Cisco®
Oracle
CompTIA
Checkpoint
Citrix®
HP
Dell
EC-Council
Fortinet
Huawei
Microsoft
VMware
Avaya
SAP
CIPS
Google
All Vendors
  2. Home
  3. Exams
  4. ISC
  5. CSSLP

Free CSSLP Exam Braindumps

Pass your CSSLP Certified Secure Software Lifecycle Professional exam with these free Questions and Answers

Page 2 of 88
PDF with 349 Questions

Which of the following roles is also known as the accreditor?

  1. Data owner
  2. Chief Risk Officer
  3. Chief Information Officer
  4. Designated Approving Authority

Answer(s): D

Explanation:

Designated Approving Authority (DAA) is also known as the accreditor. Answer A is incorrect. The data owner (information owner) is usually a member of management, in charge of a specific business unit, and is ultimately responsible for the protection and use of a specific subset of information. Answer B is incorrect. A Chief Risk Officer (CRO) is also known as Chief Risk Management Officer (CRMO). The Chief Risk Officer or Chief Risk Management Officer of a corporation is the executive accountable for enabling the efficient and effective governance of significant risks, and related opportunities, to a business and its various segments. Risks are commonly categorized as strategic, reputational, operational, financial, or compliance-related. CRO's are accountable to the Executive Committee and The Board for enabling the business to balance risk and reward. In more complex organizations, they are generally responsible for coordinating the organization's Enterprise Risk Management (ERM) approach. Answer C is incorrect. The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals. The CIO plays the role of a leader and reports to the chief executive officer, chief operations officer, or chief financial officer. In military organizations, they report to the commanding officer.



DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability?

  1. MAC III
  2. MAC IV
  3. MAC I
  4. MAC II

Answer(s): D

Explanation:

The various MAC levels are as follows: MAC I: It states that the systems have high availability and high integrity. MAC II: It states that the systems have high integrity and medium availability. MAC III: It states that the systems have basic integrity and availability.



Microsoft software security expert Michael Howard defines some heuristics for determining code review in "A Process for Performing Security Code Reviews". Which of the following heuristics increase the application's attack surface? Each correct answer represents a complete solution. Choose all that apply.

  1. Code written in C/C++/assembly language
  2. Code listening on a globally accessible network interface
  3. Code that changes frequently
  4. Anonymously accessible code
  5. Code that runs by default
  6. Code that runs in elevated context

Answer(s): B,D,E,F

Explanation:

Microsoft software security expert Michael Howard defines the following heuristics for determining code review in "A Process for Performing Security Code Reviews": Old code: Newer code provides better understanding of software security and has lesser number of vulnerabilities. Older code must be checked deeply. Code that runs by default: It must have high quality, and must be checked deeply than code that does not execute by default. Code that runs by default increases the application's attack surface.
Code that runs in elevated context: It must have higher quality. Code that runs in elevated privileges must be checked deeply and increases the application's attack surface. Anonymously accessible code: It must be checked deeply than code that only authorized users and administrators can access, and it increases the application's attack surface. Code listening on a globally accessible network interface: It must be checked deeply for security vulnerabilities and increases the application's attack surface. Code written in C/C++/assembly language: It is prone to security vulnerabilities, for example, buffer overruns. Code with a history of security vulnerabilities: It includes additional vulnerabilities except concerted efforts that are required for removing them. Code that handles sensitive data: It must be checked deeply to ensure that data is protected from unintentional disclosure. Complex code: It includes undiscovered errors because it is more difficult to analyze complex code manually and programmatically. Code that changes frequently: It has more security vulnerabilities than code that does not change frequently.



Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?

  1. Authentication
  2. Integrity
  3. Non-repudiation
  4. Confidentiality

Answer(s): D

Explanation:

The confidentiality service of a cryptographic system ensures that information will not be disclosed to any unauthorized person on a local network.






