Our pass rate is high to 98.9% and the similarity percentage between our CSSLP study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the ISC2 CSSLP exam in just one try? I am currently studying for the ISC2 CSSLP exam. Latest ISC2 CSSLP Test exam practice questions and answers, Try ISC2 CSSLP Brain Dumps First.
Q89. A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?
A. Trademark law
B. Security law
C. Privacy law
D. Copyright law
Answer: C
Explanation: The credit card issuing company has violated the Privacy law. According to the Internet Privacy law, a company cannot provide their customer's financial and personal details to other companies. Answer: A is incorrect. Trademark laws facilitate the protection of trademarks around the world. Answer: B is incorrect. There is no law such as Security law. Answer: D is incorrect. The Copyright law protects original works or creations of authorship including literary, dramatic, musical, artistic, and certain other intellectual works.
Q90. DRAG DROPDrag and drop the appropriate principle documents in front of their respective functions.
Answer:
Explanation:
The various principle documents of transformation are as follows: CNSSP 22: It establishes a national risk management policy for national security systems. CNSSI 1199: It creates the technique in which the national security community classifies the information and information systems with regard to confidentiality, integrity, and availability. CNSSI 1253: It combines DCID 6/3, DOD Instructions 8500.2, NIST SP 800-53, and other security sources into a single cohesive repository of security controls. CNSSI 1253 A. It offers the
techniques to assess adequacy of each security control. CNSSI 1260: It provides guidance to organizations with the characterization of their information and information systems. NIST 800-37, Revision 1: It defines the certification and accreditation (C & A) process. The NIST 800-37, Revision 1 is a combination of DNI, DoD, and NIST.
Q91. Which of the following security issues does the Bell-La Padula model focus on?
A. Authorization
B. Confidentiality
C. Integrity
D. Authentication
Answer: B
Explanation: The Bell-La Padula model is a state machine model used for enforcing access control in large organizations. It focuses on data confidentiality and access to classified information, in contrast to the Biba Integrity model, which describes rules for the protection of data integrity. In the Bell-La Padula model, the entities in an information system are divided into subjects and objects. The Bell-La Padula model is built on the concept of a state machine with a set of allowable states in a computer network system. The transition from one state to another state is defined by transition functions. The model defines two mandatory access control (MAC) rules and one discretionary access control (DAC) rule with three security properties: 1.The Simple Security Property: A subject at a given security level may not read an object at a higher security level (no read-up). 2.The *- property (star-property): A subject at a given security level must not write to any object at a lower security level (no write-down). The *-property is also known as the Confinement property. 3.The Discretionary Security Property: It uses an access matrix to specify the discretionary access control.
Q92. Which of the following are the initial steps required to perform a risk analysis process? Each correct answer represents a part of the solution. Choose three.
A. Valuations of the critical assets in hard costs.
B. Evaluate potential threats to the assets.
C. Estimate the potential losses to assets by determining their value.
D. Establish the threats likelihood and regularity.
Answer: B,C,D
Explanation: The main steps of performing risk analysis are as follows: Estimate the potential losses to the assets by determining their value. Evaluate the potential threats to the assets. Establish the threats probability and regularity. Answer: A