Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. ISC2
  3. CSSLP

ISC2 Certified Secure Software Lifecycle Professional CSSLP Exam Questions in PDF

Free ISC2 CSSLP Dumps Questions (page: 11)

CSSLP PDF — 357 Questions

Which of the following life cycle modeling activities establishes service relationships and message exchange paths?

  1. Service-oriented logical design modeling
  2. Service-oriented conceptual architecture modeling
  3. Service-oriented discovery and analysis modeling
  4. Service-oriented business integration modeling

Answer(s): A

Explanation:

The service-oriented logical design modeling establishes service relationships and message exchange paths. It also addresses service visibility and crafts service logical compositions.



You have a storage media with some data and you make efforts to remove this data. After performing this, you analyze that the data remains present on the media. Which of the following refers to the above mentioned condition?

  1. Object reuse
  2. Degaussing
  3. Residual
  4. Data remanence

Answer(s): D

Explanation:

Data remanence refers to the data that remains even after the efforts have been made for removing or erasing the data. This event occurs because of data being left intact by an insignificant file deletion operation, by storage media reformatting, or through physical properties of the storage medium. Data remanence can make unintentional disclosure of sensitive information possible. So, it is required that the storage media is released into an uncontrolled environment.
Answers C and B are incorrect. These are the made-up disasters. Answer A is incorrect. Object reuse refers to reassigning some other object of a storage media that has one or more objects.



Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.

  1. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  2. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  3. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
  4. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer(s): A,C

Explanation:

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.



The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

  1. Negotiation
  2. Registration
  3. Document mission need
  4. Initial Certification Analysis

Answer(s): A,B,C

Explanation:

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. The Phase 1 starts with the input of the mission need. This phase comprises three process activities: Document mission need Registration Negotiation Answer D is incorrect. Initial Certification Analysis is a Phase 2 activity.



Which of the following NIST Special Publication documents provides a guideline on network security testing?

  1. NIST SP 800-42
  2. NIST SP 800-53A
  3. NIST SP 800-60
  4. NIST SP 800-53
  5. NIST SP 800-37
  6. NIST SP 800-59

Answer(s): A

Explanation:

NIST SP 800-42 provides a guideline on network security testing.
Answers E, D, B, F, and C are incorrect. NIST has developed a suite of documents for conducting Certification & Accreditation (C&A). These documents are as follows: NIST Special Publication 800-37: This document is a guide for the security certification and accreditation of Federal Information Systems. NIST Special Publication 800-53: This document provides a guideline for security controls for Federal Information Systems. NIST Special Publication 800-53A. This document consists of techniques and procedures for verifying the effectiveness of security controls in Federal Information System. NIST Special Publication 800-59: This document is a guideline for identifying an information system as a National Security System. NIST Special Publication 800-60: This document is a guide for mapping types of information and information systems to security objectives and risk levels.



Viewing page 11 of 71

Share your comments for ISC2 CSSLP exam with other users:

K
kriah
9/4/2023 10:44:00 PM

please upload the latest dumps

UNITED STATES
E
ed
12/17/2023 1:41:00 PM

a company runs its workloads on premises. the company wants to forecast the cost of running a large application on aws. which aws service or tool can the company use to obtain this information? pricing calculator ... the aws pricing calculator is primarily used for estimating future costs

UNITED STATES
M
Muru
12/29/2023 10:23:00 AM

looks interesting

Anonymous
T
Tech Lady
10/17/2023 12:36:00 PM

thanks! that’s amazing

Anonymous
M
Mike
8/20/2023 5:12:00 PM

the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.

UNITED STATES
N
Nobody
9/18/2023 6:35:00 PM

q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection

Anonymous
M
Muhammad Rawish Siddiqui
12/4/2023 12:17:00 PM

question # 108, correct answers are business growth and risk reduction.

SAUDI ARABIA
E
Emmah
7/29/2023 9:59:00 AM

are these valid chfi questions

KENYA
M
Mort
10/19/2023 7:09:00 PM

question: 162 should be dlp (b)

EUROPEAN UNION
E
Eknath
10/4/2023 1:21:00 AM

good exam questions

INDIA
N
Nizam
6/16/2023 7:29:00 AM

I have to say this is really close to real exam. Passed my exam with this.

EUROPEAN UNION
P
poran
11/20/2023 4:43:00 AM

good analytics question

Anonymous
A
Antony
11/23/2023 11:36:00 AM

this looks accurate

INDIA
E
Ethan
8/23/2023 12:52:00 AM

question 46, the answer should be data "virtualization" (not visualization).

Anonymous
N
nSiva
9/22/2023 5:58:00 AM

its useful.

UNITED STATES
R
Ranveer
7/26/2023 7:26:00 PM

Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.

SOUTH AFRICA
S
Sanjay
8/15/2023 10:22:00 AM

informative for me.

UNITED STATES
T
Tom
12/12/2023 8:53:00 PM

question 134s answer shoule be "dlp"

JAPAN
A
Alex
11/7/2023 11:02:00 AM

in 72 the answer must be [sys_user_has_role] table.

Anonymous
F
Finn
5/4/2023 10:21:00 PM

i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.

IRLAND
A
AJ
7/13/2023 8:33:00 AM

great to find this website, thanks

UNITED ARAB EMIRATES
C
Curtis Nakawaki
6/29/2023 9:11:00 PM

examination questions seem to be relevant.

UNITED STATES
U
Umashankar Sharma
10/22/2023 9:39:00 AM

planning to take psm test

Anonymous
E
ED SHAW
7/31/2023 10:34:00 AM

please allow to download

UNITED STATES
A
AD
7/22/2023 11:29:00 AM

please provide dumps

UNITED STATES
A
Ayyjayy
11/6/2023 7:29:00 AM

is the answer to question 15 correct ? i feel like the answer should be b

BAHRAIN
B
Blessious Phiri
8/12/2023 11:56:00 AM

its getting more technical

Anonymous
J
Jeanine J
7/11/2023 3:04:00 PM

i think these questions are what i need.

UNITED STATES
A
Aderonke
10/23/2023 2:13:00 PM

helpful assessment

UNITED KINGDOM
T
Tom
1/5/2024 2:32:00 AM

i am confused about the answers to the questions. do you know if the answers are correct?

KOREA REPUBLIC OF
V
Vinit N.
8/28/2023 2:33:00 AM

hi, please make the dumps available for my upcoming examination.

UNITED STATES
S
Sanyog Deshpande
9/14/2023 7:05:00 AM

good practice

UNITED STATES
T
Tyron
9/8/2023 12:12:00 AM

so far it is really informative

Anonymous
B
beast
7/30/2023 2:22:00 PM

hi i want it please please upload it

Anonymous
AI Tutor 👋 I’m here to help!