CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 20)

Page 20 of 88
PDF with 357 Questions

Which of the following testing methods verifies the interfaces between components against a software design?

  1. Regression testing
  2. Integration testing
  3. Black-box testing
  4. Unit testing

Answer(s): B

Explanation:

Integration testing is a software testing that seeks to verify the interfaces between components against a software design. Software components may be integrated in an iterative way or all together ("big bang"). Normally the former is considered a better practice since it allows interface issues to be localized more quickly and fixed. Integration testing works to expose defects in the interfaces and interaction between the integrated components (modules). Progressively larger groups of tested software components corresponding to elements of the architectural design are integrated and tested until the software works as a system. Answer A is incorrect. Regression testing focuses on finding defects after a major code change has occurred. Specifically, it seeks to uncover software regressions, or old bugs that have come back. Such regressions occur whenever software functionality that was previously working correctly stops working as intended. Typically, regressions occur as an unintended consequence of program changes, when the newly developed part of the software collides with the previously existing code. Answer D is incorrect. Unit testing refers to tests that verify the functionality of a specific section of code, usually at the function level. In an object-oriented environment, this is usually at the class level, and the minimal unit tests include the constructors and destructors. These types of tests are usually written by developers as they work on code (white-box style), to ensure that the specific function is working as expected. One function might have multiple tests, to catch corner cases or other branches in the code. Unit testing alone cannot verify the functionality of a piece of software, but rather is used to assure that the building blocks the software uses work independently of each other. Answer C is incorrect. The black-box testing uses external descriptions of the software, including specifications, requirements, and design to derive test cases. These tests can be functional or non-functional, though usually functional. The test designer selects valid and invalid inputs and determines the correct output. There is no knowledge of the test object's internal structure. This method of test design is applicable to all levels of software testing: unit, integration, functional testing, system and acceptance. The higher the level, and hence the bigger and more complex the box, the more one is forced to use black box testing to simplify. While this method can uncover unimplemented parts of the specification, one cannot be sure that all existent paths are tested.



Which of the following statements best describes the difference between the role of a data owner and the role of a data custodian?

  1. The custodian makes the initial information classification assignments, and the operations manager implements the scheme.
  2. The data owner implements the information classification scheme after the initial assignment by the custodian.
  3. The custodian implements the information classification scheme after the initial assignment by the operations manager.
  4. The data custodian implements the information classification scheme after the initial assignment by the data owner.

Answer(s): D

Explanation:

The data owner is responsible for ensuring that the appropriate security controls are in place, for assigning the initial classification to the data to be protected, for approving access requests from other parts of the organization, and for periodically reviewing the data classifications and access rights. Data owners are primarily responsible for determining the data's sensitivity or classification levels, whereas the data custodian has the responsibility for backup, retention, and recovery of data. The data owner delegates these responsibilities to the custodian.
Answers B, A, and C are incorrect. These are not the valid answers.



Della works as a security engineer for BlueWell Inc. She wants to establish configuration management and control procedures that will document proposed or actual changes to the information system. Which of the following phases of NIST SP 800-37 C&A methodology will define the above task?

  1. Initiation
  2. Security Certification
  3. Continuous Monitoring
  4. Security Accreditation

Answer(s): C

Explanation:

The various phases of NIST SP 800-37 C&A are as follows:
Phase 1: Initiation- This phase includes preparation, notification and resource identification. It performs the security plan analysis, update, and acceptance. Phase 2: Security Certification- The Security certification phase evaluates the controls and documentation. Phase 3: Security Accreditation- The security accreditation phase examines the residual risk for acceptability, and prepares the final security accreditation package. Phase 4: Continuous Monitoring-This phase monitors the configuration management and control, ongoing security control verification, and status reporting and documentation.



Which of the following secure coding principles and practices defines the appearance of code listing so that a code reviewer and maintainer who have not written that code can easily understand it?

