Certified Secure Software Lifecycle Professional Practice Test (CSSLP) Free Practice Test

Question 1

DRAG DROP
Drag and drop the appropriate external constructs in front of their respective functions.

Correct Answer:

Explanation:

There are two types of compositional constructs: 1.External constructs: The various types of external constructs are as follows: Cascading: In this type of external construct, one system gains the input from the output of another system. Feedback: In this type of external construct, one system provides the input to another system, which in turn feeds back to the input of the first system. Hookup: In this type of external construct, one system communicates with another system as well as with external entities. 2.Internal constructs: The internal constructs include intersection, union, and difference.

Question 2

Which of the following testing methods tests the system efficiency by systematically selecting the suitable and minimum set of tests that are required to effectively cover the affected changes?

A. Integration testing

B. Unit testing

C. Acceptance testing

D. Regression testing

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task?

A. Initiation

B. Continuous Monitoring

C. Security Certification

D. Security Accreditation

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Which of the following is a variant with regard to Configuration Management?

A. A CI that has the same essential functionality as another CI but a bit different in some small manner.

B. A CI that has the same name as another CI but shares no relationship.

C. A CI that particularly refers to a hardware specification.

D. A CI that particularly refers to a software version.

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

A. FIPS

B. SSAA

C. FITSAF

D. TCSEC

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Adrian is the project manager of the NHP Project. In her project there are several work packages that deal with electrical wiring. Rather than to manage the risk internally she has decided to hire a vendor to complete all work packages that deal with the electrical wiring. By removing the risk internally to a licensed electrician Adrian feels more comfortable with project team being safe. What type of risk response has Adrian used in this example?

A. Transference

B. Mitigation

C. Acceptance

D. Avoidance

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise. What are the responsibilities of a Chief Information Officer? Each correct answer represents a complete solution. Choose all that apply.

A. Preserving high-level communications and working group relationships in an organization

B. Proposing the information technology needed by an enterprise to achieve its goals and then working within a budget to implement the plan

C. Establishing effective continuous monitoring program for the organization

D. Explanation:
A Chief Information Officer (CIO) plays the role of a leader. The responsibilities of a Chief Information Officer are as follows: Establishes effective continuous monitoring program for the organization. Facilitates continuous monitoring process for the organizations. Preserves high-level communications and working group relationships in an organization. Confirms that information systems are covered by a permitted security plan and monitored throughout the System Development Life Cycle (SDLC). Manages and delegates decisions to employees in large enterprises. Proposes the information technology needed by an enterprise to achieve its goals and then works within a budget to implement the plan.

E. Facilitating the sharing of security risk-related information among authorizing officials

Correct Answer: A,B,C,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

The NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Standards" specifies potential advantages and disdvantages of virtualization. Which of the following disadvantages does it include? Each correct answer represents a complete solution. Choose all that apply.

A. It increases overall security risk shared resources.

B. It initiates the risk that malicious software is targeting the VM environment.

C. It involves new protection mechanisms for preventing VM escape, VM detection, and VM-VM interference.

D. It increases configuration effort because of complexity and composite system.

E. It increases intrusion detection through introspection.

F. It creates the possibility that remote attestation may not work.

G. It increases capabilities for fault tolerant computing using rollback and snapshot features.

Correct Answer: A,B,C,D,F

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

You work as a system engineer for BlueWell Inc. You want to verify that the build meets its data requirements, and correctly generates each expected display and report. Which of the following tests will help you to perform the above task?

A. Functional test

B. Reliability test

C. Regression test

D. Performance test

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

Stella works as a system engineer for BlueWell Inc. She wants to identify the performance thresholds of each build. Which of the following tests will help Stella to achieve her task?

A. Functional test

B. Reliability test

C. Regression test

D. Performance test

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

The rights of an author or a corporation to make profit from the creation of their products (such as software, music, etc.) are protected by the Intellectual Property law. Which of the following are the components of the Intellectual Property law? Each correct answer represents a part of the solution. Choose two.

A. Patent law

B. Copyright law

C. Industrial Property law

D. Trademark law

Correct Answer: B,C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

An asset with a value of $600,000 is subject to a successful malicious attack threat twice a year. The asset has an exposure of 30 percent to the threat. What will be the annualized loss expectancy?

A. $180,000

B. Explanation:
The annualized loss expectancy will be $360,000. Annualized loss expectancy
(ALE) is the annually expected financial loss to an organization from a threat. The annualized loss
expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss
expectancy (SLE). It is mathematically expressed as follows:
ALE = Single Loss Expectancy (SLE) * Annualized Rate of Occurrence (ARO)
Here, it is as follows:
SLE = Asset value * EF (Exposure factor)
= 600,000 * (30/100)
= 600,000 * 0.30
= 180,000
ALE = SLE * ARO
= 180,000 * 2
= 360,000

C. $360,000

D. $280,000

E. $540,000

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 13

The DoD 8500 policy series represents the Department's information assurance strategy. Which of the following objectives are defined by the DoD 8500 series? Each correct answer represents a complete solution. Choose all that apply.

A. Providing command and control and situational awareness

B. Providing IA Certification and Accreditation

C. Defending systems

D. Protecting information

Correct Answer: A,C,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 14

You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team has successfully completed the risk response planning and now you must initiate what risk process it is. Which of the following risk processes is repeated after the plan risk responses to determine if the overall project risk has been satisfactorily decreased?

A. Risk response implementation

B. Risk identification

C. Qualitative risk analysis

D. Quantitative risk analysis

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

ISC Certified Secure Software Lifecycle Professional Practice Test (CSSLP) Free Practice Test