CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 35)

Page 35 of 88
PDF with 357 Questions

In which of the following DIACAP phases is residual risk analyzed?

  1. Phase 1
  2. Phase 5
  3. Phase 2
  4. Phase 4
  5. Phase 3

Answer(s): D

Explanation:

The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is a process defined by the United States Department of Defense (DoD) for managing risk. The Certification Determination and Accreditation phase is the third phase in the DIACAP process. Its subordinate tasks are as follows: Analyze residual risk. Issue certification determination. Make accreditation decision. Answer A is incorrect. Phase 1 is known as Initiate and Plan IA C&A. Answer C is incorrect. Phase 2 is used to implement and validate assigned IA controls. Answer E is incorrect. Phase 3 is used to make certification determination and accreditation decisions. Answer B is incorrect. Phase 5 is known as decommission system and is used to conduct activities related to the disposition of the system data and objects.



Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.

  1. Change and Configuration Control
  2. Security Certification and Accreditation (C&A)
  3. Vulnerability Assessment and Penetration Testing
  4. Risk Adjustments

Answer(s): B,C,D

Explanation:

The various security controls in the SDLC deployment phase are as follows: Secure Installation: While performing any software installation, it should kept in mind that the security configuration of the environment should never be reduced. If it is reduced then security issues and overall risks can affect the environment. Vulnerability Assessment and Penetration Testing: Vulnerability assessments (VA) and penetration testing (PT) is used to determine the risk and attest to the strength of the software after it has been deployed. Security Certification and Accreditation (C&A): Security certification is the process used to ensure controls which are effectively implemented through established verification techniques and procedures, giving organization officials confidence that the appropriate safeguards and countermeasures are in place as means of protection. Accreditation is the provisioning of the necessary security authorization by a senior organization official to process, store, or transmit information.
Risk Adjustments: Contingency plans and exceptions should be generated so that the residual risk be above the acceptable threshold.



Which of the following provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application?

  1. Watermarking
  2. Code obfuscation
  3. Encryption wrapper
  4. ESAPI

Answer(s): D

Explanation:

ESAPI (Enterprise Security API) is a group of classes that encapsulate the key security operations, needed by most of the applications. It is a free, open source, Web application security control library. ESAPI provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application. It offers a solid foundation for new development. Answer C is incorrect.
An encryption wrapper is a device that encrypts and decrypts the critical or all software codes at runtime. Answer B is incorrect. Code obfuscation transforms the code so that it is less intelligible for a person. Answer A is incorrect. Watermarking is the irreversible process of embedding information into a digital media. The purpose of digital watermarks is to provide copyright protection for intellectual property that is in digital form.



Which of the following is a malicious exploit of a website, whereby unauthorized commands are transmitted from a user trusted by the website?

  1. Cross-Site Scripting
  2. Injection flaw
  3. Side channel attack
  4. Cross-Site Request Forgery

Answer(s): D

Explanation:

CSRF (Cross-Site Request Forgery) is a malicious exploit of a website, whereby unauthorized commands are transmitted from a user trusted by the website. It is also known as a one-click attack or session riding. CSRF occurs when a user is tricked by an attacker into activating a request in order to perform some unauthorized action. It increases data loss and malicious code execution. Answer A is incorrect. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls, such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site owner. Answer C is incorrect. A side channel attack is based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms (compare cryptanalysis). For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information which can be exploited to break the system. Many side- channel attacks require considerable technical knowledge of the internal operation of the system on which the cryptography is implemented. Answer B is incorrect. Injection flaws are the vulnerabilities where a foreign agent illegally uses a sub-system. They are the vulnerability holes that can be used to attack a database of Web applications. It is the most common technique of attacking a database. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker's hostile data tricks the interpreter into executing involuntary commands or changing data. Injection flaws include XSS (HTML Injection) and SQL Injection.



