Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CSSLPFree trial

By isc

Verified

25Q per page

Question 26

The NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Standards" specifies potential advantages and disdvantages of virtualization. Which of the following disadvantages does it include? Each correct answer represents a complete solution. Choose all that apply.

A: It increases capabilities for fault tolerant computing using rollback and snapshot features.
B: It increases intrusion detection through introspection.
C: It initiates the risk that malicious software is targeting the VM environment.
D: It increases overall security risk shared resources.
E: It creates the possibility that remote attestation may not work.
F: It involves new protection mechanisms for preventing VM escape, VM detection, and VM-VM interference.
G: It increases configuration effort because of complexity and composite system.

—

Question 27

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

A: Physical
B: Technical
C: Administrative
D: Automatic

—

Question 28

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.

A: Initiate IA implementation plan
B: Develop DIACAP strategy
C: Assign IA controls.
D: Assemble DIACAP team
E: Register system with DoD Component IA Program.
F: Conduct validation activity.

—

Question 29

Which of the following attacks causes software to fail and prevents the intended users from accessing software?

A: Enabling attack
B: Reconnaissance attack
C: Sabotage attack
D: Disclosure attack

—

Question 30

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

A: Level 2
B: Level 3
C: Level 5
D: Level 1
E: Level 4

—

Question 31

Which of the following is a name, symbol, or slogan with which a product is identified?

A: Trademark
B: Copyright
C: Trade secret
D: Patent

—

Question 32

Which of the following penetration testing techniques automatically tests every phone line in an exchange and tries to locate modems that are attached to the network?

A: Demon dialing
B: Sniffing
C: Social engineering
D: Dumpster diving

—

Question 33

Which of the following coding practices are helpful in simplifying code? Each correct answer represents a complete solution. Choose all that apply.

A: Programmers should use multiple small and simple functions rather than a single complex function.
B: Software should avoid ambiguities and hidden assumptions, recursions, and GoTo statements.
C: Programmers should implement high-consequence functions in minimum required lines of code and follow proper coding standards.
D: Processes should have multiple entry and exit points.

—

Question 34

Which of the following methods does the Java Servlet Specification v2.4 define in the HttpServletRequest interface that control programmatic security? Each correct answer represents a complete solution. Choose all that apply.

A: getCallerIdentity()
B: isUserInRole()
C: getUserPrincipal()
D: getRemoteUser()

—

Question 35

You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks. Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?

A: A qualitative risk analysis encourages biased data to reveal risk tolerances.
B: A qualitative risk analysis required unbiased stakeholders with biased risk tolerances.
C: A qualitative risk analysis requires accurate and unbiased data if it is to be credible.
D: A qualitative risk analysis requires fast and simple data to complete the analysis.

—

That’s the end of your free questions

You’ve reached the preview limit for CSSLP

Consider upgrading to gain full access!

Page 2 of 7 • Questions 26-50 of 173

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!