CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 28)

Page 28 of 88
PDF with 357 Questions

Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test? Each correct answer represents a complete solution. Choose all that apply.

  1. Kernel flaws
  2. Information system architectures
  3. Race conditions
  4. File and directory permissions
  5. Buffer overflows
  6. Trojan horses
  7. Social engineering

Answer(s): A,C,D,E,F,G

Explanation:

Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Following are the areas that can be exploited in a penetration test: Kernel flaws: Kernel flaws refer to the exploitation of kernel code flaws in the operating system. Buffer overflows: Buffer overflows refer to the exploitation of a software failure to properly check for the length of input data. This overflow can cause malicious behavior on the system. Race conditions: A race condition is a situation in which an attacker can gain access to a system as a privileged user. File and directory permissions: In this area, an attacker exploits weak permissions restrictions to gain unauthorized access of documents. Trojan horses: These are malicious programs that can exploit an information system by attaching themselves in valid programs and files. Social engineering: In this technique, an attacker uses his social skills and persuasion to acquire valuable information that can be used to conduct an attack against a system.



Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

  1. File and object access
  2. Data downloading from the Internet
  3. Printer access
  4. Network logons and logoffs

Answer(s): A,C,D

Explanation:

The following types of activities can be audited: Network logons and logoffs File access Printer access Remote access service Application usage Network services Auditing is used to track user accounts for file and object access, logon attempts, system shutdown, etc. This enhances the security of the network. Before enabling security auditing, the type of event to be audited should be specified in the audit policy. Auditing is an essential component to maintain the security of deployed systems. Security auditing depends on the criticality of the environment and on the company's security policy. The security system should be reviewed periodically. Answer B is incorrect. Data downloading from the Internet cannot be audited.



Which of the following federal agencies has the objective to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life?

  1. National Security Agency (NSA)
  2. National Institute of Standards and Technology (NIST)
  3. United States Congress
  4. Committee on National Security Systems (CNSS)

Answer(s): B

Explanation:

The National Institute of Standards and Technology (NIST), known between 1901 and 1988 as the National Bureau of Standards (NBS), is a measurement standards laboratory which is a non-regulatory agency of the United States Department of Commerce. The institute's official mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life. Answer D is incorrect. The Committee on National Security Systems (CNSS) is a United States intergovernmental organization that sets policy for the security of the US security systems. The CNSS holds discussions of policy issues, sets national policy, directions, operational procedures, and guidance for the information systems operated by the U.S. Government, its contractors, or agents that contain classified information, involve intelligence activities, involve cryptographic activities related to national security, etc.
Answer(s): A is incorrect.
The National Security Agency/Central Security Service (NSA/CSS) is a crypto-logic intelligence agency of the United States government. It is administered as part of the United States Department of Defense. NSA is responsible for the collection and analysis of foreign communications and foreign signals intelligence, which involves cryptanalysis. NSA is also responsible for protecting U.S. government communications and information systems from similar agencies elsewhere, which involves cryptography. NSA is a key component of the U.S. Intelligence Community, which is headed by the Director of National Intelligence. The Central Security Service is a co-located agency created to coordinate intelligence activities and co-operation between NSA and U.S. military cryptanalysis agencies. NSA's work is limited to communications intelligence. It does not perform field or human intelligence activities. Answer C is incorrect. The United States Congress is the bicameral legislature of the federal government of the United States of America. It consists of the Senate and the House of Representatives. The Congress meets in the United States Capitol in Washington, D.C. Both senators and representatives are chosen through direct election. Each of the 435 members of the House of Representatives represents a district and serves a two-year term. House seats are apportioned among the states by population. The 100 Senators serve staggered six-year terms. Each state has two senators, regardless of population. Every two years, approximately one-third of the Senate is elected at a time. The United States Congress main function is to make laws. The Office of the Law Revision Counsel organizes and publishes the United States Code (USC). It is a consolidation and codification by subject matter of the general and permanent laws of the United States.



Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation?

  1. Deployment
  2. Requirements Gathering
  3. Maintenance
  4. Design

Answer(s): D

Explanation:

The various security controls in the SDLC design phase are as follows:
Misuse Case Modeling: It is important that the inverse of the misuse cases be modeled to understand and address the security aspects of the software. The requirements traceability matrix can be used to track the misuse cases to the functionality of the software. Security Design and Architecture Review: This control can be introduced when the teams are engaged in the "functional" design and architecture review of the software. Threat and Risk Modeling: Threat modeling determines the attack surface of the software by examining its functionality for trust boundaries, data flow, entry points, and exit points. Risk modeling is performed by ranking the threats as they pertain to the users organization's business objectives, compliance and regulatory requirements and security exposures. Security Requirements and Test Cases Generation: All the above three security controls, i.e., Misuse Case Modeling, Security Design and Architecture Review, and Threat and Risk Modeling are used to produce the security requirements.