Page 35 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

Jay commented on November 04, 2024
I tried to clear this exam for 3 times but failed. So I finally resorted to using these exam dumps which I really did not want to. But I was left with no choice.
New Zealand
upvote

Fernando commented on November 04, 2024
Very cool and very helpful. Bought 2 exams with 50% discount.
Brazil
upvote

Jai commented on November 03, 2024
I liked the questions
Anonymous
upvote

Sumitra commented on November 03, 2024
I am eager to write CAD exam
Anonymous
upvote

Veitnam commented on November 03, 2024
Thank you the website owner for making these exam questions available for free. It helped me clear my paper.
Anonymous
upvote

Anonymous commented on November 03, 2024
Can I pass the exams only with these dumps ?
Anonymous
upvote

Bin Mahamood commented on November 03, 2024
terraform { required_providers { aws = { version = ">= 2.7.0" source = "hashicorp/aws" } } }
Anonymous
upvote

Yizzy commented on November 02, 2024
@Patak when did you take the exam?
Anonymous
upvote

Tadele commented on November 02, 2024
Help full to next exam
Anonymous
upvote

Jaqulin commented on November 02, 2024
I appreciate the service and the questions being free. Finally something free in this world.
FRANCE
upvote

numan commented on November 02, 2024
really helping
GERMANY
upvote

Patak commented on November 01, 2024
I got about 70 to 74 questions are from here. So its worth it.
INDIA
upvote

xxx commented on November 01, 2024
I've used this material for exam preps. Many questions comes from this dump.
ESTONIA
upvote

Timens commented on November 01, 2024
Well done and nicely put together. All valid questions in PDF version.
Netherlands
upvote

Debendra commented on November 01, 2024
Passed the exam. The best Diwalli present!!! Thank you team for this braindumps.
INDIA
upvote

Tdk commented on November 01, 2024
Great staff
SOUTH AFRICA
upvote

Tdk commented on November 01, 2024
Good material
SOUTH AFRICA
upvote

Sophy commented on November 01, 2024
These communities along with the questions posted here assisted me a lot for passing my exam CISSP
UNITED STATES
upvote

Pear commented on November 01, 2024
I had a deadline to pass this exam. These questions dumps came to save me. Very easy and quite accurate.
UNITED STATES
upvote

Kiran P commented on November 01, 2024
very helpful ..
INDIA
upvote

Sree commented on October 31, 2024
This is a good practice test for preparation
UNITED STATES
upvote

ambr commented on October 31, 2024
just doing some preparation
Anonymous
upvote

Caml commented on October 31, 2024
Ok at thé moment
Anonymous
upvote

Caml commented on October 31, 2024
I will Say After trying more questions
Anonymous
upvote

George commented on October 31, 2024
Fun way to learn
ROMANIA
upvote

Damian commented on October 31, 2024
Just passed my exam today. I am going to focus on my second exam. Just an FYI, if you are buying the full version they have a buy 1 get one free deal. Just select 2 exams and add them to shopping cart and you get a 50% off your over all total... automatically.
UNITED STATES
upvote

Temitope commented on October 31, 2024
Good questions
EUROPEAN UNION
upvote

Temitope commented on October 31, 2024
Nice and well structured questions
EUROPEAN UNION
upvote

Mr. K commented on October 31, 2024
Valid exam dump. Passed in first try. Keep the good work and keep it free guys.
UNITED STATES
upvote

Fernanda commented on October 30, 2024
This is a very good practice test, I approve my exam
Anonymous
upvote

Gustavo Gonçalves commented on October 30, 2024
A questão 17 está errada a resposta é letra D. Podem corrigir por favor?
BRAZIL
upvote

DA commented on October 30, 2024
Very good and help a lot for practice
INDIA
upvote

Arthur commented on October 30, 2024
I had an awesome experience passing the AZ-104 on my first attempt! Huge thanks to this site for their support and top-notch materials—it was spot on!
UNITED STATES
upvote

George commented on October 30, 2024
Thanks for all the assistance i got the full PDF version. Highly recommended!
UNITED STATES
upvote