Cyber Monday 2023! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: CM25OFF
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Certified Secure Software Lifecycle Professional Exam

Certification Provider: ISC2
Exam Name: Certified Secure Software Lifecycle Professional
Duration: 240 Minutes
Number of questions in our database: 357
Exam Version: Nov. 18, 2023
Exam Official Topics:
  • Topic 1: Manage Security Within a Software Development Methodology/ Define Software Security Requirements
  • Topic 2: Perform Security Architecture and Design Review/ Identify and Analyze Compliance Requirements
  • Topic 3: Analyze Security Implications of Test Results/ Identify and Analyze Data Classification Requirements
  • Topic 4: Incorporate Integrated Risk Management (IRM)/ Develop Security Requirement Traceability Matrix (STRM)
  • Topic 5: Use Secure Architecture and Design Principles, Patterns, and Tools/ Model (Non-Functional) Security Properties and Constraints
  • Topic 6: Perform Verification and Validation Testing/ Performing Architectural Risk Assessment
  • Topic 7: Define and Develop Security Documentation/ Identify and Analyze Privacy Requirements
  • Topic 8: Develop Security Testing Strategy and Plan/ Evaluate and Select Reusable Secure Design
  • Topic 9: Securely Reuse Third-Party Code or Libraries/ Identify Security Standards and Frameworks
  • Topic 10: Apply Security During the Build Process/ Define Secure Operational Architecture
  • Topic 11: Adhere to Relevant Secure Coding Practices/ Identify Undocumented Functionality

Free ISC2 Certified Secure Software Lifecycle Professional Exam Actual Questions

The questions for Certified Secure Software Lifecycle Professional were last updated On Nov. 18, 2023

Question #1

Fill in the blank with an appropriate phrase The is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity.

Reveal Solution Hide Solution
Correct Answer: A

The Biba model is a formal state transition system of computer security policy that describes a set of access control rules

designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may

not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.


Question #2

Copyright holders, content providers, and manufacturers use digital rights management (DRM) in order to limit usage of digital media and devices. Which of the following security challenges does DRM include? Each correct answer represents a complete solution. Choose all that apply.

Reveal Solution Hide Solution
Correct Answer: A, C, D

The security challenges for DRM are as follows:

Key hiding: It prevents tampering attacks that target the secret keys. In the key hiding process, secret keys are used for

authentication, encryption, and node-locking.

Device fingerprinting: It prevents fraud and provides secure authentication. Device fingerprinting includes the summary of hardware

and software characteristics in order to uniquely identify a device.

OTA provisioning: It provides end-to-end encryption or other secure ways for delivery of copyrighted software to mobile devices.

Answer B is incorrect. Access control is not a security challenge for DRM.


Question #3

Which of the following are the responsibilities of a custodian with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.

Reveal Solution Hide Solution
Correct Answer: A, B, D

The owner of information delegates the responsibility of protecting that information to a custodian. The following are the responsibilities of a

custodian with regard to data in an information classification program:

Running regular backups and routinely testing the validity of the backup data

Performing data restoration from the backups when necessary

Controlling access, adding and removing privileges for individual users

Answer C is incorrect. Determining what level of classification the information requires is the responsibility of the owner.


Question #4

Copyright holders, content providers, and manufacturers use digital rights management (DRM) in order to limit usage of digital media and devices. Which of the following security challenges does DRM include? Each correct answer represents a complete solution. Choose all that apply.

Reveal Solution Hide Solution
Correct Answer: A, C, D

The security challenges for DRM are as follows:

Key hiding: It prevents tampering attacks that target the secret keys. In the key hiding process, secret keys are used for

authentication, encryption, and node-locking.

Device fingerprinting: It prevents fraud and provides secure authentication. Device fingerprinting includes the summary of hardware

and software characteristics in order to uniquely identify a device.

OTA provisioning: It provides end-to-end encryption or other secure ways for delivery of copyrighted software to mobile devices.

Answer B is incorrect. Access control is not a security challenge for DRM.


Question #5

Which of the following components of configuration management involves periodic checks to determine the consistency and completeness of accounting information and to verify that all configuration management policies are being followed?

Reveal Solution Hide Solution
Correct Answer: B

Configuration auditing is a component of configuration management, which involves periodic checks to establish the consistency and

completeness of accounting information and to confirm that all configuration management policies are being followed. Configuration audits are

broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional

configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration

audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation.

Answer D is incorrect. The configuration status accounting procedure is the ability to record and report on the configuration baselines

associated with each configuration item at any moment of time. It supports the functional and physical attributes of software at various points

in time, and performs systematic control of accounting to the identified attributes for the purpose of maintaining software integrity and

traceability throughout the software development life cycle.

Answer C is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of

processes and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the

functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes.

Answer A is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration

item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in

configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the

event that these attributes are changed.



Unlock all Certified Secure Software Lifecycle Professional Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now
Disscuss ISC2 Certified Secure Software Lifecycle Professional Topics, Questions or Ask Anything Related

Save Cancel