CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISC2
  5. CSSLP

Free CSSLP Exam Braindumps (page: 7)

Page 7 of 88
PDF with 357 Questions

Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity?

  1. RTO
  2. RTA
  3. RPO
  4. RCO

Answer(s): A

Explanation:

The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster or disruption in order to avoid unacceptable consequences associated with a break in business continuity. It includes the time for trying to fix the problem without a recovery, the recovery itself, tests and the communication to the users. Decision time for user representative is not included. The business continuity timeline usually runs parallel with an incident management timeline and may start at the same, or different, points. In accepted business continuity planning methodology, the RTO is established during the Business Impact Analysis (BIA) by the owner of a process (usually in conjunction with the Business Continuity planner). The RTOs are then presented to senior management for acceptance. The RTO attaches to the business process and not the resources required to support the process. Answer B is incorrect. The Recovery Time Actual (RTA) is established during an exercise, actual event, or predetermined based on recovery methodology the technology support team develops. This is the time frame the technology support takes to deliver the recovered infrastructure to the business. Answer D is incorrect. The Recovery Consistency Objective (RCO) is used in Business Continuity Planning in addition to Recovery Point Objective (RPO) and Recovery Time Objective (RTO). It applies data consistency objectives to Continuous Data Protection services. Answer C is incorrect. The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must be recovered as defined by the organization. The RPO is generally a definition of what an organization determines is an "acceptable loss" in a disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2 hours. Based on this RPO the data must be restored to within 2 hours of the disaster.



Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls?

  1. Information Assurance (IA)
  2. Information systems security engineering (ISSE)
  3. Certification and accreditation (C&A)
  4. Risk Management

Answer(s): C

Explanation:

Certification and accreditation (C&A) is a set of processes that culminate in an agreement between key players that a system in its current configuration and operation provides adequate protection controls. Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. The C&A process is used extensively in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3. Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls. Answer D is incorrect. Risk management is a set of processes that ensures a risk-based approach is used to determine adequate, cost- effective security for a system. Answer A is incorrect. Information assurance (IA) is the process of organizing and monitoring information-related risks. It ensures that only the approved users have access to the approved information at the approved time. IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation. These objectives are applicable whether the information is in storage, processing, or transit, and whether threatened by an attack. Answer B is incorrect. ISSE is a set of processes and solutions used during all phases of a system's life cycle to meet the system's information protection needs.



Adam works as a Computer Hacking Forensic Investigator for a garment company in the United States. A project has been assigned to him to investigate a case of a disloyal employee who is suspected of stealing design of the garments, which belongs to the company and selling those garments of the same design under different brand name. Adam investigated that the company does not have any policy related to the copy of design of the garments. He also investigated that the trademark under which the employee is selling the garments is almost identical to the original trademark of the company. On the grounds of which of the following laws can the employee be prosecuted?

  1. Espionage law
  2. Trademark law
  3. Cyber law
  4. Copyright law

Answer(s): B

Explanation:

The Trademark law is a piece of legislation that contains the federal statutes of trademark law in the United States. The Act prohibits a number of activities, including trademark infringement, trademark dilution, and false advertising. Trademarks were traditionally protected in the United States only under State common law, growing out of the tort of unfair competition. Trademark law in the United States is almost entirely enforced through private lawsuits. The exception is in the case of criminal counterfeiting of goods. Otherwise, the responsibility is entirely on the mark owner to file suit in either state or federal civil court in order to restrict an infringing use. Failure to "police" a mark by stopping infringing uses can result in the loss of protection. Answer D is incorrect. Copyright law of the United States governs the legally enforceable rights of creative and artistic works under the laws of the United States. Copyright law in the United States is part of federal law, and is authorized by the U.S. Constitution. The power to enact copyright law is granted in Article I, Section 8, Clause 8, also known as the Copyright Clause. This clause forms the basis for U.S. copyright law ("Science", "Authors", "Writings") and patent law ("useful Arts", "Inventors", "Discoveries"), and includes the limited terms (or durations) allowed for copyrights and patents ("limited Times"), as well as the items they may protect. In the U.S., registrations of claims of copyright, recordation of copyright transfers, and other administrative aspects of copyright are the responsibility of the United States Copyright Office, a part of the Library of Congress. Answer A is incorrect. The Espionage Act of 1917 was a United States federal law passed shortly after entering World War I, on June 15, 1917, which made it a crime for a person: To convey information with intent to interfere with the operation or success of the armed forces of the United States or to promote the success of its enemies. This was punishable by death or by imprisonment for not more than 30 years. To convey false reports or false statements with intent to interfere with the operation or success of the military or naval forces of the United States or to promote the success of its enemies and whoever when the United States is at war, to cause or attempt to cause insubordination, disloyalty, mutiny, refusal of duty, in the military or naval forces of the United States, or to willfully obstruct the recruiting or enlistment service of the United States. Answer C is incorrect. Cyber law is a very wide term, which wraps up the legal issue related to the use of communicative, transactional and distributive aspect of networked information device and technologies. It is commonly known as INTERNET LAW. These Laws are important to apply as Internet does not tend to make any geographical and jurisdictional boundaries clear; this is the reason why Cyber law is not very efficient. A single transaction may involve the laws of at least three jurisdictions, which are as follows: 1.The laws of the state/nation in which the user resides 2.The laws of the state/nation that apply where the server hosting the transaction is located 3.The laws of the state/nation, which apply to the person or business with whom the transaction takes place



John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. In order to do so, he performs the following steps of the pre-attack phase successfully: Information gathering Determination of network range Identification of active systems Location of open ports and applications Now, which of the following tasks should he perform next?

