Browse Exams Pricing

ExamsCSSLPQuestions

CSSLP Exam Questions

379 real CSSLP exam questions with expert-verified answers and explanations. Page 5 of 8.

Question #213Secure Software Lifecycle Management
Rob is the project manager of the IDLK Project for his company. This project has a budget of $5,600,000 and is expected to last 18 months. Rob has learned that a new law may affect...
Risk ManagementRisk Response StrategiesProject Management
Question #214Secure Software Concepts
Mark is the project manager of the NHQ project in StarTech Inc. The project has an asset valued at $195,000 and is subjected to an exposure factor of 35 percent. What will be the S...
Single Loss ExpectancyRisk assessmentAsset valuationExposure factor
Question #215Secure Software Concepts
FIPS 199 defines the three levels of potential impact on organizations: low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or av...
FIPS 199Impact AssessmentRisk ManagementCIA Triad
Question #216Secure Software Testing
John works as a professional Ethical Hacker. He has been assigned the project of testing the attacks. As a countermeasure, he suggests that the Network Administrator should remove...
Buffer overflowVulnerability assessmentSecurity countermeasuresIIS security
Question #217Secure Software Testing
Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. What are the different categories of penetration testing?...
Penetration testingTesting methodologiesBlack-box testingWhite-box testing
Question #218Secure Software Concepts
Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptiti...
Shoulder surfingConfidentialityIn-person attacksInformation gathering
Question #219Secure Software Concepts
Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
ISC2 Code of EthicsEthical principlesProfessional responsibilityCanons of ethics
Question #220Secure Software Lifecycle Management
The Systems Development Life Cycle (SDLC) is the process of creating or altering the systems; and the models and methodologies that people use to develop these systems. Which of th...
SDLCLifecycle phasesSoftware development process
Question #221Secure Software Architecture and Design
The service-oriented modeling framework (SOMF) introduces five major life cycle modeling activities that drive a service evolution during design-time and run-time. Which of the fol...
SOASOMFArchitecture ModelingService Design
Question #223Secure Software Concepts
Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.
CIA TriadConfidentialityIntegrityAvailability
Question #225Secure Software Testing
Samantha works as an Ethical Hacker for we-are-secure Inc. She wants to test the security of the we- are-secure server for DoS attacks. She sends large number of ICMP ECHO packets...
DoS AttacksPing FloodNetwork SecurityVulnerability Testing
Question #226Secure Software Lifecycle Management
The DARPA paper defines various procedural patterns to perform secure system development practices. Which of the following patterns does it include? Each correct answer represents...
Secure development patternsSoftware assurance practicesSecurity lifecycle managementRed teaming
Question #227Secure Software Deployment, Operations, Maintenance
In which of the following SDLC phases is the system's security features configured and enabled, the system is tested and installed or fielded, and the system is authorized for proc...
SDLC phasesImplementation phaseSystem deploymentAuthorization to Operate (ATO)
Question #228Secure Software Testing
John works as a systems engineer for BlueWell Inc. He has modified the software, and wants to retest the application to ensure that bugs have been fixed or not. Which of the follow...
Regression testingSoftware retestingBug verificationQuality assurance
Question #229Secure Software Testing
Which of the following test methods has the objective to test the IT system from the viewpoint of a threat-source and to identify potential failures in the IT system protection sch...
Penetration TestingSecurity TestingThreat SimulationVulnerability Assessment
Question #230Secure Software Requirements
Which of the following documents is defined as a source document, which is most useful for the ISSE when classifying the needed security functionality?
Security PolicySecurity RequirementsSource DocumentsInformation Protection
Question #231Secure Software Deployment, Operations, Maintenance
You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure t...
Configuration managementConfiguration auditPhysical Configuration Audit (PCA)Deployment verification
Question #232Secure Software Lifecycle Management
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF...
FITSAFSecurity Assessment FrameworksSecurity Controls TestingSecurity Program Maturity
Question #233Secure Software Lifecycle Management
Which of the following ISO standards is entitled as "Information technology - Security techniques - Information security management - Measurement"?
ISO standardsInformation security managementSecurity measurementISO 27004
Question #234Secure Software Testing
Which of the following processes will you involve to perform the active analysis of the system for any potential vulnerabilities that may result from poor or improper system config...
Penetration testingVulnerability assessmentSecurity testingSystem configuration security
Question #235Secure Software Concepts
Which of the following are the responsibilities of the owner with regard to data in an information classification program? Each correct answer represents a complete solution. Choos...
Data Owner ResponsibilitiesInformation ClassificationData GovernanceData Protection Roles
Question #236Secure Software Supply Chain
You are the project manager for a construction project. The project involves casting of a column in a very narrow space. Because of lack of space, casting it is highly dangerous. H...
Risk TransferenceRisk Response StrategiesThird-Party Risk ManagementOutsourcing
Question #237Secure Software Lifecycle Management
Which of the following models manages the software development process if the developers are limited to go back only one stage to rework?
Software Development Life Cycle (SDLC)Waterfall modelSDLC modelsLinear development
Question #238Secure Software Concepts
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will h...
Access Control ModelsRole-Based Access Control (RBAC)Principle of Least Privilege
Question #239Secure Software Deployment, Operations, Maintenance
Which of the following is a chronological record of system activities to enable the reconstruction and examination of the sequence of events and/or changes in an event?
