ISC CSSLP - Certified Secure Software Lifecycle Professional Exam
Page: 2 / 70
Total 350 questions
Question #6 (Topic: Volume A)
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance Categories (MAC) and confidentiality levels. Which of the
following MAC levels requires high integrity and medium availability?
following MAC levels requires high integrity and medium availability?
A. MAC III
B. MAC IV
C. MAC I
D. MAC II
Answer: D
Question #7 (Topic: Volume A)
Microsoft software security expert Michael Howard defines some heuristics for determining code review in "A Process for Performing Security Code Reviews".
Which of the following heuristics increase the application's attack surface? Each correct answer represents a complete solution. Choose all that apply.
Which of the following heuristics increase the application's attack surface? Each correct answer represents a complete solution. Choose all that apply.
A. Code written in C/C++/assembly language
B. Code listening on a globally accessible network interface
C. Code that changes frequently
D. Anonymously accessible code
E. Code that runs by default
F. Code that runs in elevated context
Answer: BDEF
Question #8 (Topic: Volume A)
Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?
A. Authentication
B. Integrity
C. Non-repudiation
D. Confidentiality
Answer: D
Question #9 (Topic: Volume A)
What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete
solution. Choose all that apply.
solution. Choose all that apply.
A. Develop software requirements.
B. Implement change control procedures.
C. Develop evaluation criteria and evaluation plan.
D. Create acquisition strategy.
Answer: ACD
Question #10 (Topic: Volume A)
You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing
priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project?
priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project?
A. Qualitative risk analysis
B. Historical information
C. Rolling wave planning
D. Quantitative analysis
Answer: Project Scope Statement Risk Management Plan Risk Register Answer: B is incorrect. Historical information can be helpful in the qualitative risk analysis, but it is
