CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 21)

Page 21 of 88
PDF with 357 Questions

Which of the following software review processes increases the software security by removing the common vulnerabilities, such as format string exploits, race conditions, memory leaks, and buffer overflows?

  1. Management review
  2. Code review
  3. Peer review
  4. Software audit review

Answer(s): B

Explanation:

A code review is a systematic examination of computer source code, which searches and resolves issues occurred in the initial development phase. It increases the software security by removing common vulnerabilities, such as format string exploits, race conditions, memory leaks, and buffer overflows. A code review is performed in the following forms: Pair programming Informal walkthrough Formal inspection Answer C is incorrect. A peer review is an examination process in which author and one or more colleagues examine a work product, such as document, code, etc., and evaluate technical content and quality. According to the Capability Maturity Model, peer review offers a systematic engineering practice in order to detect and resolve issues occurring in the software artifacts, and stops the leakage into field operations. Answer A is incorrect. Management review is a management study into a project's status and allocation of resources. Answer D is incorrect. In software audit review one or more auditors, who are not members of the software development organization, perform an independent examination of a software product, software process, or a set of software processes for assessing compliance with specifications, standards, contractual agreements, or other specifications.



Which of the following governance bodies directs and coordinates implementations of the information security program?

  1. Chief Information Security Officer
  2. Information Security Steering Committee
  3. Business Unit Manager
  4. Senior Management

Answer(s): A

Explanation:

Chief Information Security Officer directs and coordinates implementations of the information security program. The governance roles and responsibilities are mentioned below in the table:



In which of the following alternative processing sites is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility?

  1. Cold Site
  2. Hot Site
  3. Warm Site
  4. Mobile Site

Answer(s): B

Explanation:

A hot site is a duplicate of the original site of the organization, with full computer systems as well as near-complete backups of user data. It provides the backup facility, which is maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility.
A hot site is a backup site in case disaster has taken place in a data center. A hot site is located off site and provides the best protection. It is an exact replica of the current data center. In case a disaster struck to the data center, administrators just need to take the backup of recent data in hot site and the data center is back online in a very short time. It is very expensive to create and maintain the hot site. There are lots of third party companies that provide disaster recovery solutions by maintaining hot sites at their end. Answer A is incorrect. A cold site is a backup site in case disaster has taken place in a data center. This is the least expensive disaster recovery solution, usually having only a single room with no equipment. All equipment is brought to the site after the disaster. It can be on site or off site. Answer D is incorrect. Mobile sites are self-reliant, portable shells custom-fitted with definite telecommunications and IT equipment essential to meet system requirements. These are presented for lease through commercial vendors. Answer C is incorrect. A warm site is, quite logically, a compromise between hot and cold sites. Warm sites will have hardware and connectivity already established, though on a smaller scale than the original production site or even a hot site. These sites will have backups on hand, but they may not be complete and may be between several days and a week old. An example would be backup tapes sent to the warm site by courier.



Which of the following methods offers a number of modeling practices and disciplines that contribute to a successful service-oriented life cycle management and modeling?

  1. Service-oriented modeling framework (SOMF)
  2. Service-oriented architecture (SOA)
  3. Sherwood Applied Business Security Architecture (SABSA)
  4. Service-oriented modeling and architecture (SOMA)

Answer(s): A

Explanation:

The service-oriented modeling framework (SOMF) has been proposed by author Michael Bell as a service-oriented modeling language for software development that employs disciplines and a holistic language to provide strategic solutions to enterprise problems. The service-oriented modeling framework (SOMF) is a service-oriented development life cycle methodology. It offers a number of modeling practices and disciplines that contribute to a successful service-oriented life cycle management and modeling. The service-oriented modeling framework illustrates the major elements that identify the "what to do" aspects of a service development scheme. Answer B is incorrect. The service-oriented architecture (SOA) is a flexible set of design principles used during the phases of systems development and integration. Answer D is incorrect. The service-oriented modeling and architecture (SOMA) includes an analysis and design method that extends traditional object-oriented and component-based analysis and design methods to include concerns relevant to and supporting SOA. Answer C is incorrect. SABSA (Sherwood Applied Business Security Architecture) is a framework and methodology for Enterprise Security Architecture and Service Management. It is a model and a methodology for developing risk-driven enterprise information security architectures and for delivering security infrastructure solutions that support critical business initiatives.