Audit trailsLoggingSecurity monitoringEvent reconstruction
Question #240Secure Software Lifecycle Management
Which of the following DITSCAP phases validates that the preceding work has produced an IS that operates in a specified computing environment?
DITSCAPCertification and AccreditationSystem SecurityValidation
Question #241Secure Software Concepts
How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?
Annualized Loss Expectancy (ALE)Risk CalculationQuantitative Risk AnalysisSLE and ARO
Question #242Secure Software Concepts
Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?
Non-repudiationSecurity principlesMessage authenticityCISSP/CSSLP concepts
Question #243Secure Software Concepts
In which of the following levels of exception safety are operations succeeded with full guarantee and fulfill all needs in the presence of exceptional situations?
Exception SafetyError HandlingSecure CodingSoftware Resilience
Question #244Secure Software Concepts
Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of pers...
DoD PoliciesInformation Assurance (IA)Defense-in-DepthNetwork-Centric Warfare
Question #245Secure Software Concepts
Single Loss Expectancy (SLE) represents an organization's loss from a single threat. Which of the following formulas best describes the Single Loss Expectancy (SLE)?
Single Loss ExpectancyRisk Management FormulasAsset ValueExposure Factor
Question #246Secure Software Deployment, Operations, Maintenance
Which of the following is a patch management utility that scans one or more computers on a network and alerts a user if any important Microsoft security patches are missing and als...
Patch ManagementSecurity ToolsVulnerability ScanningSoftware Maintenance
Question #248Secure Software Deployment, Operations, Maintenance
Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will...
Contingency PlanningDisaster RecoveryBusiness ContinuityEmergency Response
Question #249Secure Software Deployment, Operations, Maintenance
An assistant from the HR Department calls you to ask the Service Hours & Maintenance Slots for your ERP system. In which document will you most probably find this information?
Service Level AgreementOperational documentationSystem availabilityMaintenance windows
Question #250Secure Software Concepts
Which of the following are the basic characteristics of declarative security? Each correct answer represents a complete solution. Choose all that apply.
Declarative securityApplication securitySecurity enforcementContainer-managed security
Question #251Secure Software Implementation
"Enhancing the Development Life Cycle to Produce Secure Software" summarizes the tools and practices that are helpful in producing secure software. What are these tools and practic...
Secure coding practicesCompiler securityMemory safetySecure libraries
Question #252Secure Software Deployment, Operations, Maintenance
In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represen...
NIST FIPS 199Impact LevelsCertification & AccreditationRisk Management Framework
Question #253Secure Software Concepts
Which of the following NIST documents provides a guideline for identifying an information system as a National Security System?
NIST SP 800-59National Security SystemInformation System ClassificationRegulatory Compliance
Question #255Secure Software Testing
John works as a professional Ethical Hacker. He has been assigned the project of testing the pre-attack phase to check the security of the We-are-secure network: Gathering informat...
Port scanningNetwork reconnaissanceVulnerability assessmentSecurity testing tools
Question #256Secure Software Concepts
An authentication method uses smart cards as well as usernames and passwords for authentication. Which of the following authentication methods is being referred to?
AuthenticationMulti-factor authentication (MFA)Authentication factorsSmart cards
Question #257Secure Software Testing
You work as a security engineer for BlueWell Inc. You want to use some techniques and procedures to verify the effectiveness of security controls in Federal Information System. Whi...
NIST SP 800-53ASecurity Control AssessmentFederal Information SystemsCompliance
Question #258Secure Software Concepts
An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?
Privacy policyEmployee monitoringData privacyOrganizational policy
Question #259Secure Software Architecture and Design
You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following tasks: Develop a risk-driven enterprise information security architecture. Delive...
Enterprise Security ArchitectureSABSASecurity FrameworksRisk-driven Architecture
Question #260Secure Software Deployment, Operations, Maintenance
In which of the following IDS evasion attacks does an attacker send a data packet such that IDS accepts the data packet but the host computer rejects it?
IDS evasionInsertion attackNetwork securityIntrusion Detection Systems
Question #261Secure Software Concepts
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of poli...
Security PoliciesPolicy TypesAdvisory PoliciesRegulatory Policies
Question #262Secure Software Concepts
Which of the following are the types of intellectual property? Each correct answer represents a complete solution. Choose all that apply.
Intellectual PropertyPatentCopyrightTrademark
Question #263Secure Software Implementation
In which of the following phases of the SDLC does the software and other components of the system faithfully incorporate the design specifications and provide proper documentation...
SDLC phasesSoftware implementationDocumentationTraining
Question #264Secure Software Concepts
Security controls are safeguards or countermeasures to avoid, counteract, or minimize security risks. Which of the following are types of security controls? Each correct answer rep...
Security ControlsControl ClassificationRisk Mitigation
Question #265Secure Software Deployment, Operations, Maintenance
You work as a Security Manager for Tech Perfect Inc. You find that some applications have failed to encrypt network traffic while ensuring secure communications in the organization...
TLSNetwork EncryptionSecure CommunicationSecurity Protocols
Question #266Secure Software Concepts
The rights of an author or a corporation to make profit from the creation of their products (such as software, music, etc.) are protected by the Intellectual Property law. Which of...
Intellectual Property LawCopyrightIndustrial PropertySoftware Rights

PreviousPage 5 of 8Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.