Cyber Monday 2022! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: CM2022
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Certified Secure Software Lifecycle Professional Exam

Certification Provider: ISC2
Exam Name: Certified Secure Software Lifecycle Professional
Duration: 240 Minutes
Number of questions in our database: 357
Exam Version: Nov. 23, 2022
Exam Official Topics:
  • Topic 1: Manage Security Within a Software Development Methodology/ Define Software Security Requirements
  • Topic 2: Perform Security Architecture and Design Review/ Identify and Analyze Compliance Requirements
  • Topic 3: Analyze Security Implications of Test Results/ Identify and Analyze Data Classification Requirements
  • Topic 4: Incorporate Integrated Risk Management (IRM)/ Develop Security Requirement Traceability Matrix (STRM)
  • Topic 5: Use Secure Architecture and Design Principles, Patterns, and Tools/ Model (Non-Functional) Security Properties and Constraints
  • Topic 6: Perform Verification and Validation Testing/ Performing Architectural Risk Assessment
  • Topic 7: Define and Develop Security Documentation/ Identify and Analyze Privacy Requirements
  • Topic 8: Develop Security Testing Strategy and Plan/ Evaluate and Select Reusable Secure Design
  • Topic 9: Securely Reuse Third-Party Code or Libraries/ Identify Security Standards and Frameworks
  • Topic 10: Apply Security During the Build Process/ Define Secure Operational Architecture
  • Topic 11: Adhere to Relevant Secure Coding Practices/ Identify Undocumented Functionality

Free ISC2 Certified Secure Software Lifecycle Professional Exam Actual Questions

The questions for Certified Secure Software Lifecycle Professional were last updated On Nov. 23, 2022

Question #1

To help review or design security controls, they can be classified by several criteria. One of these criteria is based on time. According to this criteria, which of the following controls are intended to prevent an incident from occurring?

Reveal Solution Hide Solution
Correct Answer: D

Preventive controls are the security controls that are intended to prevent an incident from occurring, e.g., by locking out unauthorized

intruders.

Answer C is incorrect. Detective controls are intended to identify and characterize an incident in progress, e.g., by sounding the

intruder alarm and alerting the security guards or police.

Answer A is incorrect. Corrective controls are intended to limit the extent of any damage caused by the incident, e.g., by recovering the

organization to normal working status as efficiently as possible.

Answer B is incorrect. There is no such categorization of controls based on time.


Question #2

Which of the following processes does the decomposition and definition sequence of the Vee model include? Each correct answer represents a part of the solution. Choose all that apply.

Reveal Solution Hide Solution
Correct Answer: B, C, D

Decomposition and definition sequence includes the following processes:

System security analysis

Security requirements allocation

Software security requirements analysis

High level software design

Detailed software design

Answer A is incorrect. This process is included in the integration and verification sequence of the Vee model.


Question #3

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

Reveal Solution Hide Solution
Correct Answer: B

NIST SP 800-26 (Security Self-Assessment Guide for Information Technology Systems) provides a guideline on questionnaires and checklists

through which systems can be evaluated for compliance against specific control objectives.

Answer A, E, C, D, and F are incorrect. NIST has developed a suite of documents for conducting Certification & Accreditation (C&A).

These documents are as follows:

NIST Special Publication 800-37: This document is a guide for the security certification and accreditation of Federal Information

Systems.

NIST Special Publication 800-53: This document provides a guideline for security controls for Federal Information Systems.

NIST Special Publication 800-53A. This document consists of techniques and procedures for verifying the effectiveness of security

controls in Federal Information System.

NIST Special Publication 800-59: This document is a guideline for identifying an information system as a National Security System.

NIST Special Publication 800-60: This document is a guide for mapping types of information and information systems to security

objectives and risk levels.


Question #4

A number of security patterns for Web applications under the DARPA contract have been developed by Kienzle, Elder, Tyree, and Edwards-Hewitt. Which of the following patterns are applicable to aspects of authentication in Web applications?b Each correct answer represents a complete solution. Choose all that apply.

Reveal Solution Hide Solution
Correct Answer: A, D, E, F

The various patterns applicable to aspects of authentication in the Web applications are as follows:

Account lockout: It implements a limit on the incorrect password attempts to protect an account from automated password-guessing

attacks.

Authenticated session: It allows a user to access more than one access-restricted Web page without re-authenticating every page. It

also integrates user authentication into the basic session model.

Password authentication: It provides protection against weak passwords, automated password-guessing attacks, and mishandling of

passwords.

Password propagation: It offers a choice by requiring that a user's authentication credentials be verified by the database before

providing access to that user's data.

Answer B and C are incorrect. Secure assertion and partitioned application patterns are applicable to

software assurance in general.


Question #5

Which of the following steps of the LeGrand Vulnerability-Oriented Risk Management method determines the necessary compliance offered by risk management practices and assessment of risk levels?

Reveal Solution Hide Solution
Correct Answer: A

Assessment, monitoring, and assurance determines the necessary compliance that are offered by risk management practices and assessment

of risk levels.



Unlock all Certified Secure Software Lifecycle Professional Exam Questions with Advanced Practice Test Features:
  • Select Question Types you want
  • Set your Desired Pass Percentage
  • Allocate Time (Hours : Minutes)
  • Create Multiple Practice tests with Limited Questions
  • Customer Support
Get Full Access Now
Disscuss ISC2 Certified Secure Software Lifecycle Professional Topics, Questions or Ask Anything Related

Save Cancel