Free Certified Secure Software Lifecycle Professional Exam CSSLP Exam Practice Test

What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete solution. Choose all that apply.

• Develop software requirements.
• Implement change control procedures.
• Develop evaluation criteria and evaluation plan.
• Create acquisition strategy.

Which of the following is an example of penetration testing?

• Implementing NIDS on a network
• Implementing HIDS on a computer
• Simulating an actual attack on a network
• Configuring firewall to block unauthorized traffic

A part of a project deals with the hardware work. As a project manager, you have decided to hire a company to deal with all hardware work on the project. Which type of risk response is this?

• Exploit
• Mitigation
• Transference
• Avoidance

Which of the following sections come under the ISO/IEC 27002 standard?

• Security policy
• Asset management
• Financial assessment
• Risk assessment

Which of the following methods offers a number of modeling practices and disciplines that contribute to a successful service-oriented life cycle management and modeling?

• Service-oriented modeling framework (SOMF)
• Service-oriented architecture (SOA)
• Sherwood Applied Business Security Architecture (SABSA)
• Service-oriented modeling and architecture (SOMA)

Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software. Which of the following SDLC phases meets the audit objectives defined below:System and data are validated.System meets all user requirements.System meets all control requirements.

• Evaluation and acceptance
• Programming and training
• Definition
• Initiation

In which type of access control do user ID and password system come under?

• Physical
• Technical
• Power
• Administrative

Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

• NSA-IAM
• NIACAP
• ASSET
• DITSCAP

Which of the following are the primary functions of configuration management?Each correct answer represents a complete solution. Choose all that apply.

• It removes the risk event entirely by adding additional steps to avoid the event.
• It ensures that the change is implemented in a sequential manner through formalized testing.
• It reduces the negative impact that the change might have had on the computing services and resources.
• It analyzes the effect of the change that is implemented on the system.

In which of the following cryptographic attacking techniques does an attacker obtain encrypted messages that have been encrypted using the same encryption algorithm?

• Chosen plaintext attack
• Chosen ciphertext attack
• Ciphertext only attack
• Known plaintext attack