ISC2 Certified Secure Software Lifecycle Professional CSSLP Dumps in PDF

Free ISC2 CSSLP Real Questions (page: 62)

You work as a project manager for a company. The company has started a new security software project. The software configuration management will be used throughout the lifecycle of the project. You are tasked to modify the functional features and the basic logic of the software and then make them compatible to the initial design of the project. Which of the following procedures of the configuration management will you follow to accomplish the task?

  1. Configuration status accounting
  2. Configuration control
  3. Configuration audits
  4. Configuration identification

Answer(s): B

Explanation:

Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes. Answer C is incorrect. Configuration audits confirm that the configuration identification for a configured item is accurate, complete, and will meet specified program needs. Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation. Answer D is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed. Answer A is incorrect. The configuration status accounting procedure is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time. It supports the functional and physical attributes of software at various points in time, and performs systematic control of accounting to the identified attributes for the purpose of maintaining software integrity and traceability throughout the software development life cycle.



Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy?

  1. Local Computing Environments
  2. Networks and Infrastructures
  3. Supporting Infrastructures
  4. Enclave Boundaries

Answer(s): D

Explanation:

The areas of information system, as separated by Information Assurance Framework, are as follows: Local Computing Environments: This area includes servers, client workstations, operating system, and applications. Enclave Boundaries: This area consists of collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy. Networks and Infrastructures: This area provides the network connectivity between enclaves. It includes operational area networks (OANs), metropolitan area networks (MANs), and campus area networks (CANs). Supporting Infrastructures: This area provides security services for networks, client workstations, Web servers, operating systems, applications, files, and single-use infrastructure machines



Which of the following is a signature-based intrusion detection system (IDS) ?

  1. RealSecure
  2. StealthWatch
  3. Tripwire
  4. Snort

Answer(s): D

Explanation:

Snort is a signature-based intrusion detection system. Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). The three main modes in which Snort can be configured are as follows: Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console. Packet logger mode: It logs the packets to the disk. Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user-defined rule set. Answer B is incorrect. StealthWatch is a behavior-based intrusion detection system. Answer A is incorrect. RealSecure is a network-based IDS that monitors TCP, UDP and ICMP traffic and is configured to look for attack patterns. Answer C is incorrect. Tripwire is a file integrity checker for UNIX/Linux that can be used for host-based intrusion detection.



Which of the following statements about the availability concept of Information security management is true?

  1. It ensures that modifications are not made to data by unauthorized personnel or processes.
  2. It determines actions and behaviors of a single individual within a system.
  3. It ensures reliable and timely access to resources.
  4. It ensures that unauthorized modifications are not made to data by authorized personnel or processes.

Answer(s): C

Explanation:

The concept of availability ensures reliable and timely access to data or resources. In other words, availability ensures that the systems are up and running when needed. The availability concept also ensures that the security services are in working order.
Answers A and D are incorrect. The concept of integrity ensures that modifications are not made to data by unauthorized personnel or processes. It also ensures that unauthorized modifications are not made to data by authorized personnel or processes. Answer B is incorrect. Accountability determines the actions and behaviors of an individual within a system, and identifies that particular individual. Audit trails and logs support accountability.



A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required to be addressed in a well designed policy? Each correct answer represents a part of the solution. Choose all that apply.

  1. What is being secured?
  2. Where is the vulnerability, threat, or risk?
  3. Who is expected to exploit the vulnerability?
  4. Who is expected to comply with the policy?

Answer(s): A,B,D

Explanation:

A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A well designed policy addresses the following: What is being secured? - Typically an asset. Who is expected to comply with the policy? - Typically employees. Where is the vulnerability, threat, or risk? - Typically an issue of integrity or responsibility.



Share your comments for ISC2 CSSLP exam with other users:

D
Danny
1/15/2024 9:10:00 AM

its helpful?

H
hanaa
10/3/2023 6:57:00 PM

is this dump still valid???

G
Georgio
1/19/2024 8:15:00 AM

question 205 answer is b

M
Matthew Dievendorf
5/30/2023 9:37:00 PM

question 39, should be answer b, directions stated is being sudneted from /21 to a /23. a /23 has 512 ips so 510 hosts. and can make 4 subnets out of the /21

A
Adhithya
8/11/2022 12:27:00 AM

beautiful test engine software and very helpful. questions are same as in the real exam. i passed my paper.

S
SuckerPumch88
4/25/2022 10:24:00 AM

the questions are exactly the same in real exam. just make sure not to answer all them correct or else they suspect you are cheating.

S
soheib
7/24/2023 7:05:00 PM

question: 78 the right answer i think is d not a

S
srija
8/14/2023 8:53:00 AM

very helpful

T
Thembelani
5/30/2023 2:17:00 AM

i am writing this exam tomorrow and have dumps

A
Anita
10/1/2023 4:11:00 PM

can i have the icdl excel exam

B
Ben
9/9/2023 7:35:00 AM

please upload it

A
anonymous
9/20/2023 11:27:00 PM

hye when will post again the past year question for this h13-311_v3 part since i have to for my test tommorow…thank you very much

R
Randall
9/28/2023 8:25:00 PM

on question 22, option b-once per session is also valid.

T
Tshegofatso
8/28/2023 11:51:00 AM

this website is very helpful

P
philly
9/18/2023 2:40:00 PM

its my first time exam

B
Beexam
9/4/2023 9:06:00 PM

correct answers are device configuration-enable the automatic installation of webview2 runtime. & policy management- prevent users from submitting feedback.

R
RAWI
7/9/2023 4:54:00 AM

is this dump still valid? today is 9-july-2023

A
Annie
6/7/2023 3:46:00 AM

i need this exam.. please upload these are really helpful

S
Shubhra Rathi
8/26/2023 1:08:00 PM

please upload the oracle 1z0-1059-22 dumps

S
Shiji
10/15/2023 1:34:00 PM

very good questions

R
Rita Rony
11/27/2023 1:36:00 PM

nice, first step to exams

A
Aloke Paul
9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...

C
Calbert Francis
1/15/2024 8:19:00 PM

great exam for people taking 220-1101

A
Ayushi Baria
11/7/2023 7:44:00 AM

this is very helpfull for me

A
alma
8/25/2023 1:20:00 PM

just started preparing for the exam

C
CW
7/10/2023 6:46:00 PM

these are the type of questions i need.

N
Nobody
8/30/2023 9:54:00 PM

does this actually work? are they the exam questions and answers word for word?

S
Salah
7/23/2023 9:46:00 AM

thanks for providing these questions

R
Ritu
9/15/2023 5:55:00 AM

interesting

R
Ron
5/30/2023 8:33:00 AM

these dumps are pretty good.

S
Sowl
8/10/2023 6:22:00 PM

good questions

B
Blessious Phiri
8/15/2023 2:02:00 PM

dbua is used for upgrading oracle database

R
Richard
10/24/2023 6:12:00 AM

i am thrilled to say that i passed my amazon web services mls-c01 exam, thanks to study materials. they were comprehensive and well-structured, making my preparation efficient.

J
Janjua
5/22/2023 3:31:00 PM

please upload latest ibm ace c1000-056 dumps

AI Tutor 👋 I’m here to help!