ISC2 Certified Secure Software Lifecycle Professional CSSLP Dumps in PDF

Free ISC2 CSSLP Real Questions (page: 47)

You work as a project manager for a company. The company has started a new security software project. The software configuration management will be used throughout the lifecycle of the project. You are tasked to modify the functional features and the basic logic of the software and then make them compatible to the initial design of the project. Which of the following procedures of the configuration management will you follow to accomplish the task?

  1. Configuration status accounting
  2. Configuration control
  3. Configuration audits
  4. Configuration identification

Answer(s): B

Explanation:

Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes. Answer C is incorrect. Configuration audits confirm that the configuration identification for a configured item is accurate, complete, and will meet specified program needs. Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation. Answer D is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed. Answer A is incorrect. The configuration status accounting procedure is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time. It supports the functional and physical attributes of software at various points in time, and performs systematic control of accounting to the identified attributes for the purpose of maintaining software integrity and traceability throughout the software development life cycle.



Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy?

  1. Local Computing Environments
  2. Networks and Infrastructures
  3. Supporting Infrastructures
  4. Enclave Boundaries

Answer(s): D

Explanation:

The areas of information system, as separated by Information Assurance Framework, are as follows: Local Computing Environments: This area includes servers, client workstations, operating system, and applications. Enclave Boundaries: This area consists of collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy. Networks and Infrastructures: This area provides the network connectivity between enclaves. It includes operational area networks (OANs), metropolitan area networks (MANs), and campus area networks (CANs). Supporting Infrastructures: This area provides security services for networks, client workstations, Web servers, operating systems, applications, files, and single-use infrastructure machines



Which of the following is a signature-based intrusion detection system (IDS) ?

  1. RealSecure
  2. StealthWatch
  3. Tripwire
  4. Snort

Answer(s): D

Explanation:

Snort is a signature-based intrusion detection system. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). The three main modes in which Snort can be configured are as follows: Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console. Packet logger mode: It logs the packets to the disk. Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user-defined rule set. Answer B is incorrect. StealthWatch is a behavior-based intrusion detection system. Answer A is incorrect. RealSecure is a network-based IDS that monitors TCP, UDP and ICMP traffic and is configured to look for attack patterns. Answer C is incorrect. Tripwire is a file integrity checker for UNIX/Linux that can be used for host-based intrusion detection.



Which of the following statements about the availability concept of Information security management is true?

  1. It ensures that modifications are not made to data by unauthorized personnel or processes.
  2. It determines actions and behaviors of a single individual within a system.
  3. It ensures reliable and timely access to resources.
  4. It ensures that unauthorized modifications are not made to data by authorized personnel or processes.

Answer(s): C

Explanation:

The concept of availability ensures reliable and timely access to data or resources. In other words, availability ensures that the systems are up and running when needed. The availability concept also ensures that the security services are in working order.
Answers A and D are incorrect. The concept of integrity ensures that modifications are not made to data by unauthorized personnel or processes. It also ensures that unauthorized modifications are not made to data by authorized personnel or processes. Answer B is incorrect. Accountability determines the actions and behaviors of an individual within a system, and identifies that particular individual. Audit trails and logs support accountability.



A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy? Each correct answer represents a part of the solution. Choose all that apply.

  1. What is being secured?
  2. Where is the vulnerability, threat, or risk?
  3. Who is expected to exploit the vulnerability?
  4. Who is expected to comply with the policy?

Answer(s): A,B,D

Explanation:

A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A well designed policy addresses the following: What is being secured? - Typically an asset. Who is expected to comply with the policy? - Typically employees. Where is the vulnerability, threat, or risk? - Typically an issue of integrity or responsibility.



Share your comments for ISC2 CSSLP exam with other users:

U
Umashankar Sharma
10/22/2023 9:39:00 AM

planning to take psm test

E
ED SHAW
7/31/2023 10:34:00 AM

please allow to download

A
AD
7/22/2023 11:29:00 AM

please provide dumps

A
Ayyjayy
11/6/2023 7:29:00 AM

is the answer to question 15 correct ? i feel like the answer should be b

B
Blessious Phiri
8/12/2023 11:56:00 AM

its getting more technical

J
Jeanine J
7/11/2023 3:04:00 PM

i think these questions are what i need.

A
Aderonke
10/23/2023 2:13:00 PM

helpful assessment

T
Tom
1/5/2024 2:32:00 AM

i am confused about the answers to the questions. do you know if the answers are correct?

V
Vinit N.
8/28/2023 2:33:00 AM

hi, please make the dumps available for my upcoming examination.

S
Sanyog Deshpande
9/14/2023 7:05:00 AM

good practice

T
Tyron
9/8/2023 12:12:00 AM

so far it is really informative

B
beast
7/30/2023 2:22:00 PM

hi i want it please please upload it

M
Mirex
5/26/2023 3:45:00 AM

am preparing for exam ,just nice questions

E
exampei
8/7/2023 8:05:00 AM

please upload c_tadm_23 exam

A
Anonymous
9/12/2023 12:50:00 PM

can we get tdvan4 vantage data engineering pdf?

A
Aish
10/11/2023 5:51:00 AM

want to clear the exam.

S
Smaranika
6/22/2023 8:42:00 AM

could you please upload the dumps of sap c_sac_2302

B
Blessious Phiri
8/15/2023 1:56:00 PM

asm management configuration is about storage

L
Lewis
7/6/2023 8:49:00 PM

kool thumb up

M
Moreece
5/15/2023 8:44:00 AM

just passed the az-500 exam this last friday. most of the questions in this exam dumps are in the exam. i bought the full version and noticed some of the questions which were answered wrong in the free version are all corrected in the full version. this site is good but i wish the had it in an interactive version like a test engine simulator.

T
Terry
5/24/2023 4:41:00 PM

i can practice for exam

E
Emerys
7/29/2023 6:55:00 AM

please i need this exam.

G
Goni Mala
9/2/2023 12:27:00 PM

i need the dump

L
Lenny
9/29/2023 11:30:00 AM

i want it bad, even if cs6 maybe retired, i want to learn cs6

M
MilfSlayer
12/28/2023 8:32:00 PM

i hate comptia with all my heart with their "choose the best" answer format as an argument could be made on every question. they say "the "comptia way", lmao no this right here boys is the comptia way 100%. take it from someone whos failed this exam twice but can configure an entire complex network that these are the questions that are on the test 100% no questions asked. the pbqs are dead on! nice work

S
Swati Raj
11/14/2023 6:28:00 AM

very good materials

K
Ko Htet
10/17/2023 1:28:00 AM

thanks for your support.

P
Philippe
1/22/2023 10:24:00 AM

iam impressed with the quality of these dumps. they questions and answers were easy to understand and the xengine app was very helpful to use.

S
Sam
8/31/2023 10:32:00 AM

not bad but you question database from isaca

B
Brijesh kr
6/29/2023 4:07:00 AM

awesome contents

J
JM
12/19/2023 1:22:00 PM

answer to 134 is casb. while data loss prevention is the goal, in order to implement dlp in cloud applications you need to deploy a casb.

N
Neo
7/26/2023 9:36:00 AM

are these brain dumps sufficient enough to go write exam after practicing them? or does one need more material this wont be enough?

B
Bilal
8/22/2023 6:33:00 AM

i did attend the required cources and i need to be sure that i am ready to take the exam, i would ask you please to share the questions, to be sure that i am fit to proceed with taking the exam.

J
John
11/12/2023 8:48:00 PM

why only give explanations on some, and not all questions and their respective answers?

AI Tutor 👋 I’m here to help!