Latest ISC CSSLP Actual Free Exam Questions & Community Discussion, Page 5

Question #61

The NIST ITL Cloud Research Team defines some primary and secondary technologies as the fundamental elements of cloud computing in its "Effectively and Securely Using the Cloud Computing Paradigm" presentation. Which of the following technologies are included in the primary technologies? Each correct answer represents a complete solution. Choose all that apply.

A. Virtualization

B. Web application framework

C. SOA

D. Explanation:
The primary technologies defined by the NIST ITL Cloud Research Team in its
"Effectively and Securely Using the Cloud Computing Paradigm" presentation are as follows:
Virtualization Grid technology SOA (Service Oriented Architecture) Distributed computing
Broadband network Browser as a platform Free and open source software

E. Free and open source software

Discussion 0

Correct Answer: A,C,D,E Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #62

Which of the following coding practices are helpful in simplifying code? Each correct answer represents a complete solution. Choose all that apply.

A. Software should avoid ambiguities and hidden assumptions, recursions, and GoTo statements.

B. Programmers should use multiple small and simple functions rather than a single complex function.

C. Programmers should implement high-consequence functions in minimum required lines of code and follow proper coding standards.

D. Processes should have multiple entry and exit points.

Discussion 0

Correct Answer: A,B,C,D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #63

An assistant from the HR Department calls you to ask the Service Hours & Maintenance Slots for your ERP system. In which document will you most probably find this information?

A. Service Level Requirements

B. Release Policy

C. Underpinning Contract

D. Service Level Agreement

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #64

Which of the following are examples of the application programming interface (API)? Each correct answer represents a complete solution. Choose three.

A. HTML

B. .NET

C. Perl

D. PHP

Discussion 0

Correct Answer: B,C,D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #65

Which of the following DoD policies establishes policies and assigns responsibilities to achieve DoD IA through a defense-in-depth approach that integrates the capabilities of personnel, operations, and technology, and supports the evolution to network-centric warfare?

A. DoD 8500.1 Information Assurance (IA)

B. DoD 8500.2 Information Assurance Implementation

C. DoDI 5200.40

D. DoD 8510.1-M DITSCAP

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #66

DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high integrity and medium availability?

A. MAC I

B. MAC IV

C. MAC II

D. MAC III

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #67

In 2003, NIST developed a new Certification & Accreditation (C&A) guideline known as FIPS 199. What levels of potential impact are defined by FIPS 199? Each correct answer represents a complete solution. Choose all that apply.

A. High

B. Low

C. Moderate

D. Medium

Discussion 0

Correct Answer: A,B,D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #68

Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

A. Configuration Item Costing

B. Configuration Verification and Auditing

C. Configuration Identification

D. Configuration Status Accounting

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #69

What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete solution. Choose all that apply.

A. Develop evaluation criteria and evaluation plan.

B. Create acquisition strategy.

C. Develop software requirements.

D. Implement change control procedures.

Discussion 0

Correct Answer: A,B,C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #70

Which of the following is an example of over-the-air (OTA) provisioning in digital rights management?

A. Use of concealment to avoid tampering attacks.

B. Use of software to meet the deployment goals.

C. Use of shared secrets to initiate or rebuild trust.

D. Use of device properties for unique identification.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #71

The service-oriented modeling framework (SOMF) provides a common modeling notation to address alignment between business and IT organizations. Which of the following principles does the SOMF concentrate on? Each correct answer represents a part of the solution. Choose all that apply.

A. Software assets reuse

B. Disaster recovery planning

C. SOA value proposition

D. Architectural components abstraction

E. Business traceability

Discussion 0

Correct Answer: A,C,D,E Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #72

Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject?

A. Biba Integrity Model

B. Bell-LaPadula Model

C. Access Matrix

D. Take-Grant Protection Model

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #73

In which of the following cryptographic attacking techniques does an attacker obtain encrypted messages that have been encrypted using the same encryption algorithm?

A. Chosen ciphertext attack

B. Chosen plaintext attack

C. Ciphertext only attack

D. Known plaintext attack

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #74

A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies? Each correct answer represents a complete solution. Choose all that apply.

A. Advisory

B. Regulatory

C. Informative

D. Systematic

Discussion 0

Correct Answer: A,B,C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #75

Which of the following testing methods verifies the interfaces between components against a software design?

A. Unit testing

B. Black-box testing

C. Integration testing

D. Regression testing

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

ISC CSSLP Actual Free Exam Questions & Community Discussion

Download Free ISC CSSLP Demo