CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 30)

Page 30 of 88
PDF with 357 Questions

Which of the following phases of the DITSCAP C&A process is used to define the C&A level of effort, to identify the main C&A roles and responsibilities, and to create an agreement on the method for implementing the security requirements?

  1. Phase 1
  2. Phase 4
  3. Phase 2
  4. Phase 3

Answer(s): A

Explanation:

The Phase 1 of the DITSCAP C&A process is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. Answer C is incorrect. The Phase 2 of the DITSCAP C&A process is known as Verification. Answer D is incorrect. The Phase 3 of the DITSCAP C&A process is known as Validation. Answer B is incorrect. The Phase 4 of the DITSCAP C&A process is known as Post Accreditation.



Which of the following types of obfuscation transformation increases the difficulty for a de-obfuscation tool so that it cannot extract the true application from the obfuscated version?

  1. Preventive transformation
  2. Data obfuscation
  3. Control obfuscation
  4. Layout obfuscation

Answer(s): A

Explanation:

Preventive transformation increases the difficulty for a de-obfuscation tool so that it cannot extract the true application from the obfuscated version.



Which of the following techniques is used when a system performs the penetration testing with the objective of accessing unauthorized information residing inside a computer?

  1. Biometrician
  2. Van Eck Phreaking
  3. Port scanning
  4. Phreaking

Answer(s): C

Explanation:

Port scanning identifies open doors to a computer. Hackers and crackers use this technique to obtain unauthorized information.
Port scanning is the first basic step to get the details of open ports on the target system. Port scanning is used to find a hackable server with a hole or vulnerability. A port is a medium of communication between two computers. Every service on a host is identified by a unique 16-bit number called a port. A port scanner is a piece of software designed to search a network host for open ports. This is often used by administrators to check the security of their networks and by hackers to identify running services on a host with the view to compromising it. Port scanning is used to find the open ports, so that it is possible to search exploits related to that service and application. Answer D is incorrect. Phreaking is a process used to crack the phone system. The main aim of phreaking is to avoid paying for long- distance calls. As telephone networks have become computerized, phreaking has become closely linked with computer hacking. This is sometimes called the H/P culture (with H standing for Hacking and P standing for Phreaking). Answer A is incorrect. It is defined as a system using a physical attribute for authenticating. Only authorized users are provided access to network or application. Answer B is incorrect. It is described as a form of eavesdropping in which special equipments are used to pick up the telecommunication signals or data within a computer device.



Which of the following types of attacks is targeting a Web server with multiple compromised computers that are simultaneously sending hundreds of FIN packets with spoofed IP source IP addresses?

  1. DDoS attack
  2. Evasion attack
  3. Insertion attack
  4. Dictionary attack

Answer(s): A

Explanation:

A distributed denial of service (DDoS) attack targets a Web server with multiple compromised computers that are simultaneously sending hundreds of FIN packets with spoofed IP source IP addresses. DDoS attack occurs when multiple compromised systems flood the bandwidth or resources of a targeted system, usually one or more Web servers. These systems are compromised by attackers using a variety of methods. It is an attempt to make a computer resource unavailable to its intended users. This type of attack can cause the following to occur: Saturate network resources. Disrupt connections between two computers, thereby preventing communications between services. Disrupt services on a specific computer. Answer D is incorrect. Dictionary attack is a type of password guessing attack. This type of attack uses a dictionary of common words to find out the password of a user. It can also use common words in either upper or lower case to find a password. There are many programs available on the Internet to automate and execute dictionary attacks. Answer C is incorrect. In an insertion attack, an IDS accepts a packet and assumes that the host computer will also accept it. But in reality, when a host system rejects the packet, the IDS accepts the attacking string that will exploit vulnerabilities in the IDS. Such attacks can badly infect IDS signatures and IDS signature analysis. Answer B is incorrect. An evasion attack is one in which an IDS rejects a malicious packet but the host computer accepts it. Since an IDS has rejected it, it does not check the contents of the packet. Hence, using this technique, an attacker can exploit the host computer. In many cases, it is quite simple for an attacker to send such data packets that can easily perform evasion attacks on an IDSs.