  1. Make code forward and backward traceable
  2. Review code during and after coding
  3. Use a consistent coding style
  4. Keep code simple and small

Answer(s): C

Explanation:

Use a consistent coding style is one of the principles and practices that contribute to defensive coding. This principle defines the appearance of code listing so that a code reviewer and maintainer who have not written that code can easily understand it. For this purpose, all programmers of a team must follow the same guidelines. Answer D is incorrect. Keep code simple and small defines that it is easy to verify the software security when a programmer uses small and simple code base. Answer A is incorrect. Make code forward and backward traceable defines that traceability is necessary in order to validate requirements, prevent defects, and find and solve inconsistencies among all objects generated in the SDLC phases. Answer B is incorrect. Review code during and after coding defines that code must be examined in order to identify coding errors in modules.



Page 20 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

pretty commented on November 17, 2024
Helpful thanx
Anonymous
upvote

Morad commented on November 17, 2024
So many new questions in this version. Thank you for providing the updated version.
Turkey
upvote

Md. Jakir Hossain commented on November 17, 2024
pls help me given total question
BANGLADESH
upvote

Feroz commented on November 17, 2024
These questions are very similar to the exam question. Thank you for this great test dumps!
Anonymous
upvote

Mohamed commented on November 17, 2024
No Comments
Anonymous
upvote

shakila commented on November 16, 2024
how to start i m begginer
Anonymous
upvote

peter commented on November 16, 2024
I'm finding these question helpful
Anonymous
upvote

Kris commented on November 16, 2024
Nice Questions
Anonymous
upvote

Folarin commented on November 15, 2024
Nice content, hope to take my exam soonest
Anonymous
upvote

Dag Alytus commented on November 15, 2024
This is helpful
UNITED STATES
upvote

Priscilla commented on November 15, 2024
I'm waiting for more questions
Anonymous
upvote

togdheer commented on November 15, 2024
good revision resource
UNITED STATES
upvote

Mohammed commented on November 15, 2024
After checking these questions and reviewing all the answers and Explanations I realized that I would not have been able to pass the exam based on my current knowledge. This is completely changed my approach in how I am going to prepare now.
UNITED STATES
upvote

Makhmoor commented on November 15, 2024
please make it free
EUROPEAN UNION
upvote

Ardi commented on November 14, 2024
its a great platform to upskilling your knowledge about blockchain
Anonymous
upvote

Quentin commented on November 14, 2024
I noticed that some comments were related to answers not being 100% correct. But for me as long as questions are real and same as the actual exam I was okay.
Mexico
upvote

kagelelo commented on November 14, 2024
how do you pass the ged science test
Anonymous
upvote

Chris Nalla commented on November 14, 2024
Very insightful piece.
Anonymous
upvote

baba commented on November 14, 2024
want to learn
Anonymous
upvote

Anand commented on November 14, 2024
Not bad at all. It covers all the exam topics and it provides some insight to the types of questions that you are going to see in real exam.
INDIA
upvote

Godlover commented on November 14, 2024
Very up to date. I passed my exams. I studied very well though. But the past questions was exceedingly helpful too. Just practice the questions as much as you can. As for me I practiced all, and repracticed about 350 questions again before the exams day.
Anonymous
upvote

LasNumber commented on November 14, 2024
This Are Very Useful Q's and A's. on exam some Questions wont come as they are but mostly will come as the are. Study to Know
Anonymous
upvote

Yeshwanth commented on November 14, 2024
Nice Questions and helpful for exam preparation.
Anonymous
upvote

Jenil Gandhi commented on November 14, 2024
Hi everyone could sone share the certification voucher for PD2.
INDIA
upvote

Nicole commented on November 13, 2024
I am working towards my exam. Finding these prep to be very useful
CANADA
upvote

Nicole commented on November 13, 2024
Very helpful
CANADA
upvote

Bianca commented on November 13, 2024
Consistent questions
Anonymous
upvote

Larry commented on November 13, 2024
Good content
Anonymous
upvote

Dipu commented on November 13, 2024
Great Source , i feel really good questions
Anonymous
upvote

Dipu commented on November 13, 2024
Nice questions
Anonymous
upvote

Nathaniel Okeke commented on November 13, 2024
nice way to practice for the exam
Anonymous
upvote

Ashwini commented on November 13, 2024
I would appreciate for resources you can provide
INDIA
upvote

Ganiyu Ogunlana commented on November 13, 2024
Great Insight into the exams
Anonymous
upvote

Vuyo commented on November 13, 2024
Very Helpful
Anonymous
upvote