Post your Comments and Discuss ISC CSSLP exam with other Community members:

Faritha 8/10/2023 6:06:42 PM
Question no.7 the right answer is configure logical access controls for resources and protect account credentials
UNITED STATES
upvote

Faritha 8/10/2023 6:00:17 PM
For Question 4, the righr answer is :Recover automatically from failures
UNITED STATES
upvote

Dan 8/10/2023 4:19:27 PM
question 129 is completely wrong.
UNITED STATES
upvote

Future practitioner 8/10/2023 1:26:41 PM
Question 4 answer is C. This site shows the correct answer as B. "Adopt a consumption model" is clearly a Cost Optimization design principle. Looks like I'm done using this site to study!!!
Anonymous
upvote

TestPD1 8/10/2023 12:22:37 PM
Question 18 : Response isn't A ?
EUROPEAN UNION
upvote

TestPD1 8/10/2023 12:19:03 PM
Question 17 : Responses aren't B and C ?
EUROPEAN UNION
upvote

Buddihas 8/10/2023 11:45:53 AM
Useful stuff
CANADA
upvote

Anonymous 8/10/2023 11:42:31 AM
Very useful to get preparation
CANADA
upvote

peter parker 8/10/2023 10:59:31 AM
The exam is listed as 80 questions with a pass mark of 70%, how is your 50 questions related?
Anonymous
upvote

Parvez 8/10/2023 9:24:06 AM
pd1 with great experience
Anonymous
upvote

fol 8/10/2023 8:16:49 AM
For Snowflake SnowPro Core the solutions are here are wrong, e.g. question 22. Do not trust the solutions!
GERMANY
upvote

anonymous 8/10/2023 2:28:17 AM
Hi please upload this
Anonymous
upvote

Ahmed 8/9/2023 6:57:36 PM
Please upload the dumps again
Anonymous
upvote

Ahmed 8/9/2023 6:25:52 PM
Please upload the dump
Anonymous
upvote

abdo casa 8/9/2023 6:10:27 PM
THANK U IT VERY INSTRUCTUF
Anonymous
upvote

Manirajss 8/9/2023 1:09:03 PM
nice questions
Anonymous
upvote

aaic 8/9/2023 12:06:07 PM
upload C_SAC_2302 dumps
UNITED STATES
upvote

Na 8/9/2023 8:39:27 AM
Could you please upload CFE Fraud Prevention and Deterrence questions? It will be very much helpful.
Anonymous
upvote

Na 8/9/2023 8:34:57 AM
Can you kindly upload the Fraud Prevention and Deterrence Exam
Anonymous
upvote

Wole 8/9/2023 5:36:25 AM
Relevant questions
UNITED KINGDOM
upvote

Harjinder Singh 8/9/2023 4:16:56 AM
Its very helpful
HONG KONG
upvote

Gopinadh 8/9/2023 4:05:56 AM
question number 2 is indicating you are giving proper questions. observe and change properly.
Anonymous
upvote

Akash 8/9/2023 3:44:03 AM
Help to Practice CSA Exam
UNITED STATES
upvote

Rabani 8/9/2023 12:06:22 AM
Good explanation
Anonymous
upvote

Rahul 8/8/2023 9:40:29 PM
I need the pdf, please.
CANADA
upvote

Kiky V 8/8/2023 6:32:21 PM
I am really liking it
Anonymous
upvote

Sonbir 8/8/2023 1:04:32 PM
How to get system serial number using intune
Anonymous
upvote

JVCP 8/8/2023 12:02:15 PM
some of these posted answers are wrong....Question 4 answer is C, not D
UNITED STATES
upvote

John 8/8/2023 11:43:30 AM
excellent data available in braindumps
Anonymous
upvote

Ranjith 8/8/2023 11:19:45 AM
For question#37, answer is Option #3. Please update. Thanks for such nice practice questions.
UNITED STATES
upvote

Wing 8/8/2023 9:40:06 AM
HI, could you share the Fortinet NSE6_WCS-6.4 or 7.0 dump exam pdf ? Thanks
Anonymous
upvote

USUARIO 8/8/2023 9:07:29 AM
BEM INTERESSANTES
Anonymous
upvote

xander 8/8/2023 1:12:19 AM
very helpful for exam preparation
PHILIPPINES
upvote

ll 8/7/2023 8:33:14 PM
studying for exam
KOREA REPUBLIC OF
upvote