Question 1

Conformance requirements ensure that the software satisfies what?

Options :

A : Internal policies and standards

B : Government regulations

C : Government contracts and standards

D : Project commitments

Answer: A

Question 2

The attack surface of software is the code within the system that can be:

Options :

A : Run without user permission

B : Leads to buffer overflows and injection attacks

C : All answers are correct

D : Accessed by unauthorized parties

Answer: D

Question 3

Which of these technologies can be utilized to facilitate proper information transfer? (Choose all that apply.)

Options :

A : Checkpoints

B : Proxies

C : Tokens

D : Firewalls

Answer: B,D

Question 4

Which of the following are the tasks performed by the owner in the information classification schemes? Each correct answer represents a part of the solution. Choose three

Options :

A : To make original determination to decide what level of classification the information requires, which is based on the business requirements for the safety of the data.

B : To review the classification assignments from time to time and make alterations as the business requirements alter.

C : To perform data restoration from the backups whenever required

D : To delegate the responsibility of the data safeguard duties to the custodian.

Answer: A,B,D

Question 5

The Flaw Hypothesis Method employs which of the following set of phases?

Options :

A : Hypothesize the financial risk involved in early software release compared to missed revenue by not releasing it. Take out insurance in the form of bonds to protect yourself from lawsuits due to failed security. Hire a Chief Security Officer knowledgeable in software risk assessment.

Hypothesize the financial risk involved in early software release compared to missed revenue by not releasing it. Take out insurance in the form of bonds to protect yourself from lawsuits due to failed security. Hire a Chief Security Officer knowledgeable in software risk assessment.

B : Hypothesize potential flaws based on the software documentation. Confirm the flaws through testing. Generalize about the flaws in order to uncover other similar flaws. Create countermeasures against such flaws.

C : Hypothesize which attack vectors a malware attack might take to penetrate your software product. Confirm the flaw using pen testing software. Fix potential software flaws discovered through pen testing. Educate the programmer on ways not to create the same vulnerability.

D : Run an AI code assessment program on your code to discover flaws. Repair the flaws. Run the AI assessment again to see if new flaws were introduced. Monitor vulnerabilities so they can be repaired in the next release.

Answer: C

Higher Test Marks with Free Online CSSLP Exam Practice

Buying Options: