ISC CSSLP - Certified Secure Software Lifecycle Professional Exam
Page: 1 / 70
Total 350 questions
Question #1 (Topic: Volume A)
You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network. While auditing the company's network, you are facing problems
in searching the faults and other entities that belong to it. Which of the following risks may occur due to the existence of these problems?
in searching the faults and other entities that belong to it. Which of the following risks may occur due to the existence of these problems?
A. Residual risk
B. Secondary risk
C. Detection risk
D. Inherent risk
Answer: procedure or using procedures inconsistent with the audit objectives (detection faults). Answer: A is incorrect. Residual risk is the risk or danger of an action or an
Question #2 (Topic: Volume A)
The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum standard process for the certification and accreditation of
computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security
assessment? Each correct answer represents a part of the solution. Choose all that apply.
computer and telecommunications systems that handle U.S. national security information. Which of the following participants are required in a NIACAP security
assessment? Each correct answer represents a part of the solution. Choose all that apply.
A. Certification agent
B. Designated Approving Authority
C. IS program manager
D. Information Assurance Manager
E. User representative
Answer: process. Answer: D is incorrect. Information Assurance Manager (IAM) is one of the key participants in the DIACAP process.
Question #3 (Topic: Volume A)
DRAG DROP
Drop the appropriate value to complete the formula.
Select and Place:
Drop the appropriate value to complete the formula.
Select and Place:
Answer: 
Question #4 (Topic: Volume A)
Which of the following penetration testing techniques automatically tests every phone line in an exchange and tries to locate modems that are attached to the
network?
network?
A. Demon dialing
B. Sniffing
C. Social engineering
D. Dumpster diving
Answer: Information about these modems can then be used to attempt external unauthorized access. Answer: B is incorrect. In sniffing, a protocol analyzer is used to
Question #5 (Topic: Volume A)
Which of the following roles is also known as the accreditor?
A. Data owner
B. Chief Risk Officer
C. Chief Information Officer
D. Designated Approving Authority
Answer: D
