CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 34)

Page 34 of 88
PDF with 357 Questions

Which of the following sections come under the ISO/IEC 27002 standard?

  1. Security policy
  2. Asset management
  3. Financial assessment
  4. Risk assessment

Answer(s): A,B,D

Explanation:

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC) as ISO/IEC 17799:2005. This standard contains the following twelve main sections: 1.Risk assessment: It refers to assessment of risk. 2.Security policy: It deals with the security management. 3.Organization of information security: It deals with governance of information security. 4.Asset management: It refers to inventory and classification of information assets. 5.Human resources security: It deals with security aspects for employees joining, moving and leaving an organization. 6.Physical and environmental security: It is related to protection of the computer facilities. 7.Communications and operations management: It is the management of technical security controls in systems and networks. 8.Access control: It deals with the restriction of access rights to networks, systems, applications, functions and data. 9.Information systems acquisition, development and maintenance: It refers to build security into applications. 10.Information security incident management: It refers to anticipate and respond appropriately to information security breaches. 11.Business continuity management: It deals with protecting, maintaining and recovering business-critical processes and systems.
12.Compliance: It is used for ensuring conformance with information security policies, standards, laws and regulations. Answer C is incorrect. Financial assessment does not come under the ISO/IEC 27002 standard.



Which of the following statements about the authentication concept of information security management is true?

  1. It establishes the users' identity and ensures that the users are who they say they are.
  2. It ensures the reliable and timely access to resources.
  3. It determines the actions and behaviors of a single individual within a system, and identifies that particular individual.
  4. It ensures that modifications are not made to data by unauthorized personnel or processes.

Answer(s): A

Explanation:

The concept of authentication establishes the users' identity and ensures that the users are who they say they are. Answer B is incorrect. The concept of availability ensures the reliable and timely access to data or resources. Answer D is incorrect. The concept of integrity ensures that modifications are not made to data by unauthorized personnel or processes. Answer C is incorrect. The concept of accountability determines the actions and behaviors of a single individual within a system, and identifies that particular individual.



Billy is the project manager of the HAR Project and is in month six of the project. The project is scheduled to last for 18 months. Management asks Billy how often the project team is participating in risk reassessment in this project. What should Billy tell management if he's following the best practices for risk management?

  1. Project risk management happens at every milestone.
  2. Project risk management has been concluded with the project planning.
  3. Project risk management is scheduled for every month in the 18-month project.
  4. At every status meeting the project team project risk management is an agenda item.

Answer(s): D

Explanation:

Risk management is an ongoing project activity. It should be an agenda item at every project status meeting. Answer A is incorrect. Milestones are good times to do reviews, but risk management should happen frequently. Answer C is incorrect. This answer would only be correct if the project has a status meeting just once per month in the project. Answer B is incorrect. Risk management happens throughout the project as does project planning.



You work as a security manager for BlueWell Inc. You are going through the NIST SP 800-37 C&A methodology, which is based on four well defined phases. In which of the following phases of NIST SP 800-37 C&A methodology does the security categorization occur?

  1. Security Accreditation
  2. Security Certification
  3. Continuous Monitoring
  4. Initiation

Answer(s): D

Explanation:

The various phases of NIST SP 800-37 C&A are as follows: Phase 1: Initiation- This phase includes preparation, notification and resource identification. It performs the security plan analysis, update, and acceptance. Phase 2: Security Certification- The Security certification phase evaluates the controls and documentation. Phase 3: Security Accreditation- The security accreditation phase examines the residual risk for acceptability, and prepares the final security accreditation package. Phase 4: Continuous Monitoring-This phase monitors the configuration management and control, ongoing security control verification, and status reporting and documentation.



