ISC-CSSLP

NIST SP 800-53A defines three types of interview depending on the level of assessment conducted. Which of the following NIST SP 800-53A interviews consists of informal and ad hoc interviews?

Which of the following are the principle duties performed by the BIOS during POST (power-on-self-test)? Each correct answer represents a part of the solution. Choose all that apply.

In which of the following architecture styles does a device receive input from connectors and generate transformed outputs?

Fred is the project manager of the CPS project. He is working with his project team to prioritize the identified risks within the CPS project. He and the team are prioritizing risks for further analysis or action by assessing and combining the risks probability of occurrence and impact. What process is Fred completing?

Which of the following are the levels of public or commercial data classification system? Each correct answer represents a complete solution. Choose all that apply.

Which of the following is a name, symbol, or slogan with which a product is identified?

Which of the following penetration testing techniques automatically tests every phone line in an exchange and tries to locate modems that are attached to the network?

Which of the following coding practices are helpful in simplifying code? Each correct answer represents a complete solution. Choose all that apply.

Which of the following methods does the Java Servlet Specification v2.4 define in the HttpServletRequest interface that control programmatic security? Each correct answer represents a complete solution. Choose all that apply.

You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks. Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?

Which of the following features of SIEM products is used in analysis for identifying potential problems and reviewing all available data that are associated with the problems?

Which of the following is the process of finding weaknesses in cryptographic algorithms and obtaining the plaintext or key from the ciphertext?

Which of the following agencies is responsible for funding the development of many technologies such as computer networking, as well as NLS?

Which of the following are the scanning methods used in penetration testing? Each correct answer represents a complete solution. Choose all that apply.

Which of the following methods can be helpful to eliminate social engineering threat? Each correct answer represents a complete solution. Choose three.

Digital rights management (DRM) consists of compliance and robustness rules. Which of the following features does the robustness rule have? Each correct answer represents a complete solution. Choose three.

Which of the following types of attacks occurs when an attacker successfully inserts an intermediary software or program between two communicating hosts?

Which of the following is an example of penetration testing?

Which of the following security controls works as the totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination of which is responsible for enforcing a security policy?

You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the person who made that change. What is this called?

The NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Standards" specifies potential advantages and disdvantages of virtualization. Which of the following disadvantages does it include? Each correct answer represents a complete solution. Choose all that apply.

Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

What are the subordinate tasks of the Initiate and Plan IA C&A phase of the DIACAP process? Each correct answer represents a complete solution. Choose all that apply.

Which of the following attacks causes software to fail and prevents the intended users from accessing software?

FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

Which of the following NIST Special Publication documents provides a guideline on network security testing?

Which of the following tools is used to attack the Digital Watermarking?

You and your project team have identified the project risks and now are analyzing the probability and impact of the risks. What type of analysis of the risks provides a quick and high-level review of each identified risk event?

What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?