CSSLP exam

According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD? Each correct answer represents a complete solution. Choose all that apply.A...

Which of the following penetration testing techniques automatically tests every phone line in an exchange and tries to locate modems that are attached to the network?A . Demon dialingB . SniffingC . Social engineeringD . Dumpster divingView AnswerAnswer: A Explanation: The demon dialing technique automatically tests every phone line in...

Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies?A . OMBB . NISTC . NSA/CSSD . DCAAView AnswerAnswer: A Explanation: The Office of Management and Budget (OMB) is a Cabinet-level office, and is the...

SIMULATION Fill in the blank with an appropriate phrase. models address specifications, requirements, design, verification and validation, and maintenance activities.View AnswerAnswer: Life cycle Explanation: A life cycle model helps to provide an insight into the development process and emphasizes on the relationships among the different activities in this process. This...

Which of the following NIST Special Publication documents provides a guideline on network security testing? A. NIST SP 800-42 B. NIST SP 800-53A C. NIST SP 800-60 D. NIST SP 800-53 E. NIST SP 800-37 F. NIST SP 800-59View AnswerAnswer: A Explanation: NIST SP 800-42 provides a guideline on network...

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the...

Which of the following process areas does the SSE-CMM define in the 'Project and Organizational Practices' category? Each correct answer represents a complete solution. Choose all that apply.A . Provide Ongoing Skills and KnowledgeB . Verify and Validate SecurityC . Manage Project RiskD . Improve Organization's System Engineering ProcessView AnswerAnswer:...

In which of the following types of tests are the disaster recovery checklists distributed to the members of disaster recovery team and asked to review the assigned checklist?A . Parallel testB . Simulation testC . Full-interruption testD . Checklist testView AnswerAnswer: D Explanation: A checklist test is a test in...

Which of the following is a variant with regard to Configuration Management?A . A CI that has the same name as another CI but shares no relationship.B . A CI that particularly refers to a software version.C . A CI that has the same essential functionality as another CI but...

Which of the following is a variant with regard to Configuration Management?A . A CI that has the same name as another CI but shares no relationship.B . A CI that particularly refers to a software version.C . A CI that has the same essential functionality as another CI but...