CSSLP Exam Details

  • Exam Code
    :CSSLP
  • Exam Name
    :Certified Secure Software Lifecycle Professional (CSSLP)
  • Certification
    :ISC Certifications
  • Vendor
    :ISC
  • Total Questions
    :354 Q&As
  • Last Updated
    :Jul 10, 2026

ISC CSSLP Online Questions & Answers

  • Question 111:

    Which of the following documents were developed by NIST for conducting Certification and Accreditation (CandA)? Each correct answer represents a complete solution. Choose all that apply.

    A. NIST Special Publication 800-60
    B. NIST Special Publication 800-53
    C. NIST Special Publication 800-37A
    D. NIST Special Publication 800-59
    E. NIST Special Publication 800-37
    F. NIST Special Publication 800-53A

  • Question 112:

    Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to have a security program in place. What are the objectives of a security program? Each correct answer represents a complete solution. Choose all that apply.

    A. Security education
    B. Security organization
    C. System classification
    D. Information classification

  • Question 113:

    An asset with a value of $600,000 is subject to a successful malicious attack threat twice a year. The asset has an exposure of 30 percent to the threat. What will be the annualized loss expectancy?

    A. $360,000
    B. $180,000
    C. $280,000
    D. $540,000

  • Question 114:

    There are seven risks responses that a project manager can choose from. Which risk response is appropriate for both positive and negative risk events?

    A. Acceptance
    B. Transference
    C. Sharing
    D. Mitigation

  • Question 115:

    Audit trail or audit log is a chronological sequence of audit records, each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Under which of the following controls does audit control come?

    A. Reactive controls
    B. Detective controls
    C. Protective controls
    D. Preventive controls

  • Question 116:

    You work as a systems engineer for BlueWell Inc. Which of the following tools will you use to look outside your own organization to examine how others achieve their performance levels, and what processes they use to reach those levels?

    A. Benchmarking
    B. Six Sigma
    C. ISO 9001:2000
    D. SEI-CMM

  • Question 117:

    Which of the following attacks causes software to fail and prevents the intended users from accessing software?

    A. Enabling attack
    B. Reconnaissance attack
    C. Sabotage attack D. Disclosure attack

  • Question 118:

    Which of the following processes describes the elements such as quantity, quality, coverage, timelines, and availability, and categorizes the different functions that the system will need to perform in order to gather the documented mission/ business needs?

    A. Human factors
    B. Functional requirements
    C. Performance requirements
    D. Operational scenarios

  • Question 119:

    FIPS 199 defines the three levels of potential impact on organizations: low, moderate, and high. Which of the following are the effects of loss of confidentiality, integrity, or availability in a high level potential impact?

    A. The loss of confidentiality, integrity, or availability might result in a major damage to organizational assets.
    B. The loss of confidentiality, integrity, or availability might result in severe damages like life threatening injuries or loss of life.
    C. The loss of confidentiality, integrity, or availability might result in major financial losses.
    D. The loss of confidentiality, integrity, or availability might cause severe degradation in or loss of mission capability to an extent.

  • Question 120:

    Which of the following are included in Technical Controls? Each correct answer represents a complete solution. Choose all that apply.

    A. Identification and authentication methods
    B. Configuration of the infrastructure
    C. Password and resource management
    D. Implementing and maintaining access control mechanisms
    E. Security devices
    F. Conducting security-awareness training

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only ISC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CSSLP exam preparations and ISC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.