CSSLP Exam Questions
379 real CSSLP exam questions with expert-verified answers and explanations. Page 8 of 8.
- Question #374Secure Software Lifecycle Management
What is the primary purpose of performing security reviews during the software development lifecycle?
Security ReviewsSDLCSecurity ControlsProcess Validation - Question #375Secure Software Concepts
Which of the following can be used for non-repudiation purposes?
Non-repudiationDigital signaturesCryptographySecurity services - Question #376Secure Software Concepts
The fundamental benefit of a sandboxed environments is about:
SandboxingIsolationContainmentRisk Reduction - Question #377Secure Software Deployment, Operations, Maintenance
Secure configuration management (CM) is most useful for what?
Configuration ManagementIntegritySecurity Baselines - Question #378Secure Software Testing
Which data protection approach changes or conceals sensitive values to keep them confidential when they are used in development and testing?
Data ProtectionData ObfuscationTest Data ManagementSecure Testing - Question #379Secure Software Deployment, Operations, Maintenance
For a cloud application deployed by Meridian Financial who is typically regarded as the owner of the application data?
Data OwnershipCloud Data GovernanceOrganizational ResponsibilityData Stewardship - Question #380Secure Software Requirements
Which compliance framework is specifically intended for companies that handle credit and debit card transactions to ensure the security of cardholder systems and data?
Compliance FrameworksPCI DSSData SecurityPayment Processing - Question #381Secure Software Supply Chain
What is the primary objective of secure software supply chain practices for a development team that wants to avoid using compromised components?
Software supply chain securityCompromised componentsThird-party riskMalware prevention - Question #382Secure Software Architecture and Design
Which security design principle favors simple implementations and minimal components and therefore supports using single sign on systems and credential managers?
Security Design PrinciplesEconomy of MechanismSSOArchitectural Simplicity - Question #383Secure Software Implementation
Why do large organizations put in place companywide secure coding guidelines for developers?
Secure coding guidelinesOrganizational security policiesComprehensive security implementation - Question #384Secure Software Testing
Which term can be best defined by the following description? A security testing method that is also known as structure-based testing. It involves the direct analysis of the source...
Security testingWhite-box testingStructure-based testingSource code analysis - Question #385Secure Software Requirements
Which of the following are used in the development of abuse cases?
Abuse CasesUse CasesSecurity RequirementsThreat Modeling - Question #386Secure Software Architecture and Design
Which of the following is the most important task when performing a design security review?
Design Security ReviewApplication DecompositionSystem UnderstandingSecurity Architecture - Question #387Secure Software Deployment, Operations, Maintenance
The software maintenance and support work starts once the delivery of the software product is done. Which of the following is not considered a category of application maintenance a...
Software MaintenanceMaintenance CategoriesPost-Deployment Activities - Question #388Secure Software Concepts
LogiCore is configuring a federated identity setup where a web application accepts assertions from an external identity provider. What fundamental element must that relationship re...
Federated IdentityIdentity ProviderTrust RelationshipAssertions - Question #389Secure Software Requirements
Which software security requirement focuses on assigning sensitivity levels and evaluating potential consequences for stored information?
Data classificationSecurity requirementsInformation sensitivityData protection - Question #390Secure Software Concepts
Which legal doctrine normally establishes ownership rights for creative digital works such as software and other intangible online assets?
Intellectual PropertyCopyright LawSoftware OwnershipLegal Doctrines - Question #391Secure Software Testing
Which form of security testing is most appropriate to measure an application's scalability reliability and performance under operational load?
Non-functional testingSecurity assessmentScalability reliabilityPerformance testing - Question #392Secure Software Lifecycle Management
Which software development approach prioritizes accepting evolving requirements and gathering frequent stakeholder feedback throughout the project lifecycle?
Agile MethodologySoftware Development Life Cycle (SDLC)Requirements ManagementStakeholder Feedback - Question #393Secure Software Concepts
Which processor security feature provides hardware based encryption of system memory to protect sensitive information from physical memory extraction?
Hardware SecurityMemory EncryptionProcessor Security FeaturesPhysical Security - Question #394Secure Software Deployment, Operations, Maintenance
Which of the following statements is NOT true?
Authority to Operate (ATO)Authorizing Official (AO)Risk Management Framework (RMF)Security Authorization - Question #395Secure Software Concepts
Which type of controls is intended to limit the extent of any damage caused by an incident?
Security ControlsCorrective ControlsIncident ManagementDamage Limitation - Question #396Secure Software Deployment, Operations, Maintenance
Which of the following CANNOT be impacted directly by security monitoring?
Security MonitoringIncident DetectionSecurity Operations - Question #397Secure Software Testing
A payments startup measures defects per thousand lines of code across its repositories to monitor code quality. Which category of software assessment does that metric represent?
Static Code AnalysisCode Quality MetricsSoftware AssessmentDefect Measurement - Question #398Secure Software Requirements
Which statement accurately describes system non-functional requirements and their role in software behavior?
Non-functional requirementsQuality attributesSoftware requirements - Question #399Secure Software Deployment, Operations, Maintenance
When a company enforces formal authorization for a proposed modification what formal and detailed document must be created to specify the exact tasks and deliverables required to c...
Change ManagementStatement of WorkProject DocumentationDeliverables - Question #400Secure Software Testing
Which techniques are commonly used to perform code analysis during software development and testing? (Choose 2)
Secure Code AnalysisStatic Code AnalysisDynamic Code AnalysisSecurity Testing - Question #401Secure Software Architecture and Design
What aspect of a system does a data flow diagram most clearly represent?
Data Flow Diagram (DFD)System analysisSoftware designData movement - Question #402Secure Software Testing
Within software development what type of testing is commonly meant by the phrase code review?
Code reviewSoftware testingStatic analysisPeer review