Upload
goldie
View
214
Download
0
Embed Size (px)
Citation preview
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 1/18
How To Deal With The Problem of Preparation of CSSLP Exam
he preparation can be started once after knowing the syllabus of exam. If you start browsing to find a suitable source to prepare
SC2 CSSLP/ CSSLP from, you will be bombarded with thousands of results. It then adds to your hard work to look for the most
uthentic source from that heap. To save you from this trouble, I will tell you the source that will give you the most reliable
nformation on the Certified Secure Software Lifecycle Professional exam you have to attempt.
Have Pass4sureTest By Your Side
he website I am talking about is Pass4sureTest and it is the most dependable source of CSSLP Certified Secure Software Lifecycle
rofessional exam preparation material. This is because it has been in association with ISC2 for a long period of time now and is
onsidered as best out there. In addition, Pass4sureTest is one of the forerunners of preparation movement and has been helping
andidates to get through their exams for stretch of time.
Verify Reliability Through Testimonials
You can verify the reliability and relevancy by looking at the long line of testimonials stated by the customers. The Pass4sureTest
as successfully turned a number of customers into certified ISC2 professionals. The testimonial section is full of claims by ISC2
ertified Secure Software Lifecycle Professional professionals that willingly guarantee the reliability of Pass4sureTest.
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 2/18
What is Special About The CSSLP Exam Product?
How would you know that the material provided by Pass4sureTest is unique andncomparable to others? Well this can be confirmed by looking at the material
provided to you. It is in rich PDF format which is easy to read and edit. Moreover,here is also special software included in the product that allows you to practice theest before taking exam.
CSSLP Practice Test Software
The CSSLP practice software is created by specialists who have made sure that thequestions in this software cover all the syllabus topics of the ISC2 CSSLP exam.Resultantly, you will get full coverage of the syllabus.
The Facility To Set CSSLP ExamPreferences
With numerous accessibility options provided by thePass4sureTest's product, you can change exam
preferences, languages and other options as well. So, doas you please.
Simulation of ISC2 CSSLP Exam
The practice test software provided in the productimitates the Certified Secure Software LifecycleProfessional exam environment and hence, provides youthe opportunity to attempt the real exam before itactually happens. As a result, your confidence is drivenup and you will enter the examination hall knowingwhat you are going to face in there.
With highly effective tools developed by McAfee and a SSL 64-bitframework, Pass4sureTest gives you unbeatable security.
SAFE AND SECURE
QUALITY IS OUR GUARANTEE
The material provided by the Pass4sureTest is top quality. Suchquality is achieved by a complete research of the CSSLP Certified
Secure Software Lifecycle Professional exam syllabus to create the preparatory material.
HANDY INTERFACE
The product is specially designed by keeping in mind the problems people have with the tech products. To ensure this ISC2 CertifiedSecure Software Lifecycle Professional specialists have worked hardand made a handy product.
Money Back Guarantee
Pass4sureTest is verymuch confident about the
product it offers and as aresult, it gives each andevery candidate a 90days' window to state his
ailure in CSSLP/ CSSLP exam. If aandidate brings forth his failure in 90 days,ass4sureTest pays the money back to theandidate. What better opportunity can theree to make your investment risk-free? For
more details, visit the website.
Never Remain Behind onUpdates
Pass4sureTest knows theimportance of updates ina software related
product. Therefore, it provides routine updatesfor the syllabus, ISC2
CSSLP exam questions and the software.These updates can be downloaded free of cost. To get benefit fully from the product,you should regularly check for updates.
Discounts And Rewards
Current customersare enjoying benefitsof cash-back offerswhereas new
promotions arelaunched for the newcustomers. By buying
the ISC2 CSSLP/ CSSLP Certified SecureSoftware Lifecycle Professional exam
package, you can get a 30% discount. It willremain by your side during you entire
professional career and will keep on helpingyou.
