• support@dumpspool.com
SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

$35.00 Free Updates Upto 90 Days

  • CSSLP Dumps PDF
  • 349 Questions
  • Updated On April 15, 2024

PDF + Test Engine

$60.00 Free Updates Upto 90 Days

  • CSSLP Question Answers
  • 349 Questions
  • Updated On April 15, 2024

Test Engine

$50.00 Free Updates Upto 90 Days

  • CSSLP Practice Questions
  • 349 Questions
  • Updated On April 15, 2024
Check Our Free ISC2 CSSLP Online Test Engine Demo.

How to pass ISC2 CSSLP exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest ISC2 CSSLP Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know ISC2 CSSLP Dumps are Worth it?

Did we mention our latest CSSLP Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just ISC2 Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Certified Secure Software Lifecycle Professional Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Certified Secure Software Lifecycle Professional Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get CSSLP Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the CSSLP exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

ISC2 CSSLP Sample Question Answers

Question # 1

In which type of access control do user ID and password system come under? 

A. Physical 
B. Technical 
C. Power 
D. Administrative 

Question # 2

Which of the following phases of NIST SP 800-37 C&A methodology examines the residualrisk for acceptability, and prepares the final security accreditation package? 

A. Security Accreditation 
B. Initiation 
C. Continuous Monitoring 
D. Security Certification 

Question # 3

The Systems Development Life Cycle (SDLC) is the process of creating or altering thesystems; and the models and methodologies that people use to develop these systems.Which of the following are the different phases of system development life cycle? Eachcorrect answer represents a complete solution. Choose all that apply. 

A. Testing 
B. Implementation 
C. Operation/maintenance 
D. Development/acquisition 
E. Disposal 
F. Initiation 

Question # 4

Which of the following describes the acceptable amount of data loss measured in time? 

A. Recovery Point Objective (RPO) 
B. Recovery Time Objective (RTO) 
C. Recovery Consistency Objective (RCO) 
D. Recovery Time Actual (RTA) 

Question # 5

Rob is the project manager of the IDLK Project for his company. This project has a budgetof $5,600,000 and is expected to last 18 months. Rob has learned that a new law mayaffect how the project is allowed to proceed - even though the organization has alreadyinvested over $750,000 in the project. What risk response is the most appropriate for thisinstance? 

A. Transference 
B. Enhance 
C. Mitigation 
D. Acceptance

Question # 6

Which of the following terms refers to a mechanism which proves that the sender reallysent a particular message? 

A. Confidentiality 
B. Non-repudiation 
C. Authentication 
D. Integrity 

Question # 7

Which of the following are the important areas addressed by a software system's securitypolicy? Each correct answer represents a complete solution. Choose all that apply. 

A. Identification and authentication 
B. Punctuality 
C. Data protection 
D. Accountability 
E. Scalability 
F. Access control 

Question # 8

Which of the following is a patch management utility that scans one or more computers on a network and alerts a user if any important Microsoft security patches are missing andalso provides links that enable those missing patches to be downloaded and installed? 

A. MABS 
B. ASNB 
C. MBSA 
D. IDMS 

Question # 9

John works as a professional Ethical Hacker. He has been assigned the project of testingthe security of www.we-are-secure.com. He finds that the We-are-secure server isvulnerable to attacks. As a countermeasure, he suggests that the Network Administratorshould remove the IPP printing capability from the server. He is suggesting this as acountermeasure against __________. 

A. SNMP enumeration 
B. IIS buffer overflow 
C. NetBIOS NULL session 
D. DNS zone transfer

Question # 10

"Enhancing the Development Life Cycle to Produce Secure Software" summarizes thetools and practices that are helpful in producing secure software. What are these tools andpractices? Each correct answer represents a complete solution. Choose three. 

A. Leverage attack patterns 
B. Compiler security checking and enforcement 
C. Tools to detect memory violations 
D. Safe software libraries E. Code for reuse and maintainability 

Question # 11

Information Security management is a process of defining the security controls in order toprotect information assets. The first action of a management program to implementinformation security is to have a security program in place. What are the objectives of asecurity program? Each correct answer represents a complete solution. Choose all thatapply. 

A. Security education 
B. Security organization 
C. System classification 
D. Information classification 

Question # 12

Which of the following are the types of intellectual property? Each correct answerrepresents a complete solution. Choose all that apply. 

A. Patent 
B. Copyright 
C. Standard 
D. Trademark

Question # 13

Which of the following approaches can be used to build a security program? Each correctanswer represents a complete solution. Choose all that apply. 

