ISC2 CSSLP Practice Test : Free Online Preparation

Question 1
- Which operational practices are essential for ensuring secure software development and maintaining the security of an organization’s systems and data?
  
  A : Incident response planning, vendor management, and encryption techniques
  
  B : Change management, vulnerability scanning, and network segmentation
  
  C : Assessment and Authorization (A&A) process, code review, and data backup
  
  D : Configuration management, user access controls, and system patching
  
  Answer: C
Question 2
- You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?
  A : Three
  
  B : Seven
  
  C : One
  
  D : Four
  
  Answer: D
Question 3
- Which of the following methods offers a number of modeling practices and disciplines that contribute to a successful service-oriented life cycle management and modeling?
  A : Service-oriented modeling framework (SOMF)
  
  B : Service-oriented architecture (SOA)
  
  C : Sherwood Applied Business Security Architecture (SABSA)
  
  D : Service-oriented modeling and architecture (SOMA)
  
  Answer: A
Question 4
- The Flaw Hypothesis Method employs which of the following set of phases?
  
  A : Hypothesize the financial risk involved in early software release compared to missed revenue by not releasing it. Take out insurance in the form of bonds to protect yourself from lawsuits due to failed security. Hire a Chief Security Officer knowledgeable in software risk assessment.
  Hypothesize the financial risk involved in early software release compared to missed revenue by not releasing it. Take out insurance in the form of bonds to protect yourself from lawsuits due to failed security. Hire a Chief Security Officer knowledgeable in software risk assessment.
  
  B : Hypothesize potential flaws based on the software documentation. Confirm the flaws through testing. Generalize about the flaws in order to uncover other similar flaws. Create countermeasures against such flaws.
  
  C : Hypothesize which attack vectors a malware attack might take to penetrate your software product. Confirm the flaw using pen testing software. Fix potential software flaws discovered through pen testing. Educate the programmer on ways not to create the same vulnerability.
  
  D : Run an AI code assessment program on your code to discover flaws. Repair the flaws. Run the AI assessment again to see if new flaws were introduced. Monitor vulnerabilities so they can be repaired in the next release.
  
  Answer: C
Question 5
- According to U.S. Department of Defense (DoD) Instruction 8500.2, there are eight Information Assurance (IA) areas, and the controls are referred to as IA controls. Which of the following are among the eight areas of IA defined by DoD? Each correct answer represents a complete solution. Choose all that apply
  A : VI Vulnerability and Incident Management
  
  B : Information systems acquisition, development, and maintenance
  
  C : DC Security Design & Configuration
  
  D : EC Enclave and Computing Environment
  
  Answer: A,C,D

Free ISC2 CSSLP Exam Questions

Try our Free Demo Practice Tests for Comprehensive CSSLP Exam Preparation