Browse Exams Pricing

ExamsCSSLPQuestions

CSSLP Exam Questions

379 real CSSLP exam questions with expert-verified answers and explanations. Page 2 of 8.

Question #53Secure Software Deployment, Operations, Maintenance
Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing s...
Certification and Accreditation (C&A)CertificationAccreditationSystem Authorization
Question #54Secure Software Deployment, Operations, Maintenance
The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create a...
DITSCAPCertification & AccreditationSecurity FrameworksDefinition Phase
Question #55Secure Software Testing
Which of the following NIST Special Publication documents provides a guideline on network security testing?
NIST SP 800 SeriesNetwork security testingSecurity testing guidelines
Question #57Secure Software Testing
Which of the following tools is used to attack the Digital Watermarking?
Digital WatermarkingAttack ToolsSteganographySecurity Testing
Question #58Secure Software Lifecycle Management
You and your project team have identified the project risks and now are analyzing the probability and impact of the risks. What type of analysis of the risks provides a quick and h...
Qualitative risk analysisRisk managementProject risksRisk assessment
Question #59Secure Software Lifecycle Management
What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?
Configuration ManagementChange ControlSoftware LifecycleProject Scope
Question #61Secure Software Lifecycle Management
You work as a project manager for BlueWell Inc. You with your team are using a method or a (technical) process that conceives the risks even if all theoretically possible safety me...
Risk ManagementResidual RiskRisk Response
Question #62Secure Software Lifecycle Management
You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team ha...
Risk ManagementQuantitative Risk AnalysisProject Management Processes
Question #63Secure Software Concepts
Which of the following statements is true about residual risks?
Residual riskRisk managementSecurity controlsRisk assessment
Question #64Secure Software Concepts
To help review or design security controls, they can be classified by several criteria . One of these criteria is based on their nature. According to this criterion, which of the f...
Security ControlsControl ClassificationProcedural ControlsAdministrative Controls
Question #65Secure Software Concepts
A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal de...
Privacy LawData ProtectionLegal CompliancePersonal Data
Question #66Secure Software Lifecycle Management
There are seven risks responses that a project manager can choose from. Which risk response is appropriate for both positive and negative risk events?
Risk ManagementRisk ResponsesPositive RisksNegative Risks
Question #67Secure Software Deployment, Operations, Maintenance
You work as a Security Manager for Tech Perfect Inc. In the organization, Syslog is used for computer system management and security auditing, as well as for generalized informatio...
Syslog securityDoS preventionLog managementRate limiting
Question #68Secure Software Lifecycle Management
You work as a project manager for a company. The company has started a new security software project. The software configuration management will be used throughout the lifecycle of...
Configuration ManagementSoftware Configuration Management (SCM)Configuration ControlChange Management
Question #69Secure Software Architecture and Design
Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, th...
Information Assurance FrameworksSecurity EnclavesSystem BoundariesSecurity Architecture
Question #70Secure Software Deployment, Operations, Maintenance
Which of the following is a signature-based intrusion detection system (IDS) ?
Intrusion Detection System (IDS)Signature-based detectionNetwork SecuritySnort
Question #71Secure Software Concepts
Which of the following statements about the availability concept of Information security management is true?
Information Security ConceptsCIA TriadAvailability
Question #72Secure Software Concepts
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. Which of the following are required...
Security PolicyPolicy DesignGovernanceCompliance
Question #73Secure Software Deployment, Operations, Maintenance
The Phase 4 of DITSCAP C&A is known as Post Accreditation. This phase starts after the system has been accredited in Phase 3. What are the process activities of this phase? Each co...
DITSCAPCertification and AccreditationPost-AccreditationSecurity Operations
Question #74Secure Software Deployment, Operations, Maintenance
You work as a security engineer for BlueWell Inc. Which of the following documents will you use as a guide for the security certification and accreditation of Federal Information S...
NIST SP 800-37Risk Management Framework (RMF)Security AuthorizationCertification & Accreditation (C&A)
Question #75Secure Software Deployment, Operations, Maintenance
Which of the following is an example of over-the-air (OTA) provisioning in digital rights management?
OTA ProvisioningDigital Rights ManagementShared SecretsCryptographic Trust
Question #76Secure Software Architecture and Design
The service-oriented modeling framework (SOMF) provides a common modeling notation to address alignment between business and IT organizations. Which of the following principles doe...
Service-Oriented Modeling Framework (SOMF)Service-Oriented Architecture (SOA)Architectural PrinciplesBusiness-IT Alignment
Question #77Secure Software Deployment, Operations, Maintenance
Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?
DoD directivesAutomation Resources ManagementGovernment complianceManual identification
Question #78Secure Software Concepts
Which of the following access control models are used in the commercial sector? Each correct answer represents a complete solution. Choose two.
Access Control ModelsBiba ModelClark-Wilson ModelCommercial Sector Security
Question #79Secure Software Testing
Which of the following testing methods verifies the interfaces between components against a software design?
Software testingIntegration testingTesting levelsVerification
Question #80Secure Software Concepts
Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?
Data ownerData custodianInformation classificationRoles and responsibilities
Question #81Secure Software Deployment, Operations, Maintenance
Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the inf...
NIST SP 800-37Continuous MonitoringConfiguration ManagementRisk Management Framework
Question #82Secure Software Implementation
Which of the following secure coding principles and practices defines the appearance of code listing so that a code reviewer and maintainer who have not written that code can easil...
Secure coding principlesCoding styleCode readabilityCode maintainability
Question #83Secure Software Implementation
Which of the following software review processes increases the software security by removing the common vulnerabilities, such as format string exploits, race conditions, memory lea...
Code reviewVulnerability detectionSecure coding practices
Question #84Secure Software Lifecycle Management
Which of the following governance bodies directs and coordinates implementations of the information security program?
Information Security GovernanceCISO Roles and ResponsibilitiesSecurity Program Management
Question #85Secure Software Deployment, Operations, Maintenance
In which of the following alternative processing sites is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication lin...
Disaster RecoveryUptimeBusiness ContinuityHot Site
Question #86Secure Software Lifecycle Management
Which of the following methods offers a number of modeling practices and disciplines that contribute to a successful service-oriented life cycle management and modeling?
Service-Oriented Architecture (SOA)Service-Oriented Modeling Framework (SOMF)Software ModelingLifecycle Management
Question #87Secure Software Deployment, Operations, Maintenance
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for add...
DITSCAPAccreditationSystem Security LifecycleContinuous Monitoring
Question #88Secure Software Concepts
Joseph works as a Software Developer for WebTech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the f...
Intellectual PropertySoftware PatentsAlgorithms ProtectionLegal Aspects
Question #89Secure Software Deployment, Operations, Maintenance
Which of the following types of signatures is used in an Intrusion Detection System to trigger on attacks that attempt to reduce the level of a resource or system, or to cause it t...
Intrusion Detection SystemsDoS AttacksSecurity SignaturesOperational Security
Question #90Secure Software Concepts
Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?
Intellectual Property RightsPatentsLegal Protection
Question #93Secure Software Concepts
Which of the following actions does the Data Loss Prevention (DLP) technology take when an agent detects a policy violation for data of all states? Each correct answer represents a...
Data Loss PreventionDLP actionsData ProtectionSecurity Controls
Question #94Secure Software Deployment, Operations, Maintenance
In which of the following processes are experienced personnel and software tools used to investigate, resolve, and handle process deviation, malformed data, infrastructure, or conn...
Exception ManagementOperational IssuesProblem ResolutionProcess Deviation
Question #95Secure Software Concepts
Which of the following rated systems of the Orange book has mandatory protection of the TCB?
TCSECOrange Book RatingsTCB ProtectionMandatory Access Control
Question #96Secure Software Deployment, Operations, Maintenance
Which of the following is designed to detect unwanted attempts at accessing, manipulating, and disabling of computer systems through the Internet?
Intrusion Detection SystemSecurity ControlsDetection SystemsOperational Security
Question #97Secure Software Concepts
Which of the following ensures that a party to a dispute cannot deny the authenticity of their signature on a document or the sending of a message that they originated?
Non-repudiationSecurity principlesInformation security concepts
Question #98Secure Software Concepts
Which of the following are examples of the application programming interface (API)? Each correct answer represents a complete solution. Choose three.
API ConceptsProgramming EnvironmentsSoftware Frameworks
Question #99Secure Software Concepts
In which of the following cryptographic attacking techniques does an attacker obtain encrypted messages that have been encrypted using the same encryption algorithm?
CryptographyCryptographic attacksCiphertext only attack
Question #100Secure Software Deployment, Operations, Maintenance
The IAM/CA makes certification accreditation recommendations to the DAA. The DAA issues accreditation determinations. Which of the following are the accreditation determinations is...
AccreditationAuthorization to Operate (ATO)Risk Management Framework (RMF)Deployment Security
Question #101Secure Software Deployment, Operations, Maintenance
Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?
Business Continuity PlanningDisaster RecoveryOperational Resilience
Question #102Secure Software Lifecycle Management
Which of the following ISO standards provides guidelines for accreditation of an organization that is concerned with certification and registration related to ISMS?
ISO 27000 seriesISMS certificationAccreditation standardsInformation security standards
Question #103Secure Software Deployment, Operations, Maintenance
You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate l...
Disaster RecoveryCold SiteBudgetary ConstraintsOperational Resilience
Question #104Secure Software Concepts
Which of the following authentication methods is used to access public areas of a Web site?
AuthenticationAnonymous AuthenticationWeb Security Concepts
Question #105Secure Software Testing
Stella works as a system engineer for BlueWell Inc. She wants to identify the performance thresholds of each build. Which of the following tests will help Stella to achieve her tas...
Performance testingSoftware testing typesTesting objectives
Question #106Secure Software Deployment, Operations, Maintenance
Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process? Each correct...
Continuous MonitoringSecurity Certification and AccreditationConfiguration ManagementInformation System Security

PreviousPage 2 of 8Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.