Browse Exams Pricing

ExamsCSSLPQuestions

CSSLP Exam Questions

379 real CSSLP exam questions with expert-verified answers and explanations. Page 1 of 8.

Question #1Secure Software Deployment, Operations, Maintenance
You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network. While auditing the company's network, you are facing problems in searching the faults an...
Detection riskRisk managementAuditingSecurity operations
Question #2Secure Software Deployment, Operations, Maintenance
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecomm...
NIACAPCertification & AccreditationSecurity AssessmentRoles and Responsibilities
Question #4Secure Software Testing
Which of the following penetration testing techniques automatically tests every phone line in an exchange and tries to locate modems that are attached to the network?
Penetration Testing TechniquesWar DialingReconnaissance
Question #5Secure Software Deployment, Operations, Maintenance
Which of the following roles is also known as the accreditor?
AccreditationDesignated Approving Authority (DAA)Roles and ResponsibilitiesAuthority To Operate (ATO)
Question #6Secure Software Requirements
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels require...
DoD 8500.2Mission Assurance CategoriesIntegrityAvailability
Question #7Secure Software Architecture and Design
Microsoft software security expert Michael Howard defines some heuristics for determining code review in "A Process for Performing Security Code Reviews". Which of the following he...
Attack Surface ManagementSecurity HeuristicsSecure Software DesignThreat Modeling
Question #8Secure Software Concepts
Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?
ConfidentialityCryptographic ServicesInformation Security PrinciplesData Protection
Question #9Secure Software Lifecycle Management
What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete solution. Choose all that a...
Software AcquisitionPlanning PhaseSoftware RequirementsAcquisition Strategy
Question #10Secure Software Lifecycle Management
You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk...
Risk ManagementQualitative Risk AnalysisRisk PrioritizationProject Management
Question #11Secure Software Concepts
Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject?
Security ModelsAccess Control ModelsTake-Grant ModelRights Management
Question #12Secure Software Lifecycle Management
You are the project manager for GHY Project and are working to create a risk response for a negative risk. You and the project team have identified the risk that the project may no...
Risk ManagementRisk Response StrategiesRisk TransferenceProject Management
Question #13Secure Software Lifecycle Management
Which of the following organizations assists the President in overseeing the preparation of the federal budget and to supervise its administration in Executive Branch agencies?
US Government AgenciesBudget ManagementOrganizational Governance
Question #14Secure Software Lifecycle Management
Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration managem...
Configuration Management ActivitiesChange ManagementSDLC Processes
Question #15Secure Software Architecture and Design
Which of the following types of redundancy prevents attacks in which an attacker can get physical control of a machine, insert unauthorized software, and alter data?
Process RedundancyIntegrity ProtectionPhysical TamperingDefensive Design
Question #16Secure Software Lifecycle Management
Which of the following individuals inspects whether the security policies, standards, guidelines, and procedures are efficiently performed in accordance with the company's stated s...
Security RolesAuditComplianceGovernance
Question #17Secure Software Lifecycle Management
Which of the following process areas does the SSE-CMM define in the 'Project and Organizational Practices' category? Each correct answer represents a complete solution. Choose all...
SSE-CMMCapability Maturity ModelOrganizational Security PracticesSecurity Process Management
Question #18Secure Software Lifecycle Management
The LeGrand Vulnerability-Oriented Risk Management method is based on vulnerability analysis and consists of four principle steps. Which of the following processes does the risk as...
Risk ManagementVulnerability AnalysisRisk AssessmentSecurity Methodologies
Question #19Secure Software Deployment, Operations, Maintenance
You work as a Security Manager for Tech Perfect Inc. You have set up a SIEM server for the following purposes: Analyze the data from different log sources Correlate the events amon...
SIEMSecurity OperationsLog ManagementIncident Response
Question #20Secure Software Lifecycle Management
According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the fo...
DoD 8500.2Information AssuranceIA ControlsGovernment Regulations
Question #21Secure Software Deployment, Operations, Maintenance
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statem...
ISSO rolesISSE rolesCertification & Accreditation (C&A)Continuous Monitoring
Question #22Secure Software Deployment, Operations, Maintenance
In which of the following types of tests are the disaster recovery checklists distributed to the members of disaster recovery team and asked to review the assigned checklist?
Disaster Recovery TestingBusiness Continuity PlanningDR ChecklistsOperational Security
Question #24Secure Software Architecture and Design
Which of the following security design patterns provides an alternative by requiring that a user's authentication credentials be verified by the database before providing access to...
Security design patternsAuthenticationDatabase securityAccess control
Question #25Secure Software Deployment, Operations, Maintenance
Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences ass...
Business ContinuityDisaster RecoveryRTOContinuity Planning
Question #26Secure Software Deployment, Operations, Maintenance
Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls?
Certification and AccreditationSystem AuthorizationSecurity Controls
Question #27Secure Software Concepts
Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee w...
Intellectual Property (IP)Trademark lawLegal compliance
Question #28Secure Software Testing
John works as a professional Ethical Hacker. He has been assigned the project of testing the attack phase successfully: Information gathering Determination of network range Identif...
Penetration TestingEthical HackingEnumerationOS Fingerprinting
Question #29Secure Software Lifecycle Management
Which of the following DITSCAP C&A phases takes place between the signing of the initial version of the SSAA and the formal accreditation of the system?
DITSCAPCertification and Accreditation (C&A)SSAASecurity Phases
Question #30Secure Software Testing
In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an in...
Penetration testingSecurity testingTesting methodologiesWhite-box testing
Question #31Secure Software Lifecycle Management
You work as a systems engineer for BlueWell Inc. Which of the following tools will you use to look outside your own organization to examine how others achieve their performance lev...
BenchmarkingProcess ImprovementOrganizational Performance
Question #32Secure Software Implementation
Which of the following methods determines the principle name of the current user and returns the jav
Java EE SecurityUser AuthenticationWeb Application SecurityAPI Usage
Question #33Secure Software Deployment, Operations, Maintenance
The NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Standards" specifies potential advantages and disdvantages of virtualiza...
Virtualization SecurityCloud Computing SecurityNIST GuidelinesDeployment Environment Risks
Question #34Secure Software Concepts
Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.
Access ControlsPhysical SecurityTechnical SecurityAdministrative Security
Question #35Secure Software Lifecycle Management
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.
DIACAPCertification & AccreditationInformation AssuranceSystem Security Lifecycle
Question #36Secure Software Concepts
Which of the following attacks causes software to fail and prevents the intended users from accessing software?
Attack typesAvailabilitySabotageDenial of Service
Question #37Secure Software Lifecycle Management
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF...
FITSAFSecurity Assessment FrameworksMaturity ModelsSecurity Controls Implementation
Question #38Secure Software Concepts
Which of the following is a name, symbol, or slogan with which a product is identified?
Intellectual PropertyTrademarkLegal Concepts
Question #39Secure Software Lifecycle Management
Della work as a project manager for BlueWell Inc. A threat with a dollar value of $250,000 is expected to happen in her project and the frequency of threat occurrence per year is 0...
Annualized Loss Expectancy (ALE)Quantitative Risk AnalysisRisk Management
Question #40Secure Software Implementation
Which of the following coding practices are helpful in simplifying code? Each correct answer represents a complete solution. Choose all that apply.
Code simplicityBest coding practicesSoftware maintainabilityStructured programming
Question #41Secure Software Implementation
Which of the following methods does the Java Servlet Specification v2.4 define in the HttpServletRequest interface that control programmatic security? Each correct answer represent...
Java Servlet SecurityProgrammatic SecurityAuthenticationAuthorization
Question #42Secure Software Lifecycle Management
You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the ide...
Risk ManagementQualitative Risk AnalysisData QualitySSDLC Risk
Question #43Secure Software Concepts
FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, o...
FIPS 199Impact LevelsRisk AssessmentSecurity Categorization
Question #44Secure Software Lifecycle Management
You work as the senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management you are decomposing t...
Configuration ManagementConfiguration IdentificationConfiguration ItemsSoftware Lifecycle Management
Question #45Secure Software Lifecycle Management
Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a h...
Risk ManagementRisk ResponseRisk AvoidanceProject Scope Management
Question #46Secure Software Concepts
Martha registers a domain named Microsoft.in. She tries to sell it to Microsoft Corporation. The infringement of which of the following has she made?
Intellectual PropertyTrademarksLegal Compliance
Question #47Secure Software Lifecycle Management
Which of the following is a variant with regard to Configuration Management?
Configuration ManagementVariantsConfiguration ItemSoftware Configuration
Question #48Secure Software Lifecycle Management
The organization level is the Tier 1 and it addresses risks from an organizational perspective. What are the various Tier 1 activities? Each correct answer represents a complete so...
Risk ManagementOrganizational RiskTier 1 ActivitiesRisk Tolerance
Question #49Secure Software Concepts
An asset with a value of $600,000 is subject to a successful malicious attack threat twice a year. The asset has an exposure of 30 percent to the threat. What will be the annualize...
Risk ManagementAnnualized Loss Expectancy (ALE)Risk CalculationAsset Valuation
Question #50Secure Software Concepts
Which of the following are the common roles with regard to data in an information classification program? Each correct answer represents a complete solution. Choose all that apply.
Information ClassificationData RolesInformation GovernanceData Security
Question #51Secure Software Architecture and Design
Which of the following life cycle modeling activities establishes service relationships and message exchange paths?
Service-Oriented ArchitectureSoftware DesignLogical DesignService Relationships
Question #52Secure Software Deployment, Operations, Maintenance
You have a storage media with some data and you make efforts to remove this dat . After performing this, you analyze that the data remains present on the media. Which of the follow...
Data RemanenceData ErasureData DisposalStorage Security

Page 1 of 8Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.