A. Right-Up Approach 
B. Left-Up Approach 
C. Top-Down Approach 
D. Bottom-Up Approach 

Question # 14

Fill in the blank with an appropriate phrase The is a formal state transition system ofcomputer security policy that describes a set of access control rules designed to ensuredata integrity. 

A. Biba model 

Question # 15

A security policy is an overall general statement produced by senior management thatdictates what role security plays within the organization. What are the different types ofpolicies? Each correct answer represents a complete solution. Choose all that apply. 

A. Advisory
B. Systematic 
C. Informative 
D. Regulatory 

Question # 16

Single Loss Expectancy (SLE) represents an organization's loss from a single threat.Which of the following formulas best describes the Single Loss Expectancy (SLE)? 

A. SLE = Asset Value (AV) * Exposure Factor (EF) 
B. SLE = Annualized Loss Expectancy (ALE) * Annualized Rate of Occurrence (ARO) 
C. SLE = Annualized Loss Expectancy (ALE) * Exposure Factor (EF) 
D. SLE = Asset Value (AV) * Annualized Rate of Occurrence (ARO) 

Question # 17

Security is a state of well-being of information and infrastructures in which the possibilitiesof successful yet undetected theft, tampering, and/or disruption of information and servicesare kept low or tolerable. Which of the following are the elements of security? Each correctanswer represents a complete solution. Choose all that apply. 

A. Integrity 
B. Authenticity 
C. Confidentiality 
D. Availability 

Question # 18

Which of the following steps of the LeGrand Vulnerability-Oriented Risk Managementmethod determines the necessary compliance offered by risk management practices andassessment of risk levels? 

A. Assessment, monitoring, and assurance 
B. Vulnerability management 
C. Risk assessment 
D. Adherence to security standards and policies for development and deployment 

Question # 19

Which of the following steps of the LeGrand Vulnerability-Oriented Risk Managementmethod determines the necessary compliance offered by risk management practices andassessment of risk levels? 

A. Assessment, monitoring, and assurance 
B. Vulnerability management 
C. Risk assessment 
D. Adherence to security standards and policies for development and deployment 

Question # 20

Security controls are safeguards or countermeasures to avoid, counteract, or minimizesecurity risks. Which of the following are types of security controls? Each correct answerrepresents a complete solution. Choose all that apply. 

A. Common controls 
B. Hybrid controls 
C. Storage controls 
D. System-specific controls 

Question # 21

In which of the following levels of exception safety are operations succeeded with fullguarantee and fulfill all needs in the presence of exceptional situations? 

A. Commit or rollback semantics 
B. Minimal exception safety 
C. Failure transparency 
D. Basic exception safety 

Question # 22

Which of the following security related areas are used to protect the confidentiality,integrity, and availability of federal information systems and information processed by thosesystems? 

A. Personnel security 
B. Access control 
C. Configuration management 
D. Media protection 
E. Risk assessment 

Question # 23

What are the various benefits of a software interface according to the "Enhancing theDevelopment Life Cycle to Produce Secure Software" document? Each correct answerrepresents a complete solution. Choose three. 

A. It modifies the implementation of a component without affecting the specifications of theinterface. 
B. It controls the accessing of a component. 
C. It displays the implementation details of a component. 
D. It provides a programmatic way of communication between the components that areworking with different programming languages. 

Question # 24

Fill in the blank with an appropriate security type. applies the internal security policies of thesoftware applications when they are deployed. 

A. Programmatic security 

Question # 25

Fill in the blank with an appropriate security type. applies the internal security policies of thesoftware applications when they are deployed. 

A. Programmatic security 

Question # 26

Audit trail or audit log is a chronological sequence of audit records, each of which containsevidence directly pertaining to and resulting from the execution of a business process orsystem function. Under which of the following controls does audit control come? 

A. Reactive controls 
B. Detective controls 
C. Protective controls 
D. Preventive controls 

Question # 27

Which of the following concepts represent the three fundamental principles of informationsecurity? Each correct answer represents a complete solution. Choose three. 

A. Privacy 
B. Availability 
C. Integrity 
D. Confidentiality 

Question # 28

Which of the following DoD policies establishes policies and assigns responsibilities toachieve DoD IA through a defense-in-depth approach that integrates the capabilities ofpersonnel, operations, and technology, and supports the evolution to network-centricwarfare? 

