Download Certified Secure Software Lifecycle Professional.PracticeTest.CSSLP.2018-05-29.1e.209q.vcex

Download Dump

File Info

Exam Certified Secure Software Lifecycle Professional
Number CSSLP
File Name Certified Secure Software Lifecycle Professional.PracticeTest.CSSLP.2018-05-29.1e.209q.vcex
Size 1.43 Mb
Posted May 29, 2018

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%

Demo Questions

Question 1
The NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Standards" specifies potential advantages and disdvantages of virtualization. Which of the following disadvantages does it include? Each correct answer represents a complete solution. Choose all that apply.

  • A: It increases capabilities for fault tolerant computing using rollback and snapshot features.
  • B: It increases intrusion detection through introspection.
  • C: It initiates the risk that malicious software is targeting the VM environment.
  • D: It increases overall security risk shared resources.
  • E: It creates the possibility that remote attestation may not work.
  • F: It involves new protection mechanisms for preventing VM escape, VM detection, and VM-VM interference.
  • G: It increases configuration effort because of complexity and composite system.

Question 2
Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

  • A: Physical
  • B: Technical
  • C: Administrative
  • D: Automatic

Question 3
What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.

  • A: Initiate IA implementation plan
  • B: Develop DIACAP strategy
  • C: Assign IA controls.
  • D: Assemble DIACAP team
  • E: Register system with DoD Component IA Program.
  • F: Conduct validation activity.

Question 4
Which of the following attacks causes software to fail and prevents the intended users from accessing software?

  • A: Enabling attack
  • B: Reconnaissance attack
  • C: Sabotage attack
  • D: Disclosure attack

Question 5
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. 
Which of the following FITSAF levels shows that the procedures and controls have been implemented?

  • A: Level 2
  • B: Level 3
  • C: Level 5
  • D: Level 1
  • E: Level 4

Question 6
Which of the following is a name, symbol, or slogan with which a product is identified?

  • A: Trademark
  • B: Copyright
  • C: Trade secret
  • D: Patent

Question 7
Della work as a project manager for BlueWell Inc. A threat with a dollar value of $250,000 is expected to happen in her project and the frequency of threat occurrence per year is 0.01. What will be the annualized loss expectancy in her project?

  • A: $2,000
  • B: $2,500
  • C: $3,510
  • D: $3,500

Question 8
Which of the following coding practices are helpful in simplifying code? Each correct answer represents a complete solution. Choose all that apply.

  • A: Programmers should use multiple small and simple functions rather than a single complex function.
  • B: Software should avoid ambiguities and hidden assumptions, recursions, and GoTo statements.
  • C: Programmers should implement high-consequence functions in minimum required lines of code and follow proper coding standards.
  • D: Processes should have multiple entry and exit points.

Question 9
Which of the following methods does the Java Servlet Specification v2.4 define in the HttpServletRequest interface that control programmatic security? Each correct answer represents a complete solution. Choose all that apply.

  • A: getCallerIdentity()
  • B: isUserInRole()
  • C: getUserPrincipal()
  • D: getRemoteUser()

Question 10
You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks. Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?

  • A: A qualitative risk analysis encourages biased data to reveal risk tolerances.
  • B: A qualitative risk analysis required unbiased stakeholders with biased risk tolerances.
  • C: A qualitative risk analysis requires accurate and unbiased data if it is to be credible.
  • D: A qualitative risk analysis requires fast and simple data to complete the analysis.



You can buy ProfExam with a 20% discount..

Get Now!


Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen


Use VCE Exam Simulator to open VCE files