Page 28 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

Ashwini commented on November 13, 2024
I would appreciate for resources you can provide
INDIA
upvote

Ganiyu Ogunlana commented on November 13, 2024
Great Insight into the exams
Anonymous
upvote

Vuyo commented on November 13, 2024
Very Helpful
Anonymous
upvote

Suleman khan commented on November 13, 2024
Huawei is my favourite I'm enjoying these questions
PAKISTAN
upvote

Pandiyan Venkatraman commented on November 13, 2024
good question
Anonymous
upvote

Eb'Oney commented on November 12, 2024
I think the answer here should be B. Split the Logged column by using at as the delimiter
UNITED STATES
upvote

Hadiza commented on November 12, 2024
useful for exam preparation
Anonymous
upvote

Hadiza commented on November 12, 2024
inspiring and educative
Anonymous
upvote

Hadiza commented on November 12, 2024
Highly resourceful
Anonymous
upvote

Naomie commented on November 12, 2024
Good material very helpful.
Anonymous
upvote

dodol commented on November 12, 2024
ok real exam
Anonymous
upvote

PA commented on November 11, 2024
This questions are valid in Canada. I passed the exam.
CANADA
upvote

JP commented on November 11, 2024
Très intéréssant pour valider son apprentissage
SWITZERLAND
upvote

JP commented on November 11, 2024
Good for exam preparation
SWITZERLAND
upvote

K.U commented on November 11, 2024
@Dane, Yes, questions are very similar to content of real exam. I managed to pass the test.
Anonymous
upvote

siva N commented on November 11, 2024
this absolutely make the test easy!!!
INDIA
upvote

Isadora Guimarães commented on November 10, 2024
Very good to study
UNITED STATES
upvote

Noah commented on November 10, 2024
Does this dump include the lab solution as well?
Anonymous
upvote

Cardo commented on November 10, 2024
Helpful explanations
Anonymous
upvote

Anonymous commented on November 10, 2024
Good ONE FOR mcd l2
INDIA
upvote

derar commented on November 10, 2024
The study material was very helpful
Anonymous
upvote

Kavya M T commented on November 09, 2024
Good questions
Anonymous
upvote

Ali commented on November 09, 2024
This dump helped me pass my exam. Relevant content.
Canada
upvote

Bahawan commented on November 09, 2024
This website provides these questions for free which is appreciated. A massing assistance to my preparation.
INDIA
upvote

Rasmita commented on November 09, 2024
This is a good braindumps. So many questions in the exam from this dump.
Anonymous
upvote

Jermy commented on November 09, 2024
I made my exam today and I did good. I did not just use books but used this exam dumps questions and passed good.
FRANCE
upvote

Nitin Kumar commented on November 09, 2024
I signed up for the premium version. I paid for the PDF version and download my documents and started my studies. Satisfied csutomer so far.
UNITED STATES
upvote

Bowen commented on November 09, 2024
Found this site by searching Google 2 months ago. I user the 50% discount sale to buy 2 premium exams. The first one was good and I successfully passed the test. Now I am working on the second exam. I hope I get the same result.
Singapore
upvote

Prathamesh Chandrakant Shembade commented on November 08, 2024
I am eger to write cad exaam
EUROPEAN UNION
upvote

Prathamesh Chandrakant Shembade commented on November 08, 2024
practice for cad
UNITED STATES
upvote

Ambr commented on November 08, 2024
Can I pass the exams only with these dumps ?
Anonymous
upvote

michrle23 commented on November 08, 2024
The purchase and download is very streamlined. I was able to quickly pay and download my course content. I have now started preparing. Once I finish my exam I will share my experience of the exam.
PAKISTAN
upvote

Dane commented on November 08, 2024
hello there ! can someone confirme that this question are reall quetions and can be a part of exams questions ? thanks a lot. i will take the exams next week but i fell like not ready yet . thanks a lot!
GERMANY
upvote

Anouar commented on November 08, 2024
contenu enrichissant
Anonymous
upvote