A. DoDI 5200.40 
B. DoD 8500.1 Information Assurance (IA) 
C. DoD 8510.1-M DITSCAP 
D. DoD 8500.2 Information Assurance Implementation 

Question # 29

Shoulder surfing is a type of in-person attack in which the attacker gathers informationabout the premises of an organization. This attack is often performed by lookingsurreptitiously at the keyboard of an employee's computer while he is typing in hispassword at any access point such as a terminal/Web site. Which of the following isviolated in a shoulder surfing attack? 

A. Integrity 
B. Availability 
C. Confidentiality 
D. Authenticity 

Question # 30

You work as a Security Manager for Tech Perfect Inc. You want to save all the data fromthe SQL injection attack, which can read sensitive data from the database and modifydatabase data using some commands, such as Insert, Update, and Delete. Which of thefollowing tasks will you perform? Each correct answer represents a complete solution.Choose three. 

A. Apply maximum number of database permissions. 
B. Use an encapsulated library for accessing databases. 
C. Create parameterized stored procedures. 
D. Create parameterized queries by using bound and typed parameters. 

Question # 31

A part of a project deals with the hardware work. As a project manager, you have decidedto hire a company to deal with all hardware work on the project. Which type of riskresponse is this? 

A. Exploit 
B. Mitigation 
C. Transference 
D. Avoidance 

Question # 32

Which of the following statements about the integrity concept of information securitymanagement are true? Each correct answer represents a complete solution. Choose three.

A. It ensures that unauthorized modifications are not made to data by authorized personnelor processes. 
B. It determines the actions and behaviors of a single individual within a system 
C. It ensures that internal information is consistent among all subentities and alsoconsistent with the real-world, external situation. 
D. It ensures that modifications are not made to data by unauthorized personnel orprocesses. 

Question # 33

You work as a security manager for BlueWell Inc. You are performing the externalvulnerability testing, or penetration testing to get a better snapshot of your organization'ssecurity posture. Which of the following penetration testing techniques will you use forsearching paper disposal areas for unshredded or otherwise improperly disposed-ofreports? 

A. Sniffing 
B. Scanning and probing 
C. Dumpster diving 
D. Demon dialing 

Question # 34

Which of the following models manages the software development process if thedevelopers are limited to go back only one stage to rework? 

A. Waterfall model 
B. Spiral model 
C. RAD model 
D. Prototyping model 

Question # 35

Which of the following is NOT a responsibility of a data owner? 

A. Approving access requests 
B. Ensuring that the necessary security controls are in place 
C. Delegating responsibility of the day-to-day maintenance of the data protectionmechanisms to the data custodian 
D. Maintaining and protecting data 

Question # 36

Mark works as a Network Administrator for NetTech Inc. He wants users to access onlythose resources that are required for them. Which of the following access control modelswill he use? 

A. Discretionary Access Control 
B. Mandatory Access Control 
C. Policy Access Control 
D. Role-Based Access Control 

Question # 37

Which of the following refers to the ability to ensure that the data is not modified ortampered with? 

A. Integrity 
B. Availability 
C. Non-repudiation 
D. Confidentiality 

Question # 38

Which of the following are Service Level Agreement (SLA) structures as defined by ITIL?Each correct answer represents a complete solution. Choose all that apply. 

A. Component Based 
B. Service Based 
C. Segment Based 
D. Customer Based 
E. Multi-Level 

Question # 39

Which of the following test methods has the objective to test the IT system from theviewpoint of a threat-source and to identify potential failures in the IT system protectionschemes? 

A. Security Test and Evaluation (ST&E) 
B. Penetration testing 
C. Automated vulnerability scanning tool 
D. On-site interviews 

Question # 40

Elizabeth is a project manager for her organization and she finds risk management to bevery difficult for her to manage. She asks you, a lead project manager, at what stage in theproject will risk management become easier. What answer best resolves the difficulty ofrisk management practices and the effort required? 

A. Risk management only becomes easier when the project moves into project execution. 
B. Risk management only becomes easier when the project is closed. 
C. Risk management is an iterative process and never becomes easier. 
D. Risk management only becomes easier the more often it is practiced. 

Question # 41

A service provider guarantees for end-to-end network traffic performance to a customer.Which of the following types of agreement is this? 

A. SLA 
B. VPN 
C. NDA 
D. LA 

Question # 42

You work as a system engineer for BlueWell Inc. You want to verify that the build meets itsdata requirements, and correctly generates each expected display and report. Which of thefollowing tests will help you to perform the above task? 

A. Performance test 
B. Functional test 
C. Reliability test 
D. Regression test 

Question # 43

Which of the following characteristics are described by the DIAP Information ReadinessAssessment function? Each correct answer represents a complete solution. Choose all thatapply. 

