New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 1 Question 90 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 90
Topic #: 1
[All CSSLP Questions]

Which of the following SDLC phases consists of the given security controls: Misuse Case Modeling

Security Design and Architecture Review

Threat and Risk Modeling

Security Requirements and Test Cases Generation

Show Suggested Answer Hide Answer
Suggested Answer: C

The DAA, also known as Authorizing Official, makes the final accreditation decision. The Designated Approving Authority (DAA), in the United

States Department of Defense, is the official with the authority to formally assume responsibility for operating a system at an acceptable level

of risk. The DAA is responsible for implementing system security. The DAA can grant the accreditation and can determine that the system's

risks are not at an acceptable level and the system is not ready to be operational.

Answer D is incorrect. An Information System Security Officer (ISSO) plays the role of a supporter. The responsibilities of an Information

System Security Officer (ISSO) are as follows:

Manages the security of the information system that is slated for Certification & Accreditation (C&A).

Insures the information systems configuration with the agency's information security policy.

Supports the information system owner/information owner for the completion of security-related responsibilities.

Takes part in the formal configuration management process.

Prepares Certification & Accreditation (C&A) packages.

Answer A is incorrect. An Information System Security Engineer (ISSE) plays the role of an advisor. The responsibilities of an

Information System Security Engineer are as follows:

Provides view on the continuous monitoring of the information system.

Provides advice on the impacts of system changes.

Takes part in the configuration management process.

Takes part in the development activities that are required to implement system changes.

Follows approved system changes.

Answer B is incorrect. A Chief Risk Officer (CRO) is also known as Chief Risk Management Officer (CRMO). The Chief Risk Officer or Chief

Risk Management Officer of a corporation is the executive accountable for enabling the efficient and effective governance of significant risks,

and related opportunities, to a business and its various segments. Risks are commonly categorized as strategic, reputational, operational,

financial, or compliance-related. CRO's are accountable to the Executive Committee and The Board for enabling the business to balance risk

and reward. In more complex organizations, they are generally responsible for coordinating the organization's Enterprise Risk Management

(ERM) approach.


by Carolynn at Jun 30, 2024, 09:13 PM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Mitzie
3 months ago
I thought some of those could fit in Requirements too!
upvoted 0 times
...
Lenora
3 months ago
Yup, Design is where security gets baked in.
upvoted 0 times
...
Phil
3 months ago
Wait, are we sure about that? Seems a bit off.
upvoted 0 times
...
Maynard
4 months ago
I agree, all those controls fit there.
upvoted 0 times
...
Francine
4 months ago
Definitely the Design phase!
upvoted 0 times
...
Johana
4 months ago
I feel like all those security controls are part of the Design phase, but I might be overthinking it.
upvoted 0 times
...
Lachelle
4 months ago
Misuse Case Modeling sounds like something we discussed in the Design phase, but I could be mixing it up with another topic.
upvoted 0 times
...
Ligia
4 months ago
I remember practicing a question about security requirements, and it seemed to fit into the Requirements Gathering phase.
upvoted 0 times
...
Beatriz
5 months ago
I think the security controls mentioned are mostly related to the Design phase, but I'm not completely sure.
upvoted 0 times
...
Yasuko
5 months ago
This is a good test of my understanding of the SDLC and security practices. I'll need to carefully analyze each option to determine the best fit.
upvoted 0 times
...
Lawanda
5 months ago
I'm feeling pretty confident about this one. The security controls listed seem to clearly point to the Design phase of the SDLC.
upvoted 0 times
...
Jade
5 months ago
Okay, I've got a strategy. I'll start by identifying which SDLC phase each security control is typically associated with, then match that to the options.
upvoted 0 times
...
Allene
5 months ago
Hmm, I'm a bit confused by the options. I'll need to think through each phase and how the given security controls fit in.
upvoted 0 times
...
Felix
5 months ago
This looks like a tricky one. I'll need to carefully review the security controls listed and match them to the SDLC phases.
upvoted 0 times
...
Portia
5 months ago
I'm a bit confused by the options here. BOOTP, Phage.963, and Vapor.741 don't sound like real digital certificate formats to me. I'll have to eliminate those.
upvoted 0 times
...
Wai
5 months ago
This seems straightforward to me. Virtualization is generally not recommended for Interactive Client Systems, as they require direct access to the application resources. I'm confident I can eliminate the inappropriate options and select the right answers.
upvoted 0 times
...
Tresa
5 months ago
This seems like a good opportunity to apply the concepts we've been learning. I'll need to be careful with the timing and discount rate, but I'm feeling confident I can work through this step-by-step.
upvoted 0 times
...
Mauricio
9 months ago
This question is like a 'security Easter egg' in the exam. If you don't know your SDLC phases, you'll be 'misusing' the case. Better choose D) Design, my fellow security ninjas!
upvoted 0 times
...
Melinda
9 months ago
As a security enthusiast, I'm excited to see this question. D) Design is the obvious choice here. Gotta love those 'Threat and Risk Modeling' activities!
upvoted 0 times
Kassandra
8 months ago
Misuse Case Modeling helps in identifying potential security risks in the design phase.
upvoted 0 times
...
William
8 months ago
Security Design and Architecture Review is also important in the design phase.
upvoted 0 times
...
Jarvis
8 months ago
Threat and Risk Modeling is crucial for ensuring security in the design phase.
upvoted 0 times
...
Lizbeth
9 months ago
I agree, D) Design is the correct phase for those security controls.
upvoted 0 times
...
...
Ronald
10 months ago
I'm pretty sure this is the design phase. The security controls listed are all about designing secure systems. D) Design is the way to go.
upvoted 0 times
...
Tran
10 months ago
Hmm, the 'Misuse Case Modeling' makes me think this is related to the requirements gathering phase. But the other options seem more relevant. I'll go with D) Design.
upvoted 0 times
Alaine
8 months ago
User 3: I'll go with D) Design.
upvoted 0 times
...
Armando
8 months ago
User 2: I agree, but the other options seem more relevant.
upvoted 0 times
...
Brynn
9 months ago
User 1: I think it might be related to requirements gathering.
upvoted 0 times
...
...
Fausto
10 months ago
This question seems tricky. The security controls mentioned are not typically associated with the deployment phase, so I'm leaning towards D) Design.
upvoted 0 times
Reynalda
9 months ago
Yeah, I agree. They wouldn't really fit in the Deployment phase.
upvoted 0 times
...
Nakisha
9 months ago
I think it's D) Design too. Those security controls are more related to the design phase.
upvoted 0 times
...
...
Eladia
11 months ago
I'm not sure, but I think it could also be A) Deployment, as security controls are implemented during deployment as well.
upvoted 0 times
...
Lindsay
11 months ago
I agree with Lonny, because security controls like Threat and Risk Modeling are usually part of the design phase.
upvoted 0 times
...
Lonny
11 months ago
I think the answer is D) Design.
upvoted 0 times
...

Save Cancel