Browse Exams Pricing

ExamsCSSLPQuestions

CSSLP Exam Questions

379 real CSSLP exam questions with expert-verified answers and explanations. Page 7 of 8.

Question #319Secure Software Lifecycle Management
Certification and Accreditation (C&A or CnA) is a process for implementing information security. Which of the following is the correct order of C&A phases in a DITSCAP assessment?
Certification and AccreditationDITSCAPSecurity LifecycleInformation Security Management
Question #320Secure Software Deployment, Operations, Maintenance
Which of the following is NOT a responsibility of a data owner?
Data OwnerData GovernanceRoles and ResponsibilitiesInformation Security Roles
Question #322Secure Software Lifecycle Management
ISO 27003 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which o...
ISO 27003ISMS ImplementationInformation Security StandardsCritical Success Factors
Question #323
John works as a security manager for SoftTech Inc. He is working with his team on the disaster recovery management plan. One of his team members has a doubt related to the most cos...
Question #325Secure Software Concepts
Which of the following statements describe the main purposes of a Regulatory policy? Each correct answer represents a complete solution. Choose all that apply.
Regulatory policyComplianceSecurity policyInformation governance
Question #326Secure Software Concepts
Audit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process...
Security controlsDetective controlsAudit trailsAudit logs
Question #327Secure Software Supply Chain
Which of the following is generally used in packages in order to determine the package or product tampering?
Supply chain securityProduct integrityTampering detectionPackaging security
Question #328Secure Software Testing
In which of the following testing methods is the test engineer equipped with the knowledge of system and designs test cases or test data based on system knowledge?
Software Testing TypesGraybox TestingTest Engineer KnowledgeSecure Software Testing
Question #330Secure Software Lifecycle Management
Which of the following configuration management system processes keeps track of the changes so that the latest acceptable configuration specifications are readily available?
Configuration ManagementConfiguration Status AccountingSoftware Change ManagementSoftware Lifecycle Processes
Question #331Secure Software Lifecycle Management
Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.
Security program developmentProgram management methodologiesTop-down approachBottom-up approach
Question #332Secure Software Deployment, Operations, Maintenance
Which of the following plans is a comprehensive statement of consistent actions to be taken before, during, and after a disruptive event that causes a significant loss of informati...
Disaster RecoveryIT Systems RecoveryBusiness Continuity PlanningOperational Resilience
Question #333Secure Software Concepts
Which of the following can be used to accomplish authentication? Each correct answer represents a complete solution. Choose all that apply.
AuthenticationAccess ControlSecurity Mechanisms
Question #334Secure Software Concepts
In which type of access control do user ID and password system come under?
Access ControlTechnical ControlsAuthenticationUser ID and Password
Question #335Secure Software Concepts
Which of the following is an attack with IP fragments that cannot be reassembled?
Teardrop attackDenial of ServiceIP fragmentationNetwork attacks
Question #336Secure Software Concepts
Which of the following are examples of passive attacks? Each correct answer represents a complete solution. Choose all that apply.
Passive attacksAttack typesInformation gatheringReconnaissance
Question #337Secure Software Testing
According to the NIST SAMATE, dynamic analysis tools operate by generating runtime vulnerability scenario using some functions. Which of the following are functions that are used b...
Dynamic AnalysisNIST SAMATESoftware Testing TechniquesFault Injection
Question #338Secure Software Concepts
Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain...
Trade secretIntellectual propertyLegal conceptsAsset protection
Question #339Secure Software Deployment, Operations, Maintenance
A service provider guarantees for end-to-end network traffic performance to a customer. Which of the following types of agreement is this?
SLAService Level AgreementPerformance GuaranteeService Provider
Question #340Secure Software Lifecycle Management
Which of the following components of configuration management involves periodic checks to determine the consistency and completeness of accounting information and to verify that al...
Configuration ManagementConfiguration AuditingSDLC ProcessesCompliance
Question #341Secure Software Architecture and Design
The NIST ITL Cloud Research Team defines some primary and secondary technologies as the fundamental elements of cloud computing in its "Effectively and Securely Using the Cloud Com...
Cloud computingCloud architectureVirtualizationService-Oriented Architecture
Question #342Secure Software Deployment, Operations, Maintenance
Which of the following disaster recovery tests includes the operations that shut down at the primary site, and are shifted to the recovery site according to the disaster recovery p...
Disaster RecoveryDR TestingFull-interruption testBusiness Continuity
Question #344Secure Software Deployment, Operations, Maintenance
In which of the following deployment models of cloud is the cloud infrastructure administered by the organizations or a third party? Each correct answer represents a complete solut...
Cloud deployment modelsPrivate cloudCommunity cloudCloud administration
Question #345Secure Software Deployment, Operations, Maintenance
Which of the following statements about a host-based intrusion prevention system (HIPS) are true? Each correct answer represents a complete solution. Choose two.
HIPSIntrusion PreventionHost SecuritySecurity Controls
Question #346Secure Software Deployment, Operations, Maintenance
Who amongst the following makes the final accreditation decision?
AccreditationAuthorizationDAARisk Management
Question #347Secure Software Lifecycle Management
You are the project manager of the GHY project for your organization. You are about to start the qualitative risk analysis process for the project and you need to determine the rol...
Risk Management PlanRoles and ResponsibilitiesProject ManagementQualitative Risk Analysis
Question #348Secure Software Lifecycle Management
You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative...
Risk ManagementProject ManagementNegative RisksRisk Response Planning
Question #349Secure Software Concepts
You work as an analyst for Tech Perfect Inc. You want to prevent information flow that may cause a conflict of interest in your organization representing competing clients. Which o...
