CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 14)

Page 14 of 88
PDF with 357 Questions

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.

  1. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  2. Accreditation is a comprehensive assessment of the management, operational, and technical security controls in an information system.
  3. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system.
  4. Certification is the official management decision given by a senior agency official to authorize operation of an information system.

Answer(s): A,C

Explanation:

Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.



The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

  1. Negotiation
  2. Registration
  3. Document mission need
  4. Initial Certification Analysis

Answer(s): A,B,C

Explanation:

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. The Phase 1 starts with the input of the mission need. This phase comprises three process activities: Document mission need Registration Negotiation Answer D is incorrect. Initial Certification Analysis is a Phase 2 activity.



Which of the following NIST Special Publication documents provides a guideline on network security testing?

  1. NIST SP 800-42
  2. NIST SP 800-53A
  3. NIST SP 800-60
  4. NIST SP 800-53
  5. NIST SP 800-37
  6. NIST SP 800-59

Answer(s): A

Explanation:

NIST SP 800-42 provides a guideline on network security testing.
Answers E, D, B, F, and C are incorrect. NIST has developed a suite of documents for conducting Certification & Accreditation (C&A). These documents are as follows: NIST Special Publication 800-37: This document is a guide for the security certification and accreditation of Federal Information Systems. NIST Special Publication 800-53: This document provides a guideline for security controls for Federal Information Systems. NIST Special Publication 800-53A. This document consists of techniques and procedures for verifying the effectiveness of security controls in Federal Information System. NIST Special Publication 800-59: This document is a guideline for identifying an information system as a National Security System. NIST Special Publication 800-60: This document is a guide for mapping types of information and information systems to security objectives and risk levels.



Which of the following tools is used to attack the Digital Watermarking?

  1. Steg-Only Attack
  2. Active Attacks
  3. 2Mosaic
  4. Gifshuffle

Answer(s): C

Explanation:

2Mosaic is a tool used for watermark breaking. It is an attack against a digital watermarking system. In this type of attack, an image is chopped into small pieces and then placed together. When this image is embedded into a web page, the web browser renders the small pieces into one image. This image looks like a real image with no watermark in it. This attack is successful, as it is impossible to read watermark in very small pieces. Answer D is incorrect. Gifshuffle is used to hide message or information inside GIF images. It is done by shuffling the colormap. This tool also provides compression and encryption.
Answers B and A are incorrect. Active Attacks and Steg-Only Attacks are used to attack Steganography.



Page 14 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

Teji commented on October 26, 2024
Good Practice Questions before appearing to exams
Anonymous
upvote

Preston commented on October 26, 2024
Hope everyone is having a wonderful day. I am because I just passed my exam. Sharing my insight... this exam dump has lots of questions from the real exam. But the exam is not easy. So I need to say that you must study hard to pass.
UNITED STATES
upvote

Alex Z commented on October 26, 2024
Great insight.
UNITED STATES
upvote

Rajesh Kumar M - commented on October 26, 2024
For the question 6- the continual improvement , the organization shall continually improve the suitability, adequacy and effectiveness of the QMS. Not Efficiency, Refer Clause 10.3 continual improvement in ISO 9001 :2015
Anonymous
upvote

PC commented on October 26, 2024
Good content
Anonymous
upvote

Lawrence commented on October 26, 2024
Absolutely excellent
Anonymous
upvote

ABC commented on October 26, 2024
I found these dumps are useful
INDIA
upvote

Rupa commented on October 26, 2024
Getting good practice with the qs
Anonymous
upvote

vinay commented on October 25, 2024
practice test
UNITED STATES
upvote

Shree commented on October 25, 2024
recomendeds . Thanks
Anonymous
upvote

Olympia commented on October 25, 2024
The free version is good but does not have all questions. However the PDF has double the amount of questions and very helpful to pass the exam.
Canada
upvote

Scruzer commented on October 25, 2024
Cleared this exam today. Questions are still valid.
EUROPEAN UNION
upvote

Vidhi Mishra commented on October 25, 2024
Nice set of questions
Anonymous
upvote

Srivats commented on October 25, 2024
Hello, Great learning. Thank you. Looks like Question 13's answer should be D. "If you plan to use the segment again, stop the publish schedule instead" as highlighted in doc.
Anonymous
upvote

Priest-Son commented on October 24, 2024
helpful questions also in other forums
UNITED STATES
upvote

Simon commented on October 24, 2024
guys waht do you think about this dump?
Anonymous
upvote

Kay commented on October 24, 2024
There's new test updated for network+: N10-009. Hope we could have it soon.
Anonymous
upvote

John Como commented on October 24, 2024
Very helpful
UNITED STATES
upvote

saif Ali commented on October 24, 2024
for Question no 50 The answer would be using lambda vdf as this provides automation
INDIA
upvote

Baghya commented on October 24, 2024
Yeh dumps use kiye aur exam mein pass ho gaya.
INDIA
upvote

Varma commented on October 24, 2024
Thanks team and Thanks to these dumps, I’ve never felt so confident about last-minute prep!
INDIA
upvote

Darko commented on October 24, 2024
Passed! let’s just say these dumps were the secret weapon.
EUROPEAN UNION
upvote

Machoo987 commented on October 24, 2024
Studying wasn’t working, so I turned to these dumps—best decision I made since pizza for breakfast!
UNITED STATES
upvote

Zuby commented on October 24, 2024
Nice Question
UNITED STATES
upvote

Chandara commented on October 24, 2024
I passed with ease, and now I have to explain to my friends how ‘studying’ got me through. hahah
INDIA
upvote

Jack commented on October 24, 2024
Muito bom as perguntas
Anonymous
upvote

Diogo Gomes commented on October 24, 2024
As Muhammad Saleem comented, question 20 is wrong. Entities are found in the Data layer and not in the Interface layer.
UNITED STATES
upvote

Neena commented on October 24, 2024
This dump PDF gets the job done
Anonymous
upvote

test commented on October 24, 2024
good one to go through
Anonymous
upvote

Kamal commented on October 24, 2024
I’m 90% sure I owe my new certification to these dumps, and 10% to coffee. LOL Questions are valid and same in the real exam.
Netherlands
upvote

Maseh commented on October 24, 2024
Who knew cramming could be so effective? These dumps saved me from a meltdown!
EUROPEAN UNION
upvote

Drew commented on October 24, 2024
Used these dumps, nailed the exam—now I’m basically a genius (or close enough).
Australia
upvote

Shawn commented on October 24, 2024
As you must know by now the exam is extremely hard. The only way to pass is to know the questions and answers and I found these dump questions very relevant to actual exam.
Canada
upvote

Vidhi Mishra commented on October 24, 2024
Huge set of Cloud Dital leader exam
Anonymous
upvote