  1. Perform OS fingerprinting on the We-are-secure network.
  2. Map the network of We-are-secure Inc.
  3. Install a backdoor to log in remotely on the We-are-secure server.
  4. Fingerprint the services running on the we-are-secure network.

Answer(s): A

Explanation:

John will perform OS fingerprinting on the We-are-secure network. Fingerprinting is the easiest way to detect the Operating System (OS) of a remote system. OS detection is important because, after knowing the target system's OS, it becomes easier to hack into the system. The comparison of data packets that are sent by the target system is done by fingerprinting. The analysis of data packets gives the attacker a hint as to which operating system is being used by the remote system. There are two types of fingerprinting techniques as follows: 1.Active fingerprinting 2.Passive fingerprinting In active fingerprinting ICMP messages are sent to the target system and the response message of the target system shows which OS is being used by the remote system. In passive fingerprinting the number of hops reveals the OS of the remote system.
Answers D and B are incorrect. John should perform OS fingerprinting first, after which it will be easy to identify which services are running on the network since there are many services that run only on a specific operating system. After performing OS fingerprinting, John should perform networking mapping. Answer C is incorrect. This is a pre-attack phase, and only after gathering all relevant knowledge of a network should John install a backdoor.



Page 7 of 88



Post your Comments and Discuss ISC2 CSSLP exam with other Community members:

Mohamed commented on November 17, 2024
No Comments
Anonymous
upvote

shakila commented on November 16, 2024
how to start i m begginer
Anonymous
upvote

peter commented on November 16, 2024
I'm finding these question helpful
Anonymous
upvote

Kris commented on November 16, 2024
Nice Questions
Anonymous
upvote

Folarin commented on November 15, 2024
Nice content, hope to take my exam soonest
Anonymous
upvote

Dag Alytus commented on November 15, 2024
This is helpful
UNITED STATES
upvote

Priscilla commented on November 15, 2024
I'm waiting for more questions
Anonymous
upvote

togdheer commented on November 15, 2024
good revision resource
UNITED STATES
upvote

Mohammed commented on November 15, 2024
After checking these questions and reviewing all the answers and Explanations I realized that I would not have been able to pass the exam based on my current knowledge. This is completely changed my approach in how I am going to prepare now.
UNITED STATES
upvote

Makhmoor commented on November 15, 2024
please make it free
EUROPEAN UNION
upvote

Ardi commented on November 14, 2024
its a great platform to upskilling your knowledge about blockchain
Anonymous
upvote

Quentin commented on November 14, 2024
I noticed that some comments were related to answers not being 100% correct. But for me as long as questions are real and same as the actual exam I was okay.
Mexico
upvote

kagelelo commented on November 14, 2024
how do you pass the ged science test
Anonymous
upvote

Chris Nalla commented on November 14, 2024
Very insightful piece.
Anonymous
upvote

baba commented on November 14, 2024
want to learn
Anonymous
upvote

Anand commented on November 14, 2024
Not bad at all. It covers all the exam topics and it provides some insight to the types of questions that you are going to see in real exam.
INDIA
upvote

Godlover commented on November 14, 2024
Very up to date. I passed my exams. I studied very well though. But the past questions was exceedingly helpful too. Just practice the questions as much as you can. As for me I practiced all, and repracticed about 350 questions again before the exams day.
Anonymous
upvote

LasNumber commented on November 14, 2024
This Are Very Useful Q's and A's. on exam some Questions wont come as they are but mostly will come as the are. Study to Know
Anonymous
upvote

Yeshwanth commented on November 14, 2024
Nice Questions and helpful for exam preparation.
Anonymous
upvote

Jenil Gandhi commented on November 14, 2024
Hi everyone could sone share the certification voucher for PD2.
INDIA
upvote

Nicole commented on November 13, 2024
I am working towards my exam. Finding these prep to be very useful
CANADA
upvote

Nicole commented on November 13, 2024
Very helpful
CANADA
upvote

Bianca commented on November 13, 2024
Consistent questions
Anonymous
upvote

Larry commented on November 13, 2024
Good content
Anonymous
upvote

Dipu commented on November 13, 2024
Great Source , i feel really good questions
Anonymous
upvote

Dipu commented on November 13, 2024
Nice questions
Anonymous
upvote

Nathaniel Okeke commented on November 13, 2024
nice way to practice for the exam
Anonymous
upvote

Ashwini commented on November 13, 2024
I would appreciate for resources you can provide
INDIA
upvote

Ganiyu Ogunlana commented on November 13, 2024
Great Insight into the exams
Anonymous
upvote

Vuyo commented on November 13, 2024
Very Helpful
Anonymous
upvote

Suleman khan commented on November 13, 2024
Huawei is my favourite I'm enjoying these questions
PAKISTAN
upvote

Pandiyan Venkatraman commented on November 13, 2024
good question
Anonymous
upvote

Eb'Oney commented on November 12, 2024
I think the answer here should be B. Split the Logged column by using at as the delimiter
UNITED STATES
upvote

Hadiza commented on November 12, 2024
useful for exam preparation
Anonymous
upvote