Browse Exams Pricing

ExamsCSSLPQuestions

CSSLP Exam Questions

379 real CSSLP exam questions with expert-verified answers and explanations. Page 4 of 8.

Question #159Secure Software Lifecycle Management
Fred is the project manager of the CPS project. He is working with his project team to prioritize the identified risks within the CPS project. He and the team are prioritizing risk...
Risk ManagementQualitative Risk AnalysisRisk PrioritizationProject Management
Question #160Secure Software Concepts
Which of the following are the levels of public or commercial data classification system? Each correct answer represents a complete solution. Choose all that apply.
Data ClassificationInformation ClassificationData ProtectionCommercial Data
Question #161Secure Software Concepts
Which of the following statements are true about declarative security? Each correct answer represents a complete solution. Choose all that apply.
Declarative SecuritySecurity PoliciesApplication Security Controls
Question #162Secure Software Lifecycle Management
What project management plan is most likely to direct the quantitative risk analysis process for a project in a matrix environment?
Risk Management PlanProject ManagementQuantitative Risk AnalysisSoftware Lifecycle Management
Question #163Secure Software Concepts
The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series? Each correct answer rep...
DoD 8500 seriesInformation AssuranceSecurity PoliciesInformation Security Objectives
Question #164Secure Software Implementation
Which of the following vulnerabilities occurs when an application directly uses or concatenates potentially hostile input with data file or stream functions?
Malicious File ExecutionInput ValidationFile System VulnerabilitiesCode Execution
Question #167Secure Software Lifecycle Management
Which of the following are the primary functions of configuration management? Each correct answer represents a complete solution. Choose all that apply.
Configuration ManagementChange ManagementSoftware Development Lifecycle (SDLC)Software Control
Question #168Secure Software Concepts
Which of the following are included in Technical Controls? Each correct answer represents a complete solution. Choose all that apply.
Technical ControlsSecurity Controls ClassificationAccess Control MechanismsIdentification and Authentication
Question #169Secure Software Supply Chain
What are the various phases of the Software Assurance Acquisition process according to the U.S. Department of Defense (DoD) and Department of Homeland Security (DHS) Acquisition an...
Software AssuranceAcquisition ProcessDoD/DHSSupply Chain Security
Question #170Secure Software Concepts
Companies use some special marks to distinguish their products from those of other companies. These marks can include words, letters, numbers, drawings, etc. Which of the following...
TrademarkIntellectual PropertyLegal Concepts
Question #171Secure Software Deployment, Operations, Maintenance
Which of the following features of SIEM products is used in analysis for identifying potential problems and reviewing all available data that are associated with the problems?
SIEMSecurity OperationsIncident AnalysisGraphical User Interface
Question #172Secure Software Concepts
Which of the following is the process of finding weaknesses in cryptographic algorithms and obtaining the plaintext or key from the ciphertext?
CryptanalysisCryptography fundamentalsSecurity definitions
Question #173Secure Software Concepts
Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS?
DARPATechnology FundingComputer NetworkingNLS
Question #174Secure Software Testing
Which of the following are the scanning methods used in penetration testing? Each correct answer represents a complete solution. Choose all that apply.
Penetration TestingSecurity ScanningPort ScanningVulnerability Scanning
Question #175Secure Software Deployment, Operations, Maintenance
Which of the following methods can be helpful to eliminate social engineering threat? Each correct answer represents a complete solution. Choose three.
Social EngineeringSecurity ControlsSecurity AwarenessVulnerability Management
Question #176Secure Software Architecture and Design
Digital rights management (DRM) consists of compliance and robustness rules. Which of the following features does the robustness rule have? Each correct answer represents a complet...
Digital Rights Management (DRM)DRM robustnessAsset securitySoftware protection
Question #177Secure Software Concepts
Which of the following types of attacks occurs when an attacker successfully inserts an intermediary software or program between two communicating hosts?
Man-in-the-middle attackNetwork attacksAttack typesCommunication security
Question #178Secure Software Testing
Which of the following is an example of penetration testing?
Penetration TestingSecurity TestingAttack Simulation
Question #179Secure Software Architecture and Design
Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of whi...
Trusted Computing BaseTCBSystem SecuritySecurity Policy Enforcement
Question #180Secure Software Concepts
You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the per...
Non-repudiationSecurity principlesAccountabilityAudit trails
Question #182Secure Software Concepts
In which of the following deployment models of cloud is the cloud infrastructure operated exclusively for an organization?
Cloud computingCloud deployment modelsPrivate cloudCloud infrastructure
Question #183Secure Software Deployment, Operations, Maintenance
The Software Configuration Management (SCM) process defines the need to trace changes, and the ability to verify that the final delivered software has all of the planned enhancemen...
Software Configuration Management (SCM)SCM processesChange controlConfiguration audits
Question #184Secure Software Concepts
At which of the following levels of robustness in DRM must the security functions be immune to widely available tools and specialized tools and resistant to professional tools?
DRMRobustness levelsSecurity functions
Question #185Secure Software Deployment, Operations, Maintenance
Which of the following plans is designed to protect critical business processes from natural or man- made failures or disasters and the resultant loss of capital due to the unavail...
Business Continuity PlanDisaster RecoveryOperational Resilience
Question #186Secure Software Deployment, Operations, Maintenance
Which of the following scanning techniques helps to ensure that the standard software configuration is currently with the latest security patches and software, and helps to locate...
workstation scanningpatch managementsoftware configuration managementunauthorized software detection
