CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 11)

Page 11 of 88
PDF with 357 Questions

Which of the following methods does the Java Servlet Specification v2.4 define in the HttpServletRequest interface that control programmatic security? Each correct answer represents a complete solution. Choose all that apply.

  1. getCallerIdentity()
  2. isUserInRole()
  3. getUserPrincipal()
  4. getRemoteUser()

Answer(s): B,C,D

Explanation:

The various methods of the HttpServletRequest interface are as follows: getRemoteUser(): It returns the user name that is used for the client authentication. The value of the getRemoteUser() method returns null if no user is authenticated. isUserInRole(): It determines whether the remote user is granted a specified user role. The value of the isUserInRole() method returns true if the remote user is granted the specified user role; otherwise it returns false. getUserPrincipal(): It determines the principle name of the current user and returns the javA.security.Principal object. The javA.security.Principal object contains the remote user name. The value of the getUserPrincipal() method returns null if no user is authenticated. Answer A is incorrect. It is not defined in the
HttpServletRequest interface. The getCallerIdentity() method is used to obtain the javA.security.Identity of the caller.



You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks. Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?

  1. A qualitative risk analysis encourages biased data to reveal risk tolerances.
  2. A qualitative risk analysis required unbiased stakeholders with biased risk tolerances.
  3. A qualitative risk analysis requires accurate and unbiased data if it is to be credible.
  4. A qualitative risk analysis requires fast and simple data to complete the analysis.

Answer(s): C

Explanation:

Of all the choices only this answer is accurate. The PMBOK clearly states that the data must be accurate and unbiased to be credible. Answer D is incorrect. This is not a valid statement about the qualitative risk analysis data. Answer A is incorrect. This is not a valid statement about the qualitative risk analysis data. Answer B is incorrect. This is not a valid statement about the qualitative risk analysis data.



FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals?

  1. Moderate
  2. Low
  3. Medium
  4. High

Answer(s): B

Explanation:

The potential impact is called low if the loss of confidentiality, integrity, or availability is expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. Answer C is incorrect. Such a type of potential impact level does not exist Answer A is incorrect. The potential impact is known to be moderate if the loss of confidentiality, integrity, or availability is expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. Answer D is incorrect. The potential impact is called high if the loss of confidentiality, integrity, or availability is expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.



You work as the senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management you are decomposing the verification system into identifiable, understandable, manageable, traceable units that are known as Configuration Items (CIs). According to you, which of the following processes is known as the decomposition process of a verification system into Configuration Items?

  1. Configuration status accounting
  2. Configuration identification
  3. Configuration auditing
  4. Configuration control

Answer(s): B

Explanation:

Configuration identification is known as the decomposition process of a verification system into Configuration Items. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed. Answer D is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes. Configuration control is a means of ensuring that system changes are approved before being implemented. Only the proposed and approved changes are implemented, and the implementation is complete and accurate. Answer A is incorrect. The configuration status accounting procedure is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time. It supports the functional and physical attributes of software at various points in time, and performs systematic control of accounting to the identified attributes for the purpose of maintaining software integrity and traceability throughout the software development life cycle. Answer C is incorrect. Configuration auditing is the quality assurance element of configuration management. It is occupied in the process of periodic checks to establish the consistency and completeness of accounting information and to validate that all configuration management policies are being followed. Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation.



Page 11 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

Murtaza Ghafoor commented on September 13, 2024
How much is the cost to purchaser the dumps
PAKISTAN
upvote

Terry commented on September 13, 2024
I got a discount code for the full version. The code is: 50%OFF It only works when you buy 2 exams or more. Basically, it is like a buy one get one free.
EUROPEAN UNION
upvote

anonymous commented on September 13, 2024
awesome questions, full ocvereage
Anonymous
upvote

Manohar commented on September 13, 2024
These questions are all up to date. I saw them in my exam.
EUROPEAN UNION
upvote