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 3/18
Try Free Demo of ISC2 CSSLP Exam Questions
n't trust Pass4sureTest before trying the free demo of the CSSLP exam product. This will enable you to check the quality as well. Get the demo for SLP/ CSSLP exam now, free of cost. When you get satisfied with the quality, make the final purchase. Do leave your valuable feedback as it is a
od source of insight.
http://www.pass4suretest.com/CSSLP-exam.html
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 4/18
ISC2
CSSLP
Certified Secure Software Lifecycle Professional
Demo Product
To Buy Full Set of Exam Questions, Visit:http://www.pass4suretest.com/CSSLP-exam.html
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 5/18
Question 1
You work as a Network Auditor for Net Perfect Ic. The compay has a Widows-based etwork.While audin the compay's etwork, you are facin problems i searchin the faults ad other
ees that belon to it. Which of the followin risks may occur due to the existece of these
problems?
A. Residual risk
B. Secodary risk
C. Deteco risk
D. Iheret risk
Aoswern C
Explaao
Deteco risks are the risks that a auditor will ot be able to d what they are lookin to detect.
Hece, it becomes tedious to report
enae results whe material codios (faults) actually exist. Deteco risk icludes two types of
risk
Samplin risk This risk occurs whe a auditor falsely accepts or erroeously rejects a audit
sample.
Nosamplin risk This risk occurs whe a auditor fails to detect a codio because of ot applyin
the appropriate procedure or
usin procedures icosistet with the audit objeces (deteco faults).
Aswer A is icorrect. Residual risk is the risk or daner of a aco or a eet, a method or a(techical) process that, althounh bein
abreast with sciece, sll coceies these daners, ee if all theorecally possible safety measures
would be applied (sciecally
coceiable measures).
The formula to calculate residual risk is (iheret risk) x (cotrol risk) where iheret risk is (threats
ulerability). I the ecoomic cotext,
residual meas "the quaty le oer at the ed of a process; a remaider".
Aswer D is icorrect. Iheret risk, i audin, is the risk that the accout or seco bein audited
is materially misstated without
cosiderin iteral cotrols due to error or fraud. The assessmet of iheret risk depeds o the
professioal judnmet of the auditor, adit is doe aer assessin the busiess eiromet of the ety bein audited.
Aswer B is icorrect. A secodary risk is a risk that arises as a strainht cosequece of
implemen a risk respose. The secodary
risk is a outcome of dealin with the orinial risk. Secodary risks are ot as rinorous or importat
as primary risks, but ca tur out to be so
if ot esmated ad plaed properly.
Question 2
The Naoal Iformao Assurace Cercao ad Accreditao Process (NIACAP) is the
miimum stadard process for the cercao ad accreditao of computer ad
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 6/18
telecommuicaos systems that hadle U.S. aoal security iformao. Which of the followin
parcipats are required i a NIACAP security assessmet?
Each correct aswer represets a part of the soluo. Choose all that apply.
A. Cercao anet
B. Desinated Approin AuthorityC. IS pronram maaner
D. Iformao Assurace Maaner
E. User represetae
Aoswern C, B, A, aod
E
Explaao
The NIACAP roles are early the same as the DITSCAP roles. Four miimum parcipats (roles) are
required to perform a NIACAP securityassessmet
IS pronram maaner The IS pronram maaner is the primary authorizao adocate. He is
resposible for the Iformao Systems
(IS) throunhout the life cycle of the system deelopmet.
Desinated Approin Authority (DAA) The Desinated Approin Authority (DAA), i the Uited
States Departmet of Defese, is the
ocial with the authority to formally assume resposibility for operan a system at a acceptable
leel of risk.
Cercao anet The cercao anet is also referred to as the cerer. He proides the
techical experse to coduct the
cercao throunhout the system life cycle.User represetae The user represetae focuses o system aailability, access, itenrity,
fucoality, performace, ad
codeality i a Cercao ad Accreditao (C&A) process.
Aswer D is icorrect. Iformao Assurace Maaner (IAM) is oe of the key parcipats i the
DIACAP process.
Question 3
Drop the appropriate alue to complete the formula.
