Browse Exams Pricing

ExamsCSSLPQuestions

CSSLP Exam Questions

379 real CSSLP exam questions with expert-verified answers and explanations. Page 6 of 8.

Question #267Secure Software Lifecycle Management
Which of the following documents were developed by NIST for conducting Certification & Accreditation (C&A)? Each correct answer represents a complete solution. Choose all that appl...
NIST SP 800 SeriesRisk Management Framework (RMF)Certification & Accreditation (C&A)Information Security Governance
Question #268Secure Software Deployment, Operations, Maintenance
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for add...
DITSCAPSystem AccreditationPost-Accreditation PhaseLifecycle Management
Question #269Secure Software Concepts
To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following c...
Security ControlsControl TypesPreventive ControlsControl Classification
Question #270Secure Software Lifecycle Management
Which of the following processes does the decomposition and definition sequence of the Vee model include? Each correct answer represents a part of the solution. Choose all that app...
Vee modelSDLCSecurity requirementsSecurity design
Question #271Secure Software Deployment, Operations, Maintenance
Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specif...
NIST SP 800-26Security AssessmentCompliance EvaluationIT System Evaluation
Question #272Secure Software Architecture and Design
A number of security patterns for Web applications under the DARPA contract have been developed by Kienzle, Elder, Tyree, and Edwards-Hewitt. Which of the following patterns are ap...
Web application securityAuthentication patternsSecurity design patternsIdentity management
Question #273Secure Software Concepts
Which of the following steps of the LeGrand Vulnerability-Oriented Risk Management method determines the necessary compliance offered by risk management practices and assessment of...
Risk Management MethodologiesLeGrand MethodCompliance AssuranceVulnerability Management
Question #274Secure Software Concepts
Which of the following security objectives are defined for information and information systems by the FISMA? Each correct answer represents a part of the solution. Choose all that...
FISMASecurity ObjectivesConfidentiality Integrity Availability
Question #275Secure Software Testing
Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in discovering system vulnerabilities. For what purposes is ST&E used? Each correct answer repre...
Security Test and EvaluationVulnerability AssessmentSecurity Policy EnforcementSecurity Controls Adequacy
Question #276Secure Software Implementation
What are the differences between managed and unmanaged code technologies? Each correct answer represents a complete solution. Choose two.
Managed CodeUnmanaged CodeRuntime EnvironmentCode Compilation
Question #277Secure Software Supply Chain
A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk respons...
Risk ManagementRisk TransferenceSupply Chain SecurityThird-Party Risk
Question #278Secure Software Testing
You work as a security manager for BlueWell Inc. You are performing the external vulnerability testing, or penetration testing to get a better snapshot of your organization's secur...
Penetration TestingDumpster DivingInformation GatheringSecurity Testing
Question #279Secure Software Concepts
Which of the following are the benefits of information classification for an organization? Each correct answer represents a complete solution. Choose two.
Information ClassificationData SensitivitySecurity ControlsData Protection
Question #280Secure Software Lifecycle Management
Frank is the project manager of the NHH Project. He is working with the project team to create a plan to document the procedures to manage risks throughout the project. This docume...
Risk managementProject managementRisk management planProject documentation
Question #281Secure Software Concepts
Which of the following security related areas are used to protect the confidentiality, integrity, and availability of federal information systems and information processed by those...
CIA triadSecurity controlsInformation system protectionRisk management
Question #282Secure Software Deployment, Operations, Maintenance
Which of the following allows multiple operating systems (guests) to run concurrently on a host computer?
VirtualizationHypervisorOperating Systems
Question #283Secure Software Lifecycle Management
Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes wi...
Configuration managementSystem consistencySoftware lifecycle
Question #284Secure Software Lifecycle Management
Which of the following US Acts emphasized a "risk-based policy for cost-effective security" and makes mandatory for agency program officials, chief information officers, and inspec...
FISMAInformation Security GovernanceComplianceRisk Management
Question #285Secure Software Concepts
Which of the following security models focuses on data confidentiality and controlled access to classified information?
Security modelsConfidentialityBell-La Padula model
Question #286Secure Software Requirements
Which of the following processes describes the elements such as quantity, quality, coverage, timelines, and availability, and categorizes the different functions that the system wi...
Functional RequirementsPerformance RequirementsRequirements ElicitationSoftware Requirements
Question #287Secure Software Architecture and Design
You work as a Network Administrator for uCertify Inc. You need to secure web services of your company in order to have secure transactions. Which of the following will you recommen...
Web services securitySSL/TLSSecure transactionsData in transit protection
Question #288Secure Software Architecture and Design
What are the various benefits of a software interface according to the "Enhancing the Development Life Cycle to Produce Secure Software" document? Each correct answer represents a...
Software InterfacesComponent CommunicationEncapsulationAccess Control
Question #289Secure Software Lifecycle Management
Elizabeth is a project manager for her organization and she finds risk management to be very difficult for her to manage. She asks you, a lead project manager, at what stage in the...
Risk ManagementProject Management Best PracticesProcess ImprovementContinuous Improvement
Question #290Secure Software Deployment, Operations, Maintenance
Which of the following describes a residual risk as the risk remaining after a risk mitigation has occurred?
