ISC CSSLP Certified Secure Software Lifecycle Professional Online Training
ISC CSSLP Online Training
The questions for CSSLP were last updated at Apr 14,2025.
- Exam Code: CSSLP
- Exam Name: Certified Secure Software Lifecycle Professional
- Certification Provider: ISC
- Latest update: Apr 14,2025
You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network. While auditing the company’s network, you are facing problems in searching the faults and other entities that belong to it.
Which of the following risks may occur due to the existence of these problems?
- A . Residual risk
- B . Secondary risk
- C . Detection risk
- D . Inherent risk
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information.
Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.
- A . Certification agent
- B . Designated Approving Authority
- C . IS program manager
- D . Information Assurance Manager
- E . User representative
Which of the following penetration testing techniques automatically tests every phone line in an exchange and tries to locate modems that are attached to the network?
- A . Demon dialing
- B . Sniffing
- C . Social engineering
- D . Dumpster diving
Which of the following roles is also known as the accreditor?
- A . Data owner
- B . Chief Risk Officer
- C . Chief Information Officer
- D . Designated Approving Authority
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels.
Which of the following MAC levels requires high integrity and medium availability?
- A . MAC III
- B . MAC IV
- C . MAC I
- D . MAC II
Microsoft software security expert Michael Howard defines some heuristics for determining code review in "A Process for Performing Security Code Reviews".
Which of the following heuristics increase the application’s attack surface? Each correct answer represents a complete solution. Choose all that apply.
- A . Code written in C/C++/assembly language
- B . Code listening on a globally accessible network interface
- C . Code that changes frequently
- D . Anonymously accessible code
- E . Code that runs by default
- F . Code that runs in elevated context
Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?
- A . Authentication
- B . Integrity
- C . Non-repudiation
- D . Confidentiality
What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete solution. Choose all that apply.
- A . Develop software requirements.
- B . Implement change control procedures.
- C . Develop evaluation criteria and evaluation plan.
- D . Create acquisition strategy.
You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project.
Which risk management process can satisfy management’s objective for your project?
- A . Qualitative risk analysis
- B . Historical information
- C . Rolling wave planning
- D . Quantitative analysis
Latest CSSLP Dumps Valid Version with 349 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
