Certified Secure Software Lifecycle Professional

Here you have the best ISC CSSLP practice exam questions

  • You have 171 total questions to study from
  • Each page has 5 questions, making a total of 35 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on December 12, 2024
Question 1 of 171

You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network. While auditing the company's network, you are facing problems in searching the faults and other entities that belong to it. Which of the following risks may occur due to the existence of these problems?

    Correct Answer:

    Detection risk refers to the risk that an auditor will not detect an existing fault or misstatement in the company's network. This is exactly the problem described in the scenario, where the auditor is facing difficulties in identifying faults. Therefore, the risk associated with these challenges is detection risk.

Question 2 of 171

The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security assessment? Each correct answer represents a part of the solution. Choose all that apply.

    Correct Answer:

    The National Information Assurance Certification and Accreditation Process (NIACAP) defines specific roles that are required to be involved in a security assessment. These participants include the Certification Agent, who provides technical expertise; the Designated Approving Authority (DAA), who assumes responsibility for operating the system; the IS Program Manager, who manages the Information Systems throughout their lifecycle; and the User Representative, who focuses on system availability, access, integrity, functionality, performance, and confidentiality. The role of the Information Assurance Manager is specific to the DIACAP process, not NIACAP. Therefore, the participants required in a NIACAP security assessment are the Certification Agent, Designated Approving Authority, IS Program Manager, and User Representative.

Question 3 of 171

DRAG DROP -

Drop the appropriate value to complete the formula.

Select and Place:

    Correct Answer:

    A Single Loss Expectancy (SLE) is the value in dollar ($) that is assigned to a single event. The SLE can be calculated by the following formula: SLE

    = Asset Value ($) X Exposure Factor (EF) The Exposure Factor (EF) represents the % of assets loss caused by a threat. The EF is required to calculate the Single

    Loss Expectancy (SLE). The Annualized Loss Expectancy (ALE) can be calculated by multiplying the Single Loss Expectancy (SLE) with the Annualized Rate of

    Occurrence (ARO). Annualized Loss Expectancy (ALE) = Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO) Annualized Rate of Occurrence

    (ARO) is a number that represents the estimated frequency in which a threat is expected to occur. It is calculated based upon the probability of the event occurring and the number of employees that could make that event occur.

Question 4 of 171

Which of the following penetration testing techniques automatically tests every phone line in an exchange and tries to locate modems that are attached to the network?

    Correct Answer:

    The technique that automatically tests every phone line in an exchange and tries to locate modems attached to the network is called demon dialing. This method involves systematically calling each telephone number in a range to determine which ones have modems connected, allowing potential unauthorized access.

Question 5 of 171

Which of the following roles is also known as the accreditor?

    Correct Answer:

    The Designated Approving Authority (DAA) is also known as the accreditor. The DAA is responsible for formally assuming responsibility for operating a system at an acceptable level of risk. This role involves authorizing a system's operation after evaluating its security posture and associated risks. The DAA's main function is to ensure that a system meets the necessary security requirements and can be trusted to operate within defined risk thresholds.