CSSLP Exam Questions
379 real CSSLP exam questions with expert-verified answers and explanations. Page 3 of 8.
- Question #107Secure Software Concepts
Which of the following terms ensures that no intentional or unintentional unauthorized modification is made to data?
Data integritySecurity principlesCIA triad - Question #108Secure Software Implementation
Which of the following provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application?
ESAPISecure codingSecurity APIsApplication security frameworks - Question #109Secure Software Testing
Which of the following testing methods tests the system efficiency by systematically selecting the suitable and minimum set of tests that are required to effectively cover the affe...
Regression testingSoftware testingTest optimizationSecure SDLC - Question #110Secure Software Deployment, Operations, Maintenance
Which of the following specifies access privileges to a collection of resources by using the URL mapping?
Web application securityAuthorizationSecurity constraintsURL mapping - Question #111Secure Software Lifecycle Management
You are the project manager of QSL project for your organization. You are working with your project team and several key stakeholders to create a diagram that shows how various ele...
Risk IdentificationDiagramming TechniquesProcess FlowProject Management - Question #112Secure Software Concepts
Which of the following security models characterizes the rights of each subject with respect to every object in the computer system?
Access ControlSecurity ModelsAccess MatrixAuthorization - Question #113Secure Software Testing
Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Whic...
Penetration TestingVulnerability AssessmentExploitationSecurity Testing - Question #114Secure Software Deployment, Operations, Maintenance
Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.
Security AuditingLoggingAccess ControlSecurity Monitoring - Question #115Secure Software Concepts
Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the q...
NISTCybersecurity StandardsFederal Agencies - Question #116Secure Software Architecture and Design
Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requireme...
SDLCSecurity ControlsThreat ModelingDesign Review - Question #117Secure Software Concepts
Which of the following are the initial steps required to perform a risk analysis process? Each correct answer represents a part of the solution. Choose three.
Risk analysis stepsThreat identificationAsset valuationLikelihood assessment - Question #118Secure Software Concepts
Which of the following technologies is used by hardware manufacturers, publishers, copyright holders and individuals to impose limitations on the usage of digital content and devic...
Digital Rights Management (DRM)Content protectionUsage limitationsIntellectual property - Question #119Secure Software Deployment, Operations, Maintenance
Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information as...
Certification and Accreditation (C&A)NIACAPInformation AssuranceSystem Security Posture - Question #120Secure Software Concepts
Which of the following security issues does the Bell-La Padula model focus on?
Bell-La Padula modelConfidentialityAccess control modelsSecurity models - Question #121Secure Software Lifecycle Management
Which of the following phases of the DITSCAP C&A process is used to define the C&A level of effort, to identify the main C&A roles and responsibilities, and to create an agreement...
DITSCAPCertification and Accreditation (C&A)Security GovernanceSecurity Frameworks - Question #122Secure Software Deployment, Operations, Maintenance
Which of the following types of obfuscation transformation increases the difficulty for a de- obfuscation tool so that it cannot extract the true application from the obfuscated ve...
ObfuscationCode ProtectionReverse Engineering CountermeasuresDe-obfuscation - Question #123Secure Software Testing
Which of the following techniques is used when a system performs the penetration testing with the objective of accessing unauthorized information residing inside a computer?
Penetration testingPort scanningSecurity testingVulnerability assessment - Question #124Secure Software Concepts
Which of the following types of attacks is targeting a Web server with multiple compromised computers that are simultaneously sending hundreds of FIN packets with spoofed IP source...
DDoS attackDenial of ServiceNetwork securityAttack types - Question #125Secure Software Implementation
Which of the following programming languages are compiled into machine code and directly executed by the CPU of a computer system? Each correct answer represents a complete solutio...
Programming languagesCompilationExecution modelNative code - Question #126Secure Software Architecture and Design
Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?
TCSECSecurity StandardsTrusted ComputingSystem Evaluation Criteria - Question #127Secure Software Deployment, Operations, Maintenance
Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the...
Business Continuity Planning (BCP)BCP DevelopmentPlan ImplementationOperational Resilience - Question #128Secure Software Deployment, Operations, Maintenance
Which of the following refers to a process that is used for implementing information security?
Certification and Accreditation (C&A)Information Security ManagementSecurity ComplianceAuthorization to Operate (ATO) - Question #129Secure Software Implementation
The Web resource collection is a security constraint element summarized in the Java Servlet Specification v2.4. Which of the following elements does it include? Each correct answer...
Java Servlet SecurityWeb Security Constraintsweb.xmlResource Collection - Question #130Secure Software Lifecycle Management
Which of the following activities are performed by the 'Do' cycle component of PDCA (plan-do- check-act)? Each correct answer represents a complete solution. Choose all that apply.
PDCA CycleSecurity OperationsProcess ManagementLifecycle Management - Question #131Secure Software Concepts
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security cont...
Information Security StandardsISO 27000 seriesSecurity ControlsRisk Management - Question #132Secure Software Architecture and Design
The Data and Analysis Center for Software (DACS) specifies three general principles for software assurance which work as a framework in order to categorize various secure design pr...
DACS principlesSoftware assuranceLeast privilegeSeparation of duties - Question #134Secure Software Testing
In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur?
DITSCAPSecurity Test and EvaluationCertification and AccreditationSecurity Assessment - Question #135Secure Software Concepts
Which of the following access control models uses a predefined set of access privileges for an object of a system?
Access Control ModelsMandatory Access ControlSecurity Principles - Question #136Secure Software Testing
Martha works as a Project Leader for BlueWell Inc. She and her team have developed accounting software. The software was performing well. Recently, the software has been modified....
Regression testingSoftware testingPost-modification testingDefect detection - Question #137Secure Software Lifecycle Management
Which of the following sections come under the ISO/IEC 27002 standard?
ISO/IEC 27002Information Security ControlsSecurity PolicyAsset Management - Question #138Secure Software Concepts
Which of the following statements about the authentication concept of information security management is true?
AuthenticationIdentity VerificationInformation Security Principles - Question #139Secure Software Lifecycle Management
Billy is the project manager of the HAR Project and is in month six of the project. The project is scheduled to last for 18 months. Management asks Billy how often the project team...
Risk managementProject managementContinuous risk managementRisk reassessment - Question #140Secure Software Lifecycle Management
You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following pha...
NIST SP 800-37Risk Management FrameworkSecurity CategorizationC&A Phases - Question #141Secure Software Lifecycle Management
In which of the following DIACAP phases is residual risk analyzed?
DIACAPRisk ManagementCertification and Accreditation (C&A)Residual Risk - Question #142Secure Software Deployment, Operations, Maintenance
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all...
SDLC DeploymentSecurity ControlsCertification & AccreditationVulnerability Assessment - Question #143Secure Software Implementation
Which of the following provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application?
ESAPISecure coding practicesApplication security APIsOWASP - Question #144Secure Software Concepts
Which of the following is a malicious exploit of a website, whereby unauthorized commands are transmitted from a user trusted by the website?
CSRFWeb application securityVulnerabilitiesAttack types - Question #145Secure Software Concepts
An attacker exploits actual code of an application and uses a security hole to carry out an attack before the application vendor knows about the vulnerability. Which of the followi...
Zero-day attackVulnerabilityExploit - Question #146Secure Software Lifecycle Management
You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative...
Quantitative Risk AnalysisRisk ManagementProject Management - Question #147Secure Software Lifecycle Management
You work as a security engineer for BlueWell Inc. According to you, which of the following DITSCAP/NIACAP model phases occurs at the initiation of the project, or at the initial C&...
DITSCAPNIACAPCertification and Accreditation (C&A)Security lifecycle models - Question #148Secure Software Lifecycle Management
Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below: Sy...
SDLC phasesSystem validationUser acceptance testingAudit objectives - Question #149Secure Software Implementation
The build environment of secure coding consists of some tools that actively support secure specification, design, and implementation. Which of the following features do these tools...
Secure coding toolsBuild environment securitySoftware vulnerability reductionAttack surface reduction - Question #150Secure Software Deployment, Operations, Maintenance
Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into productio...
Certification and Accreditation (C&A)FISMAOMBFederal Compliance - Question #151Secure Software Deployment, Operations, Maintenance
What are the security advantages of virtualization, as described in the NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Stan...
Virtualization SecurityCloud SecurityDefense-in-DepthFault Tolerance - Question #153Secure Software Deployment, Operations, Maintenance
Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system?
Risk AcceptanceResidual RiskAuthorization to OperateDAA Role - Question #154Secure Software Lifecycle Management
DIACAP applies to the acquisition, operation, and sustainment of any DoD system that collects, stores, transmits, or processes unclassified or classified information since December...
DIACAPCertification & Accreditation (C&A)Information Assurance (IA)System lifecycle - Question #155Secure Software Concepts
Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.
Risk Management GoalsRisk IdentificationRisk AssessmentCountermeasure Selection - Question #156Secure Software Deployment, Operations, Maintenance
NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc i...
NIST SP 800-53ASecurity AssessmentInterview TypesAssessment Methods - Question #157Secure Software Concepts
Which of the following are the principle duties performed by the BIOS during POST (power-on- self- test)? Each correct answer represents a part of the solution. Choose all that app...
BIOSPOSTBoot ProcessSystem Initialization - Question #158Secure Software Architecture and Design
In which of the following architecture styles does a device receive input from connectors and generate transformed outputs?
Software architecture stylesPipes and filtersArchitectural patternsData transformation