Aoswern
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 7/18
Explaao A Sinle Loss Expectacy (SLE) is the alue i dollar ($) that is assined to a sinle eet.
The SLE ca be calculated by the
followin formula
SLE = Asset Value ($) X Exposure Factor (EF)
The Exposure Factor (EF) represets the % of assets loss caused by a threat. The EF is required to
calculate the Sinle Loss Expectacy (SLE).
The Aualized Loss Expectacy (ALE) ca be calculated by mulplyin the Sinle Loss Expectacy
(SLE) with the Aualized Rate of
Occurrece (ARO).
Aualized Loss Expectacy (ALE) = Sinle Loss Expectacy (SLE) X Aualized Rate of Occurrece
(ARO)Aualized Rate of Occurrece (ARO) is a umber that represets the esmated frequecy i which a
threat is expected to occur. It is
calculated based upo the probability of the eet occurrin ad the umber of employees that
could make that eet occur.
Question 4
Which of the followin peetrao tesn techiques automacally tests eery phoe lie i a
exchane ad tries to locate modems that are aached to the etwork?
A. Demo dialinB. Sin
C. Social enieerin
D. Dumpster diin
Aoswern A
Explaao
The demo dialin techique automacally tests eery phoe lie i a exchane ad tries to locate
modems that are aached to the
etwork. Iformao about these modems ca the be used to aempt exteral uauthorized
access.
Aswer B is icorrect. I sin, a protocol aalyzer is used to capture data packets that are later
decoded to collect iformao such
as passwords or ifrastructure conuraos.
Aswer D is icorrect. Dumpster diin techique is used for searchin paper disposal areas for
ushredded or otherwise improperly
disposed-of reports.
Aswer C is icorrect. Social enieerin is the most commoly used techique of all, nen
iformao (like passwords) just by
askin for them.
Question 5
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 8/18
Which of the followin roles is also kow as the accreditor?
A. Data ower
B. Chief Risk Ocer
C. Chief Iformao OcerD. Desinated Approin Authority
Aoswern D
Explaao
Desinated Approin Authority (DAA) is also kow as the accreditor.
Aswer A is icorrect. The data ower (iformao ower) is usually a member of maanemet, i
charne of a specic busiess uit,
ad is ulmately resposible for the proteco ad use of a specic subset of iformao.
Aswer B is icorrect. A Chief Risk Ocer (CRO) is also kow as Chief Risk Maanemet Ocer
(CRMO). The Chief Risk Ocer or Chief Risk Maanemet Ocer of a corporao is the execue accoutable for eablin the eciet ad
eece noerace of sinicat risks,
ad related opportuies, to a busiess ad its arious senmets. Risks are commoly catenorized as
stratenic, reputaoal, operaoal,
acial, or compliace-related. CRO's are accoutable to the Execue Commiee ad The Board
for eablin the busiess to balace risk
ad reward. I more complex ornaizaos, they are neerally resposible for coordian the
ornaizao's Eterprise Risk Maanemet
(ERM) approach.
Aswer C is icorrect. The Chief Iformao Ocer (CIO), or Iformao Techolony (IT) director, is
a job tle commoly nie to themost seior execue i a eterprise resposible for the iformao techolony ad computer
systems that support eterprise noals. The
CIO plays the role of a leader ad reports to the chief execue ocer, chief operaos ocer, or
chief acial ocer. I military
ornaizaos, they report to the commadin ocer.
Question 6
DoD 8500.2 establishes IA cotrols for iformao systems accordin to the Missio Assurace
Catenories (MAC) ad codeality leels. Which of the followin MAC leels requires hinh
itenrity ad medium aailability?
A. MAC III
B. MAC IV
C. MAC I
D. MAC II
Aoswern D
Explaao
The arious MAC leels are as follows
MAC I It states that the systems hae hinh aailability ad hinh itenrity.
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 9/18
MAC II It states that the systems hae hinh itenrity ad medium aailability.
MAC III It states that the systems hae basic itenrity ad aailability.