Page 21 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

AC commented on October 19, 2024
For a moment no, comment, still moving well
Anonymous
upvote

johnny commented on October 19, 2024
great insight
Anonymous
upvote

Marc commented on October 18, 2024
What the best way to learn terraform?
UNITED STATES
upvote

murad commented on October 18, 2024
Very helpful for certs
JORDAN
upvote

Jack commented on October 18, 2024
are these legit ?
Anonymous
upvote

Juan commented on October 18, 2024
From until what page number is enough to pass the certification?
Anonymous
upvote

Sandeep commented on October 18, 2024
This is very helpful for exam crack
UNITED STATES
upvote

Cheron commented on October 18, 2024
Before all i thank to you for your support. I passed my 2 exams I purchased with full version. I got 90% in one exam and in 2 exam I got 86%.
Anonymous
upvote

LA commented on October 18, 2024
Hi there, I have scheduled my EXAM and will share my experience if these questions are valid or not.
Anonymous
upvote

Mazin commented on October 18, 2024
Good questions
Anonymous
upvote

Test commented on October 18, 2024
Test are these teak answeres?
Anonymous
upvote

anonymous commented on October 17, 2024
can someone tell me if this is real questions
UNITED STATES
upvote

Steven commented on October 17, 2024
Questions are spot on and I passed the exam.
UNITED STATES
upvote

Ntombi commented on October 17, 2024
i find the questions helpful for my exam preparation
Anonymous
upvote

Ntombi commented on October 17, 2024
The questions help me to see if I understood what I have learned
Anonymous
upvote

ntombi commented on October 17, 2024
writing exam at the end of the month
Anonymous
upvote

Apvj commented on October 17, 2024
Need to update section 5 questions,it was all new question today in exam , unitl section 4 it was fine even though pattern of question changed
Anonymous
upvote

ghada commented on October 17, 2024
it helps a lot
Anonymous
upvote

John commented on October 17, 2024
Good mock exam
Anonymous
upvote

test commented on October 17, 2024
Good content
UNITED STATES
upvote

Manoo commented on October 17, 2024
Hello guys, I hope everyone is doing good and preparing for this exam. I just wanted to share my experience about my exam. I wrote this exam yesterday and I passed. The key is to focus on each topic and memorize all these questions. You see most of them in your test. Good luck
INDIA
upvote

Ad commented on October 17, 2024
Hi I am new to IT
Anonymous
upvote

sadai commented on October 17, 2024
I really apricate this helpful test thank you so much
Anonymous
upvote

Lee commented on October 17, 2024
This is a very good resource. I'm glad this is provided for free for everyone to pass their exam. I'm sure everyone knows how difficult these exams are.
UNITED STATES
upvote

BANKEY BIHARI LAL commented on October 17, 2024
Very good mock exams as per the actual exam standards.
INDIA
upvote

Faruk commented on October 17, 2024
is free content is enough for pas az-900 ?
Anonymous
upvote

chad johnson commented on October 16, 2024
learning from this test
UNITED STATES
upvote

Keketso commented on October 16, 2024
This is a valuable resource for Az-900, i think
Anonymous
upvote

MP commented on October 16, 2024
Still Preparing Hopefully these are helpful
UNITED STATES
upvote

dado commented on October 16, 2024
cool thanks
BELGIUM
upvote

Harry commented on October 16, 2024
Thanks for the sample exam!
UNITED STATES
upvote

Rajesh K commented on October 16, 2024
fantastic contents provided by free braindumps, it is improving my accuracy.
Anonymous
upvote

chris commented on October 16, 2024
this dumps is very helpfull
Anonymous
upvote

Kiran commented on October 16, 2024
These are related questions
UNITED STATES
upvote