Pass4Future also provide interactive practice exam software for preparing ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Exam effectively. You are welcome to explore sample free ISC2 CSSLP Exam questions below and also try ISC2 CSSLP Exam practice test software.
Do you know that you can access more real ISC2 CSSLP exam questions via Premium Access? ()
Which of the following can be used to accomplish authentication?
Each correct answer represents a complete solution. Choose all that apply.
Answer : B, C, D
The following can be used to accomplish authentication:
1.Password
2.Biometrics
3.Token
A password is a secret word or string of characters that is used for authentication, to prove identity, or gain access to a resource.
The NIST ITL Cloud Research Team defines some primary and secondary technologies as the fundamental elements of cloud computing in its "Effectively and Securely Using the Cloud Computing Paradigm" presentation. Which of the following technologies are included in the primary technologies?
Each correct answer represents a complete solution. Choose all that apply.
Answer : B, C, D
The primary technologies defined by the NIST ITL Cloud Research Team in its 'Effectively and Securely Using the Cloud Computing Paradigm'
presentation are as follows:
Virtualization
Grid technology
SOA (Service Oriented Architecture)
Distributed computing
Broadband network
Browser as a platform
Free and open source software
Answer A is incorrect. It is defined as the secondary technology.
Which of the following disaster recovery tests includes the operations that shut down at the primary site, and are shifted to the recovery site according to the disaster recovery plan?
Answer : B
A full-interruption test includes the operations that shut down at the primary site and are shifted to the recovery site according to the disaster
recovery plan. It operates just like a parallel test. The full-interruption test is very expensive and difficult to arrange. Sometimes, it causes a
major disruption of operations if the test fails.
Answer A is incorrect. The structured walk-through test is also known as the table-top exercise. In structured walk-through test, the
team members walkthrough the plan to identify and correct weaknesses and how they will respond to the emergency scenarios by stepping
in the course of the plan. It is the most effective and competent way to identify the areas of overlap in the plan before conducting more
challenging training exercises.
Answer C is incorrect. A parallel test includes the next level in the testing procedure, and relocates the employees to an alternate
recovery site and implements site activation procedures. These employees present with their disaster recovery responsibilities as they would
for an actual disaster. The disaster recovery sites have full responsibilities to conduct the day-to-day organization's business.
Answer D is incorrect. A simulation test is a method used to test the disaster recovery plans. It operates just like a structured walk-
through test. In the simulation test, the members of a disaster recovery team present with a disaster scenario and then, discuss on
appropriate responses. These suggested responses are measured and some of them are taken by the team. The range of the simulation test
should be defined carefully for avoiding excessive disruption of normal business activities.
In which of the following deployment models of cloud is the cloud infrastructure administered by the organizations or a third party? Each correct answer represents a complete solution. Choose two.
Answer : A, D
In private cloud, the cloud infrastructure is operated exclusively for an organization. The private cloud infrastructure is administered by the
organization or a third party, and exists on premise and off premise.
In community cloud, the cloud infrastructure is shared by a number of organizations and supports a particular community. The community cloud
infrastructure is administered by the organizations or a third party and exists on premise or off premise.
Answer B is incorrect. In public cloud, the cloud infrastructure is administered by an organization that sells cloud services.
Answer C is incorrect. In hybrid cloud, the cloud infrastructure is administered by both, i.e., an organization and a third party.
Fill in the blank with an appropriate phrase The is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity.
See Below Explanation:
The Biba model is a formal state transition system of computer security policy that describes a set of access control rules
designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may
not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.
Answer : A
The Biba model is a formal state transition system of computer security policy that describes a set of access control rules
designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may
not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.
