Question 1

Which of the following security architectures defines how to integrate widely disparate applications for a world that is Web-based and uses multiple implementation platforms?

Options :

A : Sherwood Applied Business Security Architecture

B : Enterprise architecture

C : Service-oriented architecture

D : Service-oriented modeling and architecture

Answer: C

Question 2

When analyzing the security of third-party software, which factors should be considered to ensure the software’s trustworthiness and reliability?

Options :

A : The origin of the software and reputation of the vendor

B : The overall rating provided in assessment reports such as the cloud controls matrix

C : The level of technical support provided by the vendor

D : The number of certificates the software has obtained

Answer: B

Question 3

Which of the following should be done throughout development? (Choose all that apply.)

Options :

A : Attack surface analysis

B : Threat models

C : Managed code

D : Cryptographic agility

Answer: A,B

Question 4

Quantitative risk assessment differs from qualitative risk assessment in that it predicts attacks based on what?

Options :

A : Penetration tests

B : Historical loss information

C : Projections based on qualitative factors

D : Zero-day loss information

Answer: B

Question 5

Which of the following statements about secure backup and restoration planning is correct?

Options :

A : In case of a system failure, create a disaster recovery plan that not only involves restoring data but also includes procedures for notifying the affected individuals, plans for mitigating further damage from data loss, and means for storing and retrieving the data securely.

B : In the world of cloud computing, the concept of creating backups is now an outmoded way of thinking. Merely make sure that all your databases create hot copies of the data in a secure cloud storage system for data recovery.

C : When creating backups, use a fast network connection to ensure that all data is backed up and to limit the time data is in motion.

D : When creating a plan for backup and restoration, you must consider that the cost of this action may exceed your normal operating budget.

Answer: A

Higher Test Marks with Free Online CSSLP Exam Practice

Buying Options: