server.

D.

Fingerprint the services running on the we-are-secure network.

Full Access
Question # 7

There are seven risks responses that a project manager can choose from. Which risk response is appropriate for both positive and negative risk events?

A.

Acceptance

B.

Transference

C.

Sharing

D.

Mitigation

Full Access
Question # 8

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?

A.

Full operational test

B.

Penetration test

C.

Paper test

D.

Walk-through test

Full Access
Question # 9

Which of the following testing methods verifies the interfaces between components against a software design?

A.

Regression testing

B.

Integration testing

C.

Black-box testing

D.

Unit testing

Full Access
Question # 10

Which of the following governance bodies directs and coordinates implementations of the information security program?

A.

Chief Information Security Officer

B.

Information Security Steering Committee

C.

Business Unit Manager

D.

Senior Management

Full Access
Question # 11

You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information Systems?

A.

NIST Special Publication 800-60

B.

NIST Special Publication 800-53

C.

NIST Special Publication 800-37

D.

NIST Special Publication 800-59

Full Access
Question # 12

You work as the senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management you are decomposing the verification system into identifiable, understandable, manageable, traceable units that are known as Configuration Items (CIs). According to you, which of the following processes is known as the decomposition process of a verification system into Configuration Items?

A.

Configuration status accounting

B.

Configuration identification

C.

Configuration auditing

D.

Configuration control

Full Access
Question # 13

Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

A.

Authentication

B.

Integrity

C.

Non-repudiation

D.

Confidentiality

Full Access
Question # 14

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

A.

Project Management Information System

B.

Integrated Change Control

C.

Configuration Management System

D.

Scope Verification

Full Access
Question # 15

Which of the following types of redundancy prevents attacks in which an attacker can get physical control of a machine, insert unauthorized software, and alter data?

A.

Data redundancy

B.

Hardware redundancy

C.

Process redundancy

D.

Application redundancy

Full Access
Question # 16

Which of the following access control models are used in the commercial sector? Each correct answer represents a complete solution. Choose two.

A.

Biba model

B.

Clark-Biba model

C.

Clark-Wilson model

D.

Bell-LaPadula model

Full Access
Question # 17

Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls?

A.

Information Assurance (IA)

B.

Information systems security engineering (ISSE)

C.

Certification and accreditation (C&A)

D.

Risk Management

Full Access
Question # 18

Which of the following tools is used to attack the Digital Watermarking?

A.

Steg-Only Attack

B.

Active Attacks

C.

2Mosaic

D.

Gifshuffle

Full Access
Question # 19

In which of the following processes are experienced personnel and software tools used to investigate, resolve, and handle process deviation, malformed data, infrastructure, or connectivity issues?

A.

Risk Management

B.

Exception management

C.

Configuration Management

D.

Change Management

Full Access
Question # 20

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

A.

Negotiation

B.

Registration

C.

Document mission need

D.

Initial Certification Analysis

Full Access
Question # 21

John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. You have searched all open ports of the we-are-secure server. Now, you want to perform the next information-gathering step, i.e., passive OS fingerprinting. Which of the following tools can you use to accomplish the task?

A.

Superscan

B.

NBTscan

C.

Nmap

D.

P0f

Full Access
Question # 22

Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in the project, has introduced a scope change request for additional deliverables as part of the project work. What component of the change control system would review the proposed changes' impact on the features and functions of the project's product?

A.

Configuration management system

B.

Scope change control system

C.

Cost change control system

D.

Integrated change control

Full Access
Question # 23

You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task?

A.

Performance test

B.

Functional test

C.

Reliability test

D.

Regression test

Full Access
Question # 24

Which of the following specifies the behaviors of the DRM implementation and any applications that are accessing the implementation?

A.

OS fingerprinting

B.

OTA provisioning

C.

Access control

D.

Compliance rule

Full Access
Question # 25

The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

A.

Certification and accreditation decision

B.

Continue to review and refine the SSAA

C.

Perform certification evaluation of the integrated system

D.

System development

E.

Develop recommendation to the DAA

Full Access
Question # 26

The rights of an author or a corporation to make profit from the creation of their products (such as software, music, etc.) are protected by the Intellectual Property law. Which of the following are the components of the Intellectual Property law? Each correct answer represents a part of the solution. Choose two.

A.

Trademark law

B.

Industrial Property law

C.

Copyright law

D.

Patent law

Full Access
Question # 27

Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.

A.

Act honorably, honestly, justly, responsibly, and legally.

B.

Give guidance for resolving good versus good and bad versus bad dilemmas.

C.

Provide diligent and competent service to principals.

D.

Protect society, the commonwealth, and the infrastructure.

Full Access
Question # 28

RCA (root cause analysis) is an iterative and reactive method that identifies the root cause of various incidents, and the actions required to prevent these incidents from reoccurring. RCA is classified in various categories. Choose appropriate categories and drop them in front of their respective functions.

Full Access
Question # 29

Which of the following plans is a comprehensive statement of consistent actions to be taken before, during, and after a disruptive event that causes a significant loss of information systems resources?

A.

Contingency plan

B.

Continuity of Operations plan

C.

Disaster recovery plan

D.

Business Continuity plan

Full Access
Question # 30

Samantha works as an Ethical Hacker for we-are-secure Inc. She wants to test the security of the we-are-secure server for DoS attacks. She sends large number of ICMP ECHO packets to the target computer. Which of the following DoS attacking techniques will she use to accomplish the task?

A.

Smurf dos attack

B.

Land attack

C.

Ping flood attack

D.

Teardrop attack

Full Access
Question # 31

Security controls are safeguards or countermeasures to avoid, counteract, or minimize security risks. Which of the following are types of security controls? Each correct answer represents a complete solution. Choose all that apply.

A.

Common controls

B.

Hybrid controls

C.

Storage controls

D.

System-specific controls

Full Access
Question # 32

You work as a security engineer for BlueWell Inc. You want to use some techniques and procedures to verify the effectiveness of security controls in Federal Information System. Which of the following NIST documents will guide you?

A.

NIST Special Publication 800-53

B.

NIST Special Publication 800-59

C.

NIST Special Publication 800-53A

D.

NIST Special Publication 800-37

Full Access
Question # 33

The mission and business process level is the Tier 2. What are the various Tier 2 activities? Each correct answer represents a complete solution. Choose all that apply.

A.

Developing an organization-wide information protection strategy and incorporating high-level information security requirements

B.

Defining the types of information that the organization needs, to successfully execute the stated missions and business processes

C.

Specifying the degree of autonomy for the subordinate organizations

D.

Defining the core missions and business processes for the organization

E.

Prioritizing missions and business processes with respect to the goals and objectives of the organization

Full Access
Question # 34

In which of the following deployment models of cloud is the cloud infrastructure administered by the organizations or a third party? Each correct answer represents a complete solution. Choose two.

A.

Private cloud

B.

Public cloud

C.

Hybrid cloud

D.

Community cloud

Full Access
Question # 35

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply.

A.

Moderate

B.

Medium

C.

High

D.

Low

Full Access
Question # 36

Which of the following processes identifies the threats that can impact the business continuity of operations?

A.

Function analysis

B.

Risk analysis

C.

Business impact analysis

D.

Requirement analysis

Full Access
Question # 37

Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy?

A.

Common data security architecture (CDSA)

B.

Application program interface (API)

C.

Trusted computing base (TCB)

D.

Internet Protocol Security (IPSec)

Full Access
Question # 38

What are the various phases of the Software Assurance Acquisition process according to the U.S. Department of Defense (DoD) and Department of Homeland Security (DHS) Acquisition and Outsourcing Working Group?

A.

Implementing, contracting, auditing, monitoring

B.

Requirements, planning, monitoring, auditing

C.

Planning, contracting, monitoring and acceptance, follow-on

D.

Designing, implementing, contracting, monitoring

Full Access
Question # 39

Which of the following are the principle duties performed by the BIOS during POST (power-on-self-test)? Each correct answer represents a part of the solution. Choose all that apply.

A.

It provides a user interface for system's configuration.

B.

It identifies, organizes, and selects boot devices.

C.

It delegates control to other BIOS, if it is required.

D.

It discovers size and verifies system memory.

E.

It verifies the integrity of the BIOS code itself.

F.

It interrupts the execution of all running programs.

Full Access
Question # 40

Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below: System and data are validated. System meets all user requirements. System meets all control requirements.

A.

Evaluation and acceptance

B.

Programming and training

C.

Definition

D.

Initiation

Full Access
Question # 41

Drag and drop the correct DoD Policy Series at their appropriate places.

Full Access
Question # 42

Fill in the blank with the appropriate security mechanism. is a computer hardware mechanism or programming language construct which handles the occurrence of exceptional events.

A.

Exception handling

Full Access
Question # 43

Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

A.

Identifying the risk

B.

Assessing the impact of potential threats

C.

Identifying the accused

D.

Finding an economic balance between the impact of the risk and the cost of the countermeasure

Full Access
Question # 44

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

A.

Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.

B.

Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.

C.

Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.

D.

Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.

Full Access
Question # 45

Which of the following access control models uses a predefined set of access privileges for an object of a system?

A.

Role-Based Access Control

B.

Discretionary Access Control

C.

Policy Access Control

D.

Mandatory Access Control

Full Access
Question # 46

Which of the following features of SIEM products is used in analysis for identifying potential problems and reviewing all available data that are associated with the problems?

A.

Security knowledge base

B.

Graphical user interface

C.

Asset information storage and correlation

D.

Incident tracking and reporting

Full Access
Question # 47

Which of the following specifies access privileges to a collection of resources by using the URL mapping?

A.

Code Access Security

B.

Security constraint

C.

Configuration Management

D.

Access Management

Full Access
Question # 48

NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?

A.

Comprehensive

B.

Significant

C.

Abbreviated

D.

Substantial

Full Access
Question # 49

The Web resource collection is a security constraint element summarized in the Java Servlet Specification v2.4. Which of the following elements does it include? Each correct answer represents a complete solution. Choose two.

A.

HTTP methods

B.

Role names

C.

Transport guarantees

D.

URL patterns

Full Access
Question # 50

Which of the following is an example of penetration testing?

A.

Implementing NIDS on a network

B.

Implementing HIDS on a computer

C.

Simulating an actual attack on a network

D.

Configuring firewall to block unauthorized traffic

Full Access
Question # 51

Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

A.

Continuity of Operations Plan

B.

Contingency Plan

C.

Disaster Recovery Plan

D.

Business Continuity Plan

Full Access
Question # 52

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answer represents a part of the solution. Choose all that apply.

A.

NIST

B.

Office of Management and Budget (OMB)

C.

FIPS

D.

FISMA

Full Access