CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 50)

Page 50 of 88
PDF with 357 Questions

Which of the following is the most secure method of authentication?

  1. Biometrics
  2. Username and password
  3. Anonymous
  4. Smart card

Answer(s): A

Explanation:

Biometrics is a method of authentication that uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user. Nowadays, the usage of biometric devices such as hand scanners and retinal scanners is becoming more common in the business environment. It is the most secure method of authentication. Answer B is incorrect. Username and password is the least secure method of authentication in comparison of smart card and biometrics authentication. Username and password can be intercepted. Answer D is incorrect. Smart card authentication is not as reliable as biometrics authentication. Answer C is incorrect. Anonymous authentication does not provide security as a user can log on to the system anonymously and he is not prompted for credentials.



Maria has been recently appointed as a Network Administrator in Gentech Inc. She has been tasked to perform network security testing to find out the vulnerabilities and shortcomings of the present network infrastructure. Which of the following testing approaches will she apply to accomplish this task?

  1. Gray-box testing
  2. White-box testing
  3. Black-box testing
  4. Unit testing

Answer(s): C

Explanation:

Maria is new for this organization and she does not have any idea regarding the present infrastructure. Therefore, black box testing is best suited for her. Blackbox testing is a technique in which the testing team has no knowledge about the infrastructure of the organization. The testers must first determine the location and extent of the systems before commencing their analysis. This testing technique is costly and time consuming. Answer B is incorrect. White box testing, also known as Clear box or Glass box testing, takes into account the internal mechanism of a system or application. The connotations of "Clear box" and "Glass box" indicate that a tester has full visibility of the internal workings of the system. It uses knowledge of the internal structure of an application. It is applicable at the unit, integration, and system levels of the software testing process. It consists of the following testing methods: Control flow-based testing Create a graph from source code. Describe the flow of control through the control flow graph. Design test cases to cover certain elements of the graph. Data flow-based testing Test connections between variable definitions. Check variation of the control flow graph. Set DEF (n) contains variables that are defined at node n. Set USE (n) are variables that are read. Answer A is incorrect. Graybox testing is a combination of whitebox testing and blackbox testing. In graybox testing, the test engineer is equipped with the knowledge of system and designs test cases or test data based on system knowledge. The security tester typically performs graybox testing to find vulnerabilities in software and network system. Answer D is incorrect. Unit testing is a type of testing in which each independent unit of an application is tested separately. During unit testing, a developer takes the smallest unit of an application, isolates it from the rest of the application code, and tests it to determine whether it works as expected. Unit testing is performed before integrating these independent units into modules. The most common approach to unit testing requires drivers and stubs to be written. Drivers and stubs are programs. A driver simulates a calling unit, and a stub simulates a called unit.



Which of the following processes identifies the threats that can impact the business continuity of operations?

  1. Function analysis
  2. Risk analysis
  3. Business impact analysis
  4. Requirement analysis

Answer(s): C

Explanation:

A business impact analysis (BIA) is a crisis management and business impact analysis technique that identifies those threats that can impact the business continuity of operations. Such threats can be either natural or man-made. The BIA team should have a clear understanding of the organization, key business processes, and IT resources for assessing the risks associated with continuity. In the BIA team, there should be senior management, IT personnel, and end users to identify all resources that are to be used during normal operations. Answer B is incorrect. Risk analysis is the science of risks and their probability and evaluation in a business or a process. It is an important factor in security enhancement and prevention in a system. Risk analysis should be performed as part of the risk management process for each project. The outcome of the risk analysis would be the creation or review of the risk register to identify and quantify risk elements to the project and their potential impact. Answer A is incorrect. The functional analysis process is used for converting system requirements into a comprehensive function standard. Verification is the result of the functional analysis process, in which the fundamentals of a system level functional architecture are defined adequately to allow for synthesis in the design phase. The functional analysis breaks down the higher-level functions into the lower level functions. Answer D is incorrect. Requirements analysis encompasses the tasks that go into determining the needs or conditions to meet for a new or altered product, taking account of the possibly conflicting requirements of the various stakeholders.



The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

  1. Certification and accreditation decision
  2. Continue to review and refine the SSAA
  3. Perform certification evaluation of the integrated system
  4. System development
  5. Develop recommendation to the DAA

Answer(s): A,B,C,E

Explanation:

The Phase 3 of DITSCAP C&A is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. The process activities of this phase are as follows: Continue to review and refine the SSAA Perform certification evaluation of the integrated system Develop recommendation to the DAA Certification and accreditation decision Answer D is incorrect. System development is a Phase 2 activity.



Page 50 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

Mohamedk commented on December 24, 2024
It's very nice
Anonymous
upvote

Amer commented on December 24, 2024
Thanks alot
EGYPT
upvote

shankar commented on December 24, 2024
good set of questions
CHINA
upvote

VARSHA commented on December 24, 2024
GOOD QUSTIOENS.. LIKED IT
Anonymous
upvote

Robin commented on December 24, 2024
nice course
Anonymous
upvote

Rama laksmana commented on December 23, 2024
Good question
UNITED STATES
upvote

Chandru commented on December 23, 2024
Nice questions
UNITED STATES
upvote

Amr commented on December 23, 2024
Good tutorial
Anonymous
upvote

hari commented on December 23, 2024
Preparing for exam
INDIA
upvote

Ichigo Kurosaki commented on December 23, 2024
Can I pass the exam, if I have done suppose 150 questions from here?
MALAYSIA
upvote

Emma commented on December 23, 2024
Really helpful for preparing the exam
FRANCE
upvote

Siva commented on December 23, 2024
Good ones with the quick start
INDIA
upvote

sj commented on December 22, 2024
good set of questions
Anonymous
upvote

sj commented on December 22, 2024
Questions that are typically not covered as part of the aws learning course videos
Anonymous
upvote

sowmya commented on December 22, 2024
helpfull to prepare for the exam
Anonymous
upvote

Leandro commented on December 22, 2024
very usefull
BRAZIL
upvote

vishal solanke commented on December 22, 2024
Please try to post explanations
Anonymous
upvote

Suchi Poddar commented on December 22, 2024
Good set and nice to see that so much help for the students. Thankyou so much.
Anonymous
upvote

Prashant commented on December 22, 2024
good practise
Anonymous
upvote

shree sri commented on December 22, 2024
great work for learning
UNITED STATES
upvote

M Ajaykumar commented on December 21, 2024
Literally helpful
Anonymous
upvote

Narasimha commented on December 21, 2024
it is helpful for ACE GCP Exsm
INDIA
upvote

shan commented on December 21, 2024
Nice questions
Anonymous
upvote

resha commented on December 21, 2024
Very nicely explained
Anonymous
upvote

Abhishek commented on December 21, 2024
It was Nice
Anonymous
upvote

Sumeet G Hongekar commented on December 21, 2024
I am eger to write cad exaam
UNITED STATES
upvote

KAREEM ROFIAT BOLANLE commented on December 21, 2024
not yet written the exam
Anonymous
upvote

Subham commented on December 21, 2024
Good set of question for practice
Anonymous
upvote

Krish commented on December 20, 2024
Good to have test papers
INDIA
upvote

Ashish Sharma commented on December 20, 2024
Very elaborative explanation and apt questions
CANADA
upvote

Ashish Sharma commented on December 20, 2024
Very Useful
CANADA
upvote

Ashwani commented on December 20, 2024
Nice questions
UNITED KINGDOM
upvote

hardik commented on December 20, 2024
Very good content
UNITED STATES
upvote

Test commented on December 20, 2024
its helpful
Anonymous
upvote