Residual RiskRisk ManagementDIACAPCertification and Accreditation
Question #291Secure Software Implementation
You work as a Security Manager for Tech Perfect Inc. You want to save all the data from the SQL injection attack, which can read sensitive data from the database and modify databas...
SQL InjectionParameterized QueriesSecure CodingDatabase Security
Question #292Secure Software Concepts
Security is a state of well-being of information and infrastructures in which the possibilities of successful yet undetected theft, tampering, and/or disruption of information and...
Information Security PrinciplesCIA TriadAuthenticitySecurity Elements
Question #293Secure Software Supply Chain
Harry is the project manager of the MMQ Construction Project. In this project, Harry has identified a supplier who can create stained glass windows for 1,000 window units in the co...
Risk ManagementSupplier ManagementSupply Chain Risk
Question #294Secure Software Concepts
Which of the following refers to the ability to ensure that the data is not modified or tampered with?
IntegrityCIA TriadData SecuritySecurity Principles
Question #295Secure Software Lifecycle Management
The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process...
DITSCAPCertification and Accreditation (C&A)Verification phaseSecurity assessment
Question #296Secure Software Requirements
Which of the following elements sets up a requirement to receive the constrained requests over a protected layer connection, such as TLS (Transport Layer Security)?
User data constraintTLSTransport securityConfidentiality
Question #297Secure Software Concepts
In digital rights management, the level of robustness depends on the various types of tools and attacks to which they must be resistant or immune. Which of the following types of t...
Digital Rights Management (DRM)DRM RobustnessAttack Tools Classification
Question #298Secure Software Lifecycle Management
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecomm...
NIACAPAccreditation TypesCertification and Accreditation (C&A)Information Assurance
Question #299Secure Software Concepts
Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.
Information IntegrityCIA TriadData ConsistencyUnauthorized Data Modification
Question #300Secure Software Concepts
Which of the following are the important areas addressed by a software system's security policy? Each correct answer represents a complete solution. Choose all that apply.
Security PolicyAccess ControlIdentification & AuthenticationData Protection
Question #301Secure Software Concepts
Which of the following specifies the behaviors of the DRM implementation and any applications that are accessing the implementation?
Digital Rights Management (DRM)Compliance rulesUsage policiesSoftware security principles
Question #302Secure Software Architecture and Design
Which of the following security architectures defines how to integrate widely disparate applications for a world that is Web-based and uses multiple implementation platforms?
Service-oriented architectureApplication integrationArchitectural styles
Question #303Secure Software Deployment, Operations, Maintenance
Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency,...
Contingency planningRecovery plansOperational securityIncident response
Question #304Secure Software Deployment, Operations, Maintenance
The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibili...
CIO ResponsibilitiesIT LeadershipOrganizational RolesIT Strategy
Question #305Secure Software Testing
You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of th...
Functional testingSoftware testing typesRequirements verification
Question #306Secure Software Concepts
Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?
Security GovernanceManagement ResponsibilitySecurity ControlsOrganizational Structure
Question #307Secure Software Concepts
Which of the following are the tasks performed by the owner in the information classification schemes? Each correct answer represents a part of the solution. Choose three.
Information ClassificationData Owner ResponsibilitiesSecurity RolesData Governance
Question #308Secure Software Requirements
Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States?
FISMAInformation Security GovernanceComplianceUS Federal Laws
Question #309Secure Software Lifecycle Management
Gary is the project manager for his project. He and the project team have completed the qualitative risk analysis process and are about to enter the quantitative risk analysis proc...
Quantitative Risk AnalysisProject Risk ManagementRisk AssessmentSecure Software Lifecycle
Question #310Secure Software Lifecycle Management
Henry is the project manager of the QBG Project for his company. This project has a budget of $4,576,900 and is expected to last 18 months to complete. The CIO, a stakeholder in th...
Configuration ManagementChange ControlSoftware Development Lifecycle
Question #311Secure Software Deployment, Operations, Maintenance
Which of the following are Service Level Agreement (SLA) structures as defined by ITIL? Each correct answer represents a complete solution. Choose all that apply.
SLAITILService Level Management
Question #312Secure Software Testing
John works as a professional Ethical Hacker. He is assigned a project to test the security of you want to perform the next information-gathering step, i.e., passive OS fingerprinti...
Passive OS fingerprintingInformation gatheringSecurity testing toolsP0f
Question #313Secure Software Lifecycle Management
Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security cont...
NIST SP 800-53Federal StandardsSecurity ControlsRisk Management Framework
Question #315Secure Software Lifecycle Management
Which of the following phases of NIST SP 800-37 C&A methodology examines the residual risk for acceptability, and prepares the final security accreditation package?
NIST SP 800-37Certification and Accreditation (C&A)Security AccreditationRisk Management Framework (RMF)
Question #316Secure Software Lifecycle Management
The mission and business process level is the Tier 2. What are the various Tier 2 activities? Each correct answer represents a complete solution. Choose all that apply.
Tier 2 activitiesOrganizational security strategyMission and business processesInformation protection framework
Question #318Secure Software Concepts
You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What...
Information Security PrinciplesConfidentialityCIA TriadData Protection

PreviousPage 6 of 8Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.