Question #187Secure Software Lifecycle Management
Which of the following tiers addresses risks from an information system perspective?
Risk Management TiersNIST RMFInformation System RiskSystem-Level Risk
Question #188Secure Software Concepts
Mark works as a Network Administrator for NetTech Inc. The company has a Windows 2000 domain- based network. Users report that they are unable to log on to the network. Mark finds...
Brute force attackAccount lockoutAuthentication attacksThreat identification
Question #190Secure Software Deployment, Operations, Maintenance
System Authorization is the risk management process. System Authorization Plan (SAP) is a comprehensive and uniform approach to the System Authorization Process. What are the diffe...
System Authorization PlanCertification and Accreditation (C&A)Risk Management Framework (RMF)Authorization Phases
Question #191Secure Software Deployment, Operations, Maintenance
Which of the following techniques is used to identify attacks originating from a botnet?
Botnet detectionPassive OS fingerprintingAttack identificationNetwork security monitoring
Question #192Secure Software Concepts
Which of the following security models dictates that subjects can only access objects through applications?
Security modelsClark-Wilson modelIntegrity modelsWell-formed transactions
Question #193Secure Software Lifecycle Management
The Project Risk Management knowledge area focuses on which of the following processes? Each correct answer represents a complete solution. Choose all that apply.
Risk ManagementProject Management ProcessesSDLC ManagementRisk Planning and Control
Question #194Secure Software Concepts
Which of the following is used by attackers to record everything a person types, including usernames, passwords, and account information?
Keystroke loggingAttack methodsInput securityData exfiltration
Question #195Secure Software Concepts
Which of the following policies can explain how the company interacts with partners, the company's goals and mission, and a general reporting structure in different situations?
Policy typesOrganizational governanceStrategic policies
Question #196Secure Software Concepts
Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?
Risk ManagementQuantitative Risk AnalysisAnnualized Rate of Occurrence (ARO)Threat Frequency
Question #197Secure Software Lifecycle Management
What are the subordinate tasks of the Implement and Validate Assigned IA Control phase in the DIACAP process? Each correct answer represents a complete solution. Choose all that ap...
DIACAPCertification & AccreditationInformation Assurance ControlsValidation
Question #198Secure Software Deployment, Operations, Maintenance
Which of the following is an open source network intrusion detection system?
NIDSOpen Source Security ToolsSnortSecurity Monitoring
Question #199Secure Software Testing
You work as a Security Manager for Tech Perfect Inc. The company has a Windows based network. It is required to determine compatibility of the systems with custom applications. Whi...
Software testingApplication compatibilitySystem compatibility testing
Question #200Secure Software Supply Chain
Adrian is the project manager of the NHP Project. In her project there are several work packages that deal with electrical wiring. Rather than to manage the risk internally she has...
Risk ManagementRisk TransferenceOutsourcingVendor Management
Question #201Secure Software Deployment, Operations, Maintenance
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disaster scenario and you want to discuss it with your team members for getting appropriate responses of...
Disaster Recovery TestingSimulation TestBusiness ContinuityTabletop Exercise
Question #202Secure Software Concepts
Which of the following is the most secure method of authentication?
Authentication methodsBiometricsSecurity strength
Question #203Secure Software Testing
Maria has been recently appointed as a Network Administrator in Gentech Inc. She has been tasked to perform network security testing to find out the vulnerabilities and shortcoming...
Black-box testingSecurity testingVulnerability assessment
Question #204Secure Software Deployment, Operations, Maintenance
Which of the following processes identifies the threats that can impact the business continuity of operations?
Business ContinuityBusiness Impact AnalysisThreat IdentificationOperations Security
Question #205Secure Software Deployment, Operations, Maintenance
The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment....
DITSCAPCertification and Accreditation (C&A)Validation PhaseSystem Security Authorization Agreement (SSAA)
Question #206Secure Software Deployment, Operations, Maintenance
Which of the following methods is a means of ensuring that system changes are approved before being implemented, only the proposed and approved changes are implemented, and the imp...
Change ControlConfiguration ManagementDocumentation ControlSoftware Maintenance
Question #207Secure Software Concepts
Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement informa...
Information Security ManagementSecurity Program ObjectivesSecurity AwarenessInformation Classification
Question #208Secure Software Deployment, Operations, Maintenance
What NIACAP certification levels are recommended by the certifier? Each correct answer represents a complete solution. Choose all that apply.
NIACAPCertification and Accreditation (C&A)Security FrameworksRisk Management
Question #209Secure Software Deployment, Operations, Maintenance
Which of the following intrusion detection systems (IDS) monitors network traffic and compares it against an established baseline?
IDSAnomaly-based IDSNetwork SecurityMonitoring
Question #210Secure Software Deployment, Operations, Maintenance
Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that appl...
Information Readiness AssessmentVulnerability AnalysisInformation AssuranceSecurity Requirements
Question #211Secure Software Concepts
Which of the following classification levels defines the information that, if disclosed to the unauthorized parties, could be reasonably expected to cause exceptionally grave damag...
Information classificationData classificationGovernment classificationSecurity policies
Question #212Secure Software Architecture and Design
Which of the following security design principles supports comprehensive and simple design and implementation of protection mechanisms, so that an unintended access path does not e...
Security Design PrinciplesEconomy of MechanismSecure DesignVulnerability Reduction

PreviousPage 4 of 8Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.