Page 30 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

Ram commented on October 15, 2024
Good material
Anonymous
upvote

karishma commented on October 15, 2024
is this right answer or wrong
UNITED KINGDOM
upvote

Nelis commented on October 15, 2024
going to write my 1102 soon is this still legit?
Anonymous
upvote

Comeru commented on October 15, 2024
You pass this exam with these questions. But you need to get the full version.
UNITED STATES
upvote

Jeron commented on October 15, 2024
Family hard exam. Unless you're an expert you cannot pass without using these exams.
UNITED KINGDOM
upvote

Suraj commented on October 15, 2024
Much better than the other website. No annoying recapture validation or advertisements.
INDIA
upvote

Sar commented on October 15, 2024
Nice exam dumps
Anonymous
upvote

Jawad commented on October 15, 2024
This is valuable resource for Az-900, i think
Anonymous
upvote

MIGUEL AVELLANEDA commented on October 14, 2024
Real and accurate examples of the CSA exam.
Anonymous
upvote

CompTIA commented on October 14, 2024
These questions are valid but you can't rely on them. We do not use these questions no more. On god.
UNITED STATES
upvote

Faruk commented on October 14, 2024
This is valuable resource for Az-900, i think
Anonymous
upvote

Ramu commented on October 14, 2024
It helps the pattern of exam
Anonymous
upvote

Ramu commented on October 14, 2024
Good content
Anonymous
upvote

Royal commented on October 14, 2024
This exam dump is valid in my country. I passed. I received 97%.
Brazil
upvote

Rodrigo C. commented on October 14, 2024
Great to have full access to the Salesforce Associate Exam! Thank you!!!
ROMANIA
upvote

salma commented on October 14, 2024
i need the pdf pls someone help me !
Anonymous
upvote

Gunnyk commented on October 14, 2024
@Nmap_Lord22- How was the PBQ'S?
UNITED STATES
upvote

Gunnyk commented on October 14, 2024
Anyone pass the exam recently?
UNITED STATES
upvote

Saurabh commented on October 14, 2024
Good content
EUROPEAN UNION
upvote

leta commented on October 14, 2024
good learning
Anonymous
upvote

Likissa commented on October 14, 2024
Good Questions that makes me get prepared for the Actual PMP EXAM
Anonymous
upvote

Supreet commented on October 13, 2024
Hello manpreet, did all question came from dumps in exams
CANADA
upvote

Jay commented on October 13, 2024
Very helpful for certs
Anonymous
upvote

Asadullah commented on October 13, 2024
Good question but repeated of other sites!
UNITED STATES
upvote

Mish commented on October 13, 2024
Are those questions relative?
Anonymous
upvote

vaibgav commented on October 13, 2024
nice paper for practise
Anonymous
upvote

Essam Zahra commented on October 13, 2024
Thank you, it is very useful
EGYPT
upvote

Dennis Rono commented on October 13, 2024
The questions in here are fantastic, it would be nice to have some explanation on the choices of the right answer.
Anonymous
upvote

Dennis Rono commented on October 13, 2024
Awesome practice question
Anonymous
upvote

ileana commented on October 12, 2024
I can not access in this moc, is it available in other url?
Anonymous
upvote

edward commented on October 12, 2024
Passed with flying colors. Amazing material... came word by word.
Anonymous
upvote

Calisto MF Moniz commented on October 12, 2024
No comment for this form for the time being.
Anonymous
upvote

Calisto MF Moniz commented on October 12, 2024
Good mechanism for Security expertise practices!
Anonymous
upvote

Meraj commented on October 12, 2024
The exam is super duper hard. You use these exam dumps to only pass. If you don't have the questions it is not easy to pass.
INDIA
upvote