CSSLP試験無料問題集（349題）「ISC Certified Secure Software Lifecycle Professional Practice Test 認定」

出題：1

Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

A. Disaster Recovery Plan

B. Continuity of Operations Plan

C. Business Continuity Plan

D. Explanation:
BCP is a strategy to minimize the consequence of the instability and to allow for the continuation of business processes. The goal of BCP is to minimize the effects of a disruptive event on a company, and is formed to avoid interruptions to normal business activity. Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical plan is called a business continuity plan.

E. Contingency Plan

正解：C,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Companies use some special marks to distinguish their products from those of other companies. These marks can include words, letters, numbers, drawings, etc. Which of the following terms describes these special marks?

A. Business mark

B. Trademark

C. Product mark

D. Sales mark

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

You work as a project manager for BlueWell Inc. You are working on a project and the management wants a rapid and cost-effective means for establishing priorities for planning risk responses in your project. Which risk management process can satisfy management's objective for your project?

A. Historical information

B. Rolling wave planning

C. Quantitative analysis

D. Qualitative risk analysis

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

A. Scope and plan initiation

B. Plan approval and implementation

C. Business impact assessment

D. Business continuity plan development

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.

A. Right-Up Approach

B. Top-Down Approach

C. Bottom-Up Approach

D. Left-Up Approach

正解：B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

A. Business continuity plan

B. Disaster recovery plan

C. Contingency plan

D. Continuity of Operations Plan

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which of the following refers to the ability to ensure that the data is not modified or tampered with?

A. Integrity

B. Non-repudiation

C. Availability

D. Confidentiality

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which of the following elements sets up a requirement to receive the constrained requests over a protected layer connection, such as TLS (Transport Layer Security)?

A. Authorization constraint

B. User data constraint

C. Web resource collection

D. Accounting constraint

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure that the network infrastructure devices and networking standards used in this project are installed in accordance with the requirements of its detailed project design documentation. Which of the following procedures will you employ to accomplish the task?

A. Physical configuration audit

B. Configuration identification

C. Functional configuration audit

D. Configuration control

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

You work as a Security Manager for Tech Perfect Inc. In the organization, Syslog is used for computer system management and security auditing, as well as for generalized informational, analysis, and debugging messages. You want to prevent a denial of service (DoS) for the Syslog server and the loss of Syslog messages from other sources. What will you do to accomplish the task?

A. Use a different message format other than Syslog in order to accept data.

B. Limit the number of Syslog messages or TCP connections from a specific source for a certain time period.

C. Enable the storage of log entries in both traditional Syslog files and a database.

D. Encrypt rotated log files automatically using third-party or OS mechanisms.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：11

Which of the following provides an easy way to programmers for writing lower-risk applications and retrofitting security into an existing application?

A. Code obfuscation

B. Watermarking

C. Encryption wrapper

D. ESAPI

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

What are the various activities performed in the planning phase of the Software Assurance Acquisition process? Each correct answer represents a complete solution. Choose all that apply.

A. Develop evaluation criteria and evaluation plan.

B. Create acquisition strategy.

C. Implement change control procedures.

D. Develop software requirements.

正解：A,B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

The LeGrand Vulnerability-Oriented Risk Management method is based on vulnerability analysis and consists of four principle steps. Which of the following processes does the risk assessment step include? Each correct answer represents a part of the solution. Choose all that apply.

A. Assessment of attacks

B. Identification of vulnerabilities

C. Remediation of a particular vulnerability

D. Cost-benefit examination of countermeasures

正解：A,B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

Which of the following is a standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system?

A. FITSAF

B. SSAA

C. TCSEC

D. FIPS

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

CSSLP試験無料問題集「ISC Certified Secure Software Lifecycle Professional Practice Test 認定」