A. It provides for entry and storage of individual system data. 
B. It performs vulnerability/threat analysis assessment. 
C. It provides data needed to accurately assess IA readiness. 
D. It identifies and generates IA requirements. 

Question # 44

You are the project manager for a construction project. The project involves casting of acolumn in a very narrow space. Because of lack of space, casting it is highly dangerous.High technical skill will be required for casting that column. You decide to hire a local expertteam for casting that column. Which of the following types of risk response are youfollowing? 

A. Avoidance 
B. Acceptance 
C. Mitigation 
D. Transference 

Question # 45

Samantha works as an Ethical Hacker for we-are-secure Inc. She wants to test the securityof the we-are-secure server for DoS attacks. She sends large number of ICMP ECHOpackets to the target computer. Which of the following DoS attacking techniques will sheuse to accomplish the task? 

A. Smurf dos attack 
B. Land attack 
C. Ping flood attack 
D. Teardrop attack 

Question # 46

You work as a Network Administrator for uCertify Inc. You need to secure web services ofyour company in order to have secure transactions. Which of the following will yourecommend for providing security? 

A. SSL 
B. VPN 
C. S/MIME 
D. HTTP 

Question # 47

You work as a Network Administrator for uCertify Inc. You need to secure web services ofyour company in order to have secure transactions. Which of the following will yourecommend for providing security? 

A. SSL 
B. VPN 
C. S/MIME 
D. HTTP 

Question # 48

You work as the Senior Project manager in Dotcoiss Inc. Your company has started asoftware project using configuration management and has completed 70% of it. You needto ensure that the network infrastructure devices and networking standards used in thisproject are installed in accordance with the requirements of its detailed project designdocumentation. Which of the following procedures will you employ to accomplish the task? 

A. Configuration identification 
B. Configuration control 
C. Functional configuration audit .
D. Physical configuration audit 

Question # 49

What NIACAP certification levels are recommended by the certifier? Each correct answerrepresents a complete solution. Choose all that apply. 

A. Comprehensive Analysis 
B. Maximum Analysis
C. Detailed Analysis 
D. Minimum Analysis 
E. Basic Security Review 
F. Basic System Review 

Question # 50

The mission and business process level is the Tier 2. What are the various Tier 2activities? Each correct answer represents a complete solution. Choose all that apply. 

A. Developing an organization-wide information protection strategy and incorporating highlevel information security requirements 
B. Defining the types of information that the organization needs, to successfully executethe stated missions and business processes 
C. Specifying the degree of autonomy for the subordinate organizations 
D. Defining the core missions and business processes for the organization 
E. Prioritizing missions and business processes with respect to the goals and objectives ofthe organization 

Question # 51

Which of the following are the basic characteristics of declarative security? Each correctanswer represents a complete solution. Choose all that apply. 

A. It is a container-managed security. 
B. It has a runtime environment. 
C. All security constraints are stated in the configuration files. 
D. The security policies are applied at the deployment time. 

Question # 52

You are the project manager of the GHY project for your organization. You are about tostart the qualitative risk analysis process for the project and you need to determine theroles and responsibilities for conducting risk management. Where can you find thisinformation? 

A. Risk register 
B. Staffing management plan
C. Risk management plan 
D. Enterprise environmental factors 

Question # 53

Which of the following acts is used to recognize the importance of information security tothe economic and national security interests of the United States? 

A. Computer Misuse Act 
B. Lanham Act 
C. Computer Fraud and Abuse Act 
D. FISMA 

Question # 54

You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You have a disasterscenario and you want to discuss it with your team members for getting appropriateresponses of the disaster. In which of the following disaster recovery tests can this task beperformed? 

A. Structured walk-through test 
B. Full-interruption test 
C. Parallel test 
D. Simulation test .

Question # 55

What are the differences between managed and unmanaged code technologies? Eachcorrect answer represents a complete solution. Choose two. 

A. Managed code is referred to as Hex code, whereas unmanaged code is referred to asbyte code. 
B. C and C++ are the examples of managed code, whereas Java EE and Microsoft.NETare the examples of unmanaged code. 
C. Managed code executes under management of a runtime environment, whereasunmanaged code is executed by the CPU of a computer system. 
D. Managed code is compiled into an intermediate code format, whereas unmanaged codeis compiled into machine code. 

Question # 56

Which of the following fields of management focuses on establishing and maintainingconsistency of a system's or product's performance and its functional and physicalattributes with its requirements, design, and operational information throughout its life? 

