CSSLP Exam Details

  • Exam Code
    :CSSLP
  • Exam Name
    :Certified Secure Software Lifecycle Professional (CSSLP)
  • Certification
    :ISC Certifications
  • Vendor
    :ISC
  • Total Questions
    :354 Q&As
  • Last Updated
    :Jul 10, 2026

ISC CSSLP Online Questions & Answers

  • Question 81:

    Which of the following is used by attackers to record everything a person types, including usernames, passwords, and account information?

    A. Packet sniffing
    B. Keystroke logging
    C. Spoofing
    D. Wiretapping

  • Question 82:

    Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

    A. Single Loss Expectancy (SLE)
    B. Annualized Rate of Occurrence (ARO)
    C. Safeguard
    D. Exposure Factor (EF)

  • Question 83:

    Which of the following statements are true about declarative security? Each correct answer represents a complete solution. Choose all that apply.

    A. It is employed in a layer that relies outside of the software code or uses attributes of the code.
    B. It applies the security policies on the software applications at their runtime.
    C. In this security, authentication decisions are made based on the business logic.
    D. In this security, the security decisions are based on explicit statements.

  • Question 84:

    What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

    A. Project Management Information System
    B. Integrated Change Control
    C. Configuration Management System
    D. Scope Verification

  • Question 85:

    Adrian is the project manager of the NHP Project. In her project there are several work packages that deal with electrical wiring. Rather than to manage the risk internally she has decided to hire a vendor to complete all work packages that deal with the electrical wiring. By removing the risk internally to a licensed electrician Adrian feels more comfortable with project team being safe. What type of risk response has Adrian used in this example?

    A. Acceptance
    B. Avoidance
    C. Mitigation
    D. Transference

  • Question 86:

    The Phase 3 of DITSCAP CandA is known as Validation. The goal of Phase 3 is to validate that the preceding work has produced an IS that operates in a specified computing environment. What are the process activities of this phase? Each correct answer represents a complete solution. Choose all that apply.

    A. Certification and accreditation decision
    B. Continue to review and refine the SSAA
    C. Perform certification evaluation of the integrated system
    D. System development
    E. Develop recommendation to the DAA

  • Question 87:

    Which of the following NIST Special Publication documents provides a guideline on network security testing?

    A. NIST SP 800-42
    B. NIST SP 800-53A
    C. NIST SP 800-60
    D. NIST SP 800-53
    E. NIST SP 800-37
    F. NIST SP 800-59

  • Question 88:

    Which of the following security design patterns provides an alternative by requiring that a user's authentication credentials be verified by the database before providing access to that user's data?

    A. Secure assertion
    B. Authenticated session
    C. Password propagation
    D. Account lockout

  • Question 89:

    You work as a security engineer for BlueWell Inc. You want to use some techniques and procedures to verify the effectiveness of security controls in Federal Information System. Which of the following NIST documents will guide you?

    A. NIST Special Publication 800-53
    B. NIST Special Publication 800-59
    C. NIST Special Publication 800-53A
    D. NIST Special Publication 800-37

  • Question 90:

    You work as a Network Auditor for Net Perfect Inc. The company has a Windows-based network. While auditing the company's network, you are facing problems in searching the faults and other entities that belong to it. Which of the following risks may occur due to the existence of these problems?

    A. Residual risk
    B. Secondary risk
    C. Detection risk
    D. Inherent risk

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only ISC exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CSSLP exam preparations and ISC certification application, do not hesitate to visit our Vcedump.com to find your solutions here.