Question 7
Microso soware security expert Michael Howard dees some heuriscs for determiin codereiew i "A Process for Performin Security Code Reiews". Which of the followin heuriscs
icrease the applicao's aack surface? Each correct aswer represets a complete soluo.
Choose all that apply.
A. Code wrie i C/C++/assembly lanuane
B. Code listein o a nlobally accessible etwork iterface
C. Code that chanes frequetly
D. Aoymously accessible code
E. Code that rus by default
F. Code that rus i eleated cotext
Aoswern B, F, E, aod D
Explaao
Microso soware security expert Michael Howard dees the followin heuriscs for determiin
code reiew i "A Process for Performin
Security Code Reiews"
Old code Newer code proides beer uderstadin of soware security ad has lesser umber of
ulerabilies. Older code must be
checked deeply.
Code that rus by default It must hae hinh quality, ad must be checked deeply tha code that does
ot execute by default. Codethat rus by default icreases the applicao's aack surface.
Code that rus i eleated cotext It must hae hinher quality. Code that rus i eleated priilenes
must be checked deeply ad
icreases the applicao's aack surface.
Aoymously accessible code It must be checked deeply tha code that oly authorized users ad
admiistrators ca access, ad it
icreases the applicao's aack surface.
Code listein o a nlobally accessible etwork iterface It must be checked deeply for security
ulerabilies ad icreases the
applicao's aack surface.
Code wrie i C/C++/assembly lanuane It is proe to security ulerabilies, for example, bueroerrus.
Code with a history of security ulerabilies It icludes addioal ulerabilies except cocerted
eorts that are required for
remoin them.
Code that hadles sesie data It must be checked deeply to esure that data is protected from
uiteoal disclosure.
Complex code It icludes udiscoered errors because it is more dicult to aalyze complex code
maually ad pronrammacally.
Code that chanes frequetly It has more security ulerabilies tha code that does ot chane
frequetly.
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 10/18
Question 8
Which of the followin cryptonraphic system serices esures that iformao will ot be disclosed
to ay uauthorized perso o a local etwork?
A. AuthecaoB. Itenrity
C. No-repudiao
D. Codeality
Aoswern D
Explaao
The codeality serice of a cryptonraphic system esures that iformao will ot be disclosed
to ay uauthorized perso o a local
etwork.
Question 9
What are the arious acies performed i the plain phase of the Soware Assurace
Acquisio process? Each correct aswer represets a complete soluo. Choose all that apply.
A. Deelop soware requiremets.
B. Implemet chane cotrol procedures.
C. Deelop ealuao criteria ad ealuao pla.
D. Create acquisio strateny.
Aoswern C, A, aod D
Explaao
The arious acies performed i the plain phase of the Soware Assurace Acquisio process
are as follows
Determie soware product or serice requiremets.
Idefy associated risks.
Deelop soware requiremets.
Create acquisio strateny.
Deelop ealuao criteria ad ealuao pla.
Dee deelopmet ad use of SwA due dilinece quesoaires.Aswer B is icorrect. This acity is performed i the moitorin ad acceptace phase of the
Soware Assurace acquisio process.
Question 10
You work as a project maaner for BlueWell Ic. You are workin o a project ad the maanemet
wats a rapid ad cost-eece meas for establishin priories for plain risk resposes i your
project. Which risk maanemet process ca sasfy maanemet's objece for your project?
A. Qualitae risk aalysis
B. Historical iformaoC. Rollin wae plain
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 11/18
D. Quatae aalysis
Aoswern A
Explaao
Qualitae risk aalysis is the best aswer as it is a fast ad low-cost approach to aalyze the riskimpact ad its eect. It ca promote
certai risks oto risk respose plain. Qualitae Risk Aalysis uses the likelihood ad impact of
the ideed risks i a fast ad cost-
eece maer. Qualitae Risk Aalysis establishes a basis for a focused quatae aalysis or
Risk Respose Pla by ealuan the
precedece of risks with a cocer to impact o the project's scope, cost, schedule, ad quality
objeces. The qualitae risk aalysis is
coducted at ay poit i a project life cycle. The primary noal of qualitae risk aalysis is to
determie proporo of eect ad theorecal
respose. The iputs to the Qualitae Risk Aalysis process are
Ornaizaoal process assetsProject Scope Statemet
Risk Maanemet Pla
Risk Renister
Aswer B is icorrect. Historical iformao ca be helpful i the qualitae risk aalysis, but it is
ot the best aswer for the queso
as historical iformao is ot always aailable (cosider ew projects).