Security ModelsConflict of InterestChinese Wall ModelAccess Control
Question #350Secure Software Lifecycle Management
Which of the following are the phases of the Certification and Accreditation (C&A) process? Each correct answer represents a complete solution. Choose two.
Certification and Accreditation (C&A)Risk Management Framework (RMF)Security Authorization ProcessInformation System Security
Question #352Secure Software Lifecycle Management
Which of the following elements of the BCP process emphasizes on creating the scope and the additional elements required to define the parameters of the plan?
Business Continuity Planning (BCP)BCP ProcessScope DefinitionPlan Initiation
Question #353Secure Software Deployment, Operations, Maintenance
Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?
DITSCAPC&ADoD PolicySecurity Directives
Question #354Secure Software Deployment, Operations, Maintenance
Which of the following are the responsibilities of a custodian with regard to data in an information classification program? Each correct answer represents a complete solution. Cho...
Data CustodianInformation ClassificationRoles and ResponsibilitiesData Management
Question #355Secure Software Concepts
Which of the following terms refers to the protection of data against unauthorized access?
ConfidentialitySecurity PrinciplesData Protection
Question #356Secure Software Deployment, Operations, Maintenance
Copyright holders, content providers, and manufacturers use digital rights management (DRM) in order to limit usage of digital media and devices. Which of the following security ch...
DRM SecurityKey ManagementDevice ProvisioningDevice Fingerprinting
Question #357Secure Software Deployment, Operations, Maintenance
Which of the following describes the acceptable amount of data loss measured in time?
Recovery Point Objective (RPO)Data LossBusiness ContinuityDisaster Recovery
Question #358Secure Software Requirements
When preparing misuse and abuse cases for a software product what activities are generally performed to anticipate how it might be exploited?
Misuse casesAbuse casesThreat modelingExploitation scenarios
Question #359Secure Software Testing
A development team at Meridian Systems is defining their security testing strategy and plan, and they need guidance on best practices and timing. Which statement is accurate?
Security Testing StrategyVulnerability ScanningPenetration TestingComprehensive Testing
Question #360Secure Software Testing
Which categories of problems are suitable for static code analysis to detect in a software repository?
Static Code AnalysisSASTSyntax ValidationSemantic Analysis
Question #361Secure Software Deployment, Operations, Maintenance
A mid sized software company is creating a group to handle production incidents and they want the team to be most effective. What team composition usually produces the best outcome...
Incident ResponseTeam CompositionCross-functional TeamsSoftware Operations
Question #362Secure Software Architecture and Design
A digital health startup named NovaLine is designing a new platform and wants to manage security risks through every phase of the software development lifecycle. Which practice sho...
SDLC SecuritySecurity by DesignSecurity RequirementsSecure Architecture
Question #363Secure Software Architecture and Design
Which of the following is not considered a form of distributed processing?
Distributed ProcessingSystem ArchitecturesClient-Server ModelPeer-to-Peer Architecture
Question #364Secure Software Lifecycle Management
A regional insurance provider requires a written "need to acquire" declaration before approving any software purchase. What specific elements does that declaration list? (Choose 3)
Software acquisitionBusiness justificationProject initiationAssurance case
Question #365Secure Software Concepts
An information security analyst at Aurora Systems is reviewing a confidentiality model where users cannot read information above their clearance and they cannot write information t...
Access Control ModelsMandatory Access ControlConfidentiality ModelsBell-LaPadula Model
Question #366Secure Software Testing
Which of the following items would not normally be classified as a security test case?
Security TestingSoftware Testing TypesSDLC Activities
Question #367Secure Software Implementation
What technique should a web application use to confirm that values sent by clients conform to the expected data types and formats?
Input validationWeb application securityDefensive codingData integrity
Question #368Secure Software Deployment, Operations, Maintenance
When drafting a service level agreement what key element should be included so the provider and the customer can objectively determine whether commitments were met and take action...
Service Level Agreement (SLA)Performance MetricsAccountabilityAgreement Drafting
Question #369Secure Software Deployment, Operations, Maintenance
Which scenario best illustrates auditing as a method of accountability within a technology company?
AuditingAccountabilityLoggingSecurity Events
Question #370Secure Software Architecture and Design
A regional fintech company needs security controls that staff will actually use. Which security design principle emphasizes making protections easy to use and acceptable to people?
Security design principlesPsychological acceptabilityUsabilitySecurity controls
Question #371Secure Software Concepts
A regional insurer is evaluating methods for assessing threats across its cloud environment. What is qualitative risk assessment primarily used for?
Qualitative risk assessmentRisk managementThreat assessmentPrioritization
Question #372Secure Software Requirements
Why are system requirements regarded as primary project artifacts when beginning software work?
System requirementsFunctional requirementsSoftware development lifecycleProject artifacts
Question #373Secure Software Testing
A payment technology company called Northbridge Systems deploys updates to its customer portal and the security team must run tests. What is the primary goal of regression testing...
Regression testingSecurity testingVulnerability preventionCode changes

PreviousPage 7 of 8Next

study smarter, certify faster.

Product

Browse Exams
Pricing
PDF Downloads

Resources

Blog
Glossary
Topics
FAQ
Contact Us

Legal

Terms of Service
Privacy Policy
Cookie Policy
DMCA
Refund Policy

Company

About
Contact

© 2026 NerdExam. All rights reserved.Built for IT professionals

NerdExam is a trading name of WADL Solutions Limited, a company incorporated in Hong Kong (CR# 80143234). Registered office: Unit 2904-05, 29/F, Universal Trade Centre, 3 Arbuthnot Road, Central, Hong Kong.

CompTIA, AWS, Cisco, Microsoft, Google Cloud, Oracle, VMware, and other certification names referenced on this site are trademarks of their respective owners. NerdExam is not affiliated with, endorsed by, or sponsored by any certification vendor.