A. Configuration management 
B. Risk management 
C. Change management 
D. Procurement management 

Question # 57

You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform thefollowing tasks: Develop a risk-driven enterprise information security architecture. Deliversecurity infrastructure solutions that support critical business initiatives. Which of thefollowing methods will you use to accomplish these tasks? 

A. Service-oriented modeling and architecture 
B. Service-oriented modeling framework 
C. Sherwood Applied Business Security Architecture 
D. Service-oriented architecture 

Question # 58

Maria has been recently appointed as a Network Administrator in Gentech Inc. She hasbeen tasked to perform network security testing to find out the vulnerabilities andshortcomings of the present network infrastructure. Which of the following testingapproaches will she apply to accomplish this task? 

A. Gray-box testing 
B. White-box testing 
C. Black-box testing 
D. Unit testing 

Question # 59

In digital rights management, the level of robustness depends on the various types of toolsand attacks to which they must be resistant or immune. Which of the following types oftools are expensive, require skill, and are not easily available? 

A. Hand tools 
B. Widely available tools 
C. Specialized tools 
D. Professional tools 

Question # 60

Certification and Accreditation (C&A or CnA) is a process for implementing informationsecurity. Which of the following is the correct order of C&A phases in a DITSCAPassessment? 

A. Verification, Definition, Validation, and Post Accreditation 
B. Definition, Validation, Verification, and Post Accreditation 
C. Definition, Verification, Validation, and Post Accreditation 
D. Verification, Validation, Definition, and Post Accreditation 

Question # 61

Which of the following are the responsibilities of a custodian with regard to data in aninformation classification program? Each correct answer represents a complete solution.Choose three. 

A. Performing data restoration from the backups when necessary 
B. Running regular backups and routinely testing the validity of the backup data 
C. Determining what level of classification the information requires 
D. Controlling access, adding and removing privileges for individual users 

Question # 62

Which of the following DoD directives defines DITSCAP as the standard C&A process forthe Department of Defense? 

A. DoD 8910.1 
B. DoD 5200.22-M 
C. DoD 8000.1 
D. DoD 5200.40

Question # 63

You work as an analyst for Tech Perfect Inc. You want to prevent information flow that maycause a conflict of interest in your organization representing competing clients. Which ofthe following security models will you use? 

A. Bell-LaPadula model
B. Chinese Wall model 
C. Clark-Wilson model 
D. Biba model 

Question # 64

Henry is the project manager of the QBG Project for his company. This project has abudget of $4,576,900 and is expected to last 18 months to complete. The CIO, astakeholder in the project, has introduced a scope change request for additionaldeliverables as part of the project work. What component of the change control systemwould review the proposed changes' impact on the features and functions of the project'sproduct? 

A. Configuration management system 
B. Scope change control system 
C. Cost change control system 
D. Integrated change control 

Question # 65

Which of the following describes a residual risk as the risk remaining after a risk mitigationhas occurred?

A. DIACAP 
B. SSAA 
C. DAA 
D. ISSO 

Question # 66

Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code ofEthics'? Each correct answer represents a complete solution. Choose all that apply. 

A. Act honorably, honestly, justly, responsibly, and legally. 
B. Give guidance for resolving good versus good and bad versus bad dilemmas. 
C. Provide diligent and competent service to principals. 
D. Protect society, the commonwealth, and the infrastructure. 

Question # 67

In which of the following SDLC phases is the system's security features configured andenabled, the system is tested and installed or fielded, and the system is authorized forprocessing? 

A. Development/Acquisition Phase 
B. Operation/Maintenance Phase 
C. Implementation Phase 
D. Initiation Phase

Question # 68

According to the NIST SAMATE, dynamic analysis tools operate by generating runtimevulnerability scenario using some functions. Which of the following are functions that areused by the dynamic analysis tools and are summarized in the NIST SAMATE? Eachcorrect answer represents a complete solution. Choose all that apply. 

A. Implementation attack 
B. Source code security 
C. File corruption 
D. Network fault injection 

Question # 69

Which of the following documents is defined as a source document, which is most usefulfor the ISSE when classifying the needed security functionality? 

A. Information Protection Policy (IPP) 
B. IMM 
C. System Security Context 
D. CONOPS 

Question # 70

Which of the following processes does the decomposition and definition sequence of theVee model include? Each correct answer represents a part of the solution. Choose all thatapply. 

A. Component integration and test 
B. System security analysis 
C. Security requirements allocation 
D. High level software design