Page 34 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

Tsholofelo commented on October 07, 2024
Tricky question
Anonymous
upvote

Gowtham commented on October 06, 2024
Great questions
UNITED STATES
upvote

Brook commented on October 06, 2024
Great While free AZ-900 exam braindumps might seem tempting, they often come with risks like outdated information or inaccuracies. Investing in reliable study materials, like those from this site ensures you get the latest and most accurate content to help you succeed.
Anonymous
upvote

Yogi commented on October 06, 2024
Simple quesitons
CANADA
upvote

Anderson commented on October 06, 2024
Finally passed this exam. I am certified now and ready for a promotion.
Brazil
upvote

NOOR commented on October 06, 2024
I want to pass my CIA Exam P2 withing the next 2weeks, can I get help?
UNITED ARAB EMIRATES
upvote

Gevo commented on October 05, 2024
First exam is passed. Studying and preparation for second exam now. I purchased 2 study guides with 50% discount. Goo deal.
Singapore
upvote

Ama commented on October 05, 2024
Dump PDF OK
Anonymous
upvote

Marv commented on October 05, 2024
This is Great!
Anonymous
upvote

Aaa commented on October 05, 2024
Best Practice
Anonymous
upvote

sadai commented on October 05, 2024
I really apricate this helpful test
Anonymous
upvote

sadai commented on October 04, 2024
I do not know to say thanks it is really useful
Anonymous
upvote

sadai commented on October 04, 2024
it was really useful thank you so much
Anonymous
upvote

sadai commented on October 04, 2024
Hi it was really helpful for me to improve my mind
Anonymous
upvote

Mohammed Haque commented on October 04, 2024
very useful site for exam prep
UNITED STATES
upvote

Melvin commented on October 04, 2024
Educational
Anonymous
upvote

NJ commented on October 04, 2024
Good Study Material
UNITED STATES
upvote

Tsholofelo commented on October 04, 2024
Mostly challenging question
Anonymous
upvote

Moana commented on October 04, 2024
Preperation
Anonymous
upvote

Nate commented on October 04, 2024
I worked really hard to pass this exam. It is a very hard exam. These questions are you best buddy. So use them.
UNITED STATES
upvote

Dominic commented on October 04, 2024
Lots of comments here asking if any one passed this exam. I did pass this exam. It is tough one. Study hard and use these exam questions and answers. You will be able to pass.
UNITED STATES
upvote

Miss Tech commented on October 04, 2024
@Lucas, hi did you pass?and how many questions were in the Exam because l can only see 47Q here on the dumps,???
Anonymous
upvote

Vani commented on October 04, 2024
Very useful
Anonymous
upvote

Priyanka Prasad commented on October 04, 2024
i need questions
Anonymous
upvote

Jack commented on October 03, 2024
are these still legit?
Anonymous
upvote

Ashok Kumar commented on October 03, 2024
Very good content to prep
UNITED STATES
upvote

User commented on October 03, 2024
By far one of the best free sources of exam dumps. I searched google for free braindumps and boom I got this right away.
UNITED STATES
upvote

Vignesh commented on October 03, 2024
I'm writing next week, are the questions still valid?
CZECH REPUBLIC
upvote

Rama commented on October 03, 2024
All looks good.
Anonymous
upvote

Yaron M commented on October 03, 2024
please stop the pain i cant take this anyomre my wife left me and she took the kids its been 54 years and i still cant pass AZ104 please make the suffering stop
Anonymous
upvote

Varon commented on October 03, 2024
The 2 hardest topics of this exams are: 1) Designing Resilient Architectures and 2) Cost-Optimized Architectures By mastering these areas, you’ll be better prepared for tricky exam questions related to resilient and cost-effective architectures.
INDIA
upvote

Haji Momen commented on October 03, 2024
The questions in the exam dumps are pretty same as the real exam the only problem is that it is not complete or has less questions compared to full version. I am from South Africa and this is expensive for me. So I will be using the free version.
South Africa
upvote

Saurabh commented on October 03, 2024
Super Course to go ahead
INDIA
upvote

solla maaten commented on October 03, 2024
just reviewing
Anonymous
upvote