Aswer D is icorrect. Quatae risk aalysis is i-depth ad oe requires a schedule ad
budnet for the aalysis.
Aswer C is icorrect. Rollin wae plain is ot a alid aswer for risk aalysis processes.
Question 11
Which of the followin models uses a directed nraph to specify the rinhts that a subject ca trasfer
to a object or that a subject ca take from aother subject?
A. Take-Grat Proteco Model
B. Biba Itenrity Model
C. Bell-LaPadula Model
D. Access Matrix
Aoswern A
Explaao
The take-nrat proteco model is a formal model used i the eld of computer security to establish
or disproe the safety of a nie
computer system that follows specic rules. It shows that for specic systems the queso of safety
is decidable i liear me, which is i
neeral udecidable.
The model represets a system as directed nraph, where erces are either subjects or objects. The
ednes betwee them are labeled ad
the label idicates the rinhts that the source of the edne has oer the desao. Two rinhts occur i
eery istace of the model take ad
nrat. They play a special role i the nraph rewrin rules describin admissible chanes of the
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 12/18
nraph.
Aswer D is icorrect. The access matrix is a strainhorward approach that proides access rinhts to
subjects for objects.
Aswer C is icorrect. The Bell-LaPadula model deals oly with the codeality of classied
material. It does ot address itenrity or
aailability.Aswer B is icorrect. The itenrity model was deeloped as a aalon to the Bell-LaPadula
codeality model ad the became
more sophiscated to address addioal itenrity requiremets.
Question 12
You are the project maaner for GHY Project ad are workin to create a risk respose for a enae
risk. You ad the project team hae ideed the risk that the project may ot complete o me, as
required by the maanemet, due to the creao of the user nuide for the soware you're crean.
You hae elected to hire a exteral writer i order to sasfy the requiremets ad to alleiate the
risk eet. What type of risk respose hae you elected to use i this istace?
A. Trasferece
B. Exploin
C. Aoidace
D. Sharin
Aoswern A
Explaao
This is a example of trasferece as you hae trasferred the risk to a third party. Trasferece
almost always is doe with a enae risk eet ad it usually requires a cotractual relaoship.
Question 13
Which of the followin ornaizaos assists the Presidet i oerseein the preparao of the
federal budnet ad to superise its
admiistrao i Execue Brach anecies?
A. OMB
B. NIST
C. NSA/CSS
D. DCAA
Aoswern A
Explaao
The Oce of Maanemet ad Budnet (OMB) is a Cabiet-leel oce, ad is the larnest oce withi
the Execue Oce of the Presidet
(EOP) of the Uited States. The curret OMB Director is Peter Orszan ad was appoited by Presidet
Barack Obama.
The OMB's predomiat missio is to assist the Presidet i oerseein the preparao of the
federal budnet ad to superise its
admiistrao i Execue Brach anecies. I helpin to formulate the Presidet's spedin plas,the OMB ealuates the eeceess of
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 13/18
anecy pronrams, policies, ad procedures, assesses compen fudin demads amon anecies,
ad sets fudin priories. The OMB
esures that anecy reports, rules, tesmoy, ad proposed lenislao are cosistet with the
Presidet's Budnet ad with Admiistrao
policies.
Aswer D is icorrect. The DCAA has the aim to moitor cotractor costs ad perform cotractoraudits.
Aswer C is icorrect. The Naoal Security Anecy/Cetral Security Serice (NSA/CSS) is a crypto-
lonic itellinece anecy of the
Uited States noermet. It is admiistered as part of the Uited States Departmet of Defese.
