CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 37)

Page 37 of 88
PDF with 357 Questions

The build environment of secure coding consists of some tools that actively support secure specification, design, and implementation. Which of the following features do these tools have? Each correct answer represents a complete solution. Choose all that apply.

  1. They decrease the exploitable flaws and weaknesses.
  2. They reduce and restrain the propagation, extent, and damage that have occurred by insecure software behavior.
  3. They decrease the attack surface.
  4. They employ software security constraints, protections, and services. E. They decrease the level of type checking and program analysis.

Answer(s): A,B,C,D

Explanation:

The tools that produce secure software have the following features: They decrease the exploitable flaws and weaknesses. They decrease the attack surface. They employ software security constraints, protections, and services. They reduce and restrain the propagation, extent, and damage that are caused by the behavior of insecure software. Answer E is incorrect. This feature is not required for these tools.



Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answer represents a part of the solution. Choose all that apply.

  1. NIST
  2. Office of Management and Budget (OMB)
  3. FIPS
  4. FISMA

Answer(s): B,D

Explanation:

FISMA and Office of Management and Budget (OMB) require all general support systems and major applications to be fully certified and accredited before they are put into production. General support systems and major applications are also referred to as information systems and are required to be reaccredited every three years. Answer A is incorrect. The National Institute of Standards and Technology (NIST), known between 1901 and 1988 as the National Bureau of Standards (NBS), is a measurement standards laboratory which is a non-regulatory agency of the United States Department of Commerce. The institute's official mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life. Answer C is incorrect. The Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use by all non-military government agencies and by government contractors. Many FIPS standards are modified versions of standards used in the wider community (ANSI, IEEE, ISO, etc.). Some FIPS standards were originally developed by the U.S. government. For instance, standards for encoding data (e.g., country codes), but more significantly some encryption standards, such as the Data Encryption Standard (FIPS 46-3) and the Advanced Encryption Standard (FIPS 197). In 1994, NOAA (Noaa) began broadcasting coded signals called FIPS (Federal Information Processing System) codes along with their standard weather broadcasts from local stations. These codes identify the type of emergency and the specific geographic area (such as a county) affected by the emergency.



What are the security advantages of virtualization, as described in the NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Standards"? Each correct answer represents a complete solution. Choose three.

  1. It increases capabilities for fault tolerant computing.
  2. It adds a layer of security for defense-in-depth.
  3. It decreases exposure of weak software.
  4. It decreases configuration effort.

Answer(s): A,B,C

Explanation:

The security advantages of virtualization are as follows: It adds a layer of security for defense-in-depth. It provides strong encapsulation of errors. It increases intrusion detection through introspection. It decreases exposure of weak software. It increases the flexibility for discovery. It increases capabilities for fault tolerant computing using rollback and snapshot features. Answer D is incorrect. Virtualization increases configuration effort because of complexity of the virtualization layer and composite system.



Which of the following persons in an organization is responsible for rejecting or accepting the residual risk for a system?

  1. Information Systems Security Officer (ISSO)
  2. Designated Approving Authority (DAA)
  3. System Owner
  4. Chief Information Security Officer (CISO)

Answer(s): B

Explanation:

The authorizing official is the senior manager responsible for approving the working of the information system. He is responsible for the risks of operating the information system within a known environment through the security accreditation phase. In many organizations, the authorizing official is also referred as approving/accrediting authority (DAA) or the Principal Approving Authority (PAA). Answer C is incorrect. The system owner has the responsibility of informing the key officials within the organization of the requirements for a security C&A of the information system. He makes the resources available, and provides the relevant documents to support the process. Answer A is incorrect. An Information System Security Officer (ISSO) plays the role of a supporter. The responsibilities of an Information System Security Officer (ISSO) are as follows: Manages the security of the information system that is slated for Certification & Accreditation (C&A). Insures the information systems configuration with the agency's information security policy. Supports the information system owner/information owner for the completion of security-related responsibilities. Takes part in the formal configuration management process. Prepares Certification & Accreditation (C&A) packages. Answer D is incorrect. The CISO has the responsibility of carrying out the CIO's FISMA responsibilities. He manages the information security program functions.



Page 37 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

sj commented on December 22, 2024
good set of questions
Anonymous
upvote

sj commented on December 22, 2024
Questions that are typically not covered as part of the aws learning course videos
Anonymous
upvote

sowmya commented on December 22, 2024
helpfull to prepare for the exam
Anonymous
upvote

Leandro commented on December 22, 2024
very usefull
BRAZIL
upvote

vishal solanke commented on December 22, 2024
Please try to post explanations
Anonymous
upvote

Suchi Poddar commented on December 22, 2024
Good set and nice to see that so much help for the students. Thankyou so much.
Anonymous
upvote

Prashant commented on December 22, 2024
good practise
Anonymous
upvote

shree sri commented on December 22, 2024
great work for learning
UNITED STATES
upvote

M Ajaykumar commented on December 21, 2024
Literally helpful
Anonymous
upvote

Narasimha commented on December 21, 2024
it is helpful for ACE GCP Exsm
INDIA
upvote

shan commented on December 21, 2024
Nice questions
Anonymous
upvote

resha commented on December 21, 2024
Very nicely explained
Anonymous
upvote

Abhishek commented on December 21, 2024
It was Nice
Anonymous
upvote

Sumeet G Hongekar commented on December 21, 2024
I am eger to write cad exaam
UNITED STATES
upvote

KAREEM ROFIAT BOLANLE commented on December 21, 2024
not yet written the exam
Anonymous
upvote

Subham commented on December 21, 2024
Good set of question for practice
Anonymous
upvote

Krish commented on December 20, 2024
Good to have test papers
INDIA
upvote

Ashish Sharma commented on December 20, 2024
Very elaborative explanation and apt questions
CANADA
upvote

Ashish Sharma commented on December 20, 2024
Very Useful
CANADA
upvote

Ashwani commented on December 20, 2024
Nice questions
UNITED KINGDOM
upvote

hardik commented on December 20, 2024
Very good content
UNITED STATES
upvote

Test commented on December 20, 2024
its helpful
Anonymous
upvote

haardik commented on December 20, 2024
Good so far
UNITED STATES
upvote

priya commented on December 20, 2024
good to prepare for the exam
Anonymous
upvote

Nagaraj commented on December 20, 2024
The questions help me to review
Anonymous
upvote

Reagan commented on December 20, 2024
Very Useful
Anonymous
upvote

Anonymous commented on December 20, 2024
definitely a perfect set of questions
Anonymous
upvote

DD commented on December 20, 2024
Preparing for exam
Anonymous
upvote

Anonymous1 commented on December 20, 2024
Nice questions
Anonymous
upvote

PrepGoku commented on December 20, 2024
Great list of questions, with full explaination
Anonymous
upvote

Hemlata commented on December 20, 2024
Great content
INDIA
upvote

Nicholos J Frates commented on December 20, 2024
I just passed the Salesforce-AI-Associate exam recently! my Result Card: https://docs.google.com/document/d/1CicoY5IGQwyyanVV_cCEUE2jFT86tyl3FZ_hA6Q_BiM
Anonymous
upvote

Hemlata commented on December 20, 2024
It is useful.
INDIA
upvote

Koomi commented on December 20, 2024
Great Content
Anonymous
upvote