NSA is resposible for the colleco ad
aalysis of forein commuicaos ad forein sinals itellinece, which ioles cryptaalysis.
NSA is also resposible for protecn U.S. noermet commuicaos ad iformao systems
from similar anecies elsewhere, which
ioles cryptonraphy. NSA is a key compoet of the U.S. Itellinece Commuity, which is headed
by the Director of Naoal Itellinece.
The Cetral Security Serice is a co-located anecy created to coordiate itellinece acies ad
co-operao betwee NSA ad U.S.
military cryptaalysis anecies. NSA's work is limited to commuicaos itellinece. It does ot
perform eld or huma itellinece acies.
Aswer B is icorrect. The Naoal Istute of Stadards ad Techolony (NIST), kow betwee
1901 ad 1988 as the Naoal
Bureau of Stadards (NBS), is a measuremet stadards laboratory which is a o-renulatory anecy
of the Uited States Departmet of
Commerce. The istute's ocial missio is to promote U.S. ioao ad idustrial
compeeess by adacin measuremet sciece,
stadards, ad techolony i ways that ehace ecoomic security ad improe quality of life.
Question 14
Part of your chane maanemet pla details what should happe i the chane cotrol system for
your project. Theresa, a juior project
maaner, asks what the conurao maanemet acies are for scope chanes. You tell her that
all of the followin are alid
conurao maanemet acies except for which oe?
A. Conurao Idecao
B. Conurao Vericao ad Audin
C. Conurao Status AccounD. Conurao Item Cosn
Aoswern D
Explaao
Conurao item cost is ot a alid acity for conurao maanemet. Cost chanes are
maaned by the cost chane cotrol system;
conurao maanemet is cocered with chanes to the features ad fucos of the project
delierables.
Question 15
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 14/18
Which of the followin types of redudacy preets aacks i which a aacker ca net physical
cotrol of a machie, isert uauthorized soware, ad alter data?
A. Data redudacy
B. Hardware redudacyC. Process redudacy
D. Applicao redudacy
Aoswern C
Explaao
Process redudacy permits soware to ru simultaeously o mulple neonraphically distributed
locaos, with on o results. It
preets aacks i which a aacker ca net physical cotrol of a machie, isert uauthorized
soware, ad alter data.
Question 16
Which of the followin idiiduals ispects whether the security policies, stadards, nuidelies, ad
procedures are ecietly performed i accordace with the compay's stated security objeces?
A. Iformao system security professioal
B. Data ower
C. Seior maanemet
D. Iformao system auditor
Aoswern D
Explaao
A iformao system auditor is a idiidual who ispects whether the security policies, stadards,
nuidelies, ad procedures are ecietly
performed i accordace with the compay's stated security objeces. He is resposible for
reporn the seior maanemet about the
alue of security cotrols by performin renular ad idepedet audits.
Aswer B is icorrect. A data ower determies the sesiity or classicao leels of data.
Aswer A is icorrect. A iformaoal systems security professioal is a idiidual who desins,
implemets, maanes, ad reiews
the security policies, stadards, nuidelies, ad procedures of the ornaizao. He is resposible to
implemet ad maitai security by the
seior-leel maanemet.
Aswer C is icorrect. A seior maanemet assins oerall resposibilies to other idiiduals.
Question 17
Which of the followin process areas does the SSE-CMM dee i the 'Project ad Ornaizaoal
Pracces' catenory? Each correct aswer represets a complete soluo. Choose all that apply.
A. Proide Onoin Skills ad Kowledne
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 15/18
B. Verify ad Validate Security
C. Maane Project Risk
D. Improe Ornaizao's System Enieerin Process
Aoswern C, D, aod A
Explaao
Project ad Ornaizaoal Pracces iclude the followin process areas
PA12 Esure Quality
PA13 Maane Conurao
PA14 Maane Project Risk
PA15 Moitor ad Cotrol Techical Eort
PA16 Pla Techical Eort
PA17 Dee Ornaizao's System Enieerin Process
PA18 Improe Ornaizao's System Enieerin Process
PA19 Maane Product Lie Eoluo
PA20 Maane Systems Enieerin Support EirometPA21 Proide Onoin Skills ad Kowledne
PA22 Coordiate with Suppliers
Question 18
The LeGrad Vulerability-Orieted Risk Maanemet method is based o ulerability aalysis ad
cosists of four priciple steps. Which of the followin processes does the risk assessmet step
iclude?
Each correct aswer represets a part of the soluo. Choose all that apply.
A. Remediao of a parcular ulerabilityB. Cost-beet examiao of coutermeasures
C. Idecao of ulerabilies
D. Assessmet of aacks
Aoswern C, B, aod D
Explaao
Risk assessmet icludes idecao of ulerabilies, assessmet of losses caused by threats
materialized, cost-beet examiao of coutermeasures, ad assessmet of aacks.
Aswer A is icorrect. This process is icluded i the ulerability maanemet.
Question 19
You work as a Security Maaner for Tech Perfect Ic. You hae set up a SIEM serer for the followin
purposes Aalyze the data from dieret lon sources Correlate the eets amon the lon etries
Idefy ad priorize sinicat eets Iiate resposes to eets if required Oe of your lon
moitorin sta wats to kow the features of SIEM product that will help them i these purposes.
What features will you recommed?
Each correct aswer represets a complete soluo. Choose all that apply.
A. Asset iformao storane ad correlaoB. Trasmissio codeality proteco
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 16/18
C. Icidet trackin ad reporn
D. Security kowledne base
E. Graphical user iterface
Aoswern E, D, C, aod
A
Explaao
The features of SIEM products are as follows
Graphical user iterface (GUI) It is used i aalysis for idefyin poteal problems ad reiewin
all aailable data that are
associated with the problems.
Security kowledne base It icludes iformao o kow ulerabilies, lon messanes, ad other
techical data.
Icidet trackin ad hackin It has robust workow features to track ad report icidets.
Asset iformao storane ad correlao It nies hinher priority to a aack that aects a
ulerable OS or a mai host.Aswer B is icorrect. SIEM product does ot hae this feature.
Question 20
Accordin to U.S. Departmet of Defese (DoD) Istruco 8500.2, there are einht Iformao
Assurace (IA) areas, ad the cotrols are referred to as IA cotrols. Which of the followin are
amon the einht areas of IA deed by DoD? Each correct aswer represets a complete soluo.
Choose all that apply.
A. VI Vulerability ad Icidet Maanemet
B. Iformao systems acquisio, deelopmet, ad maiteace
C. DC Security Desin & Conurao
D. EC Eclae ad Compun Eiromet
Aoswern C, A, aod D
Explaao
Accordin to U.S. Departmet of Defese (DoD) Istruco 8500.2, there are einht Iformao
Assurace (IA) areas, ad the cotrols are
referred to as IA cotrols. Followin are the arious U.S. Departmet of Defese iformao security
stadardsDC Security Desin & Conurao
IA Idecao ad Authecao
EC Eclae ad Compun Eiromet
EB Eclae Boudary Defese
PE Physical ad Eirometal
PR Persoel
CO Couity
VI Vulerability ad Icidet Maanemet
Aswer B is icorrect. Busiess couity maanemet is a Iteraoal iformao security
stadard.
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 17/18
8/18/2019 Trusted CSSLP Exam Preparation Method
http://slidepdf.com/reader/full/trusted-csslp-exam-preparation-method 18/18
THANKS FOR TRYING THE DEMO OF OUR PRODUCT
Visit Our Site to Purchase the Full Set of Actual CSSLP Exam Quesos With Aswers.
http://www.pass4suretest.com/CSSLP-exam.html
We Also Proide Pracce Exam Soware That Simulates Real Exam Eiromet Ad Has
May Self-Assessmet Features. Dowload Free Product Demo From
http://www.pass4suretest.com/CSSLP-exam.html
Moey Back Guaratee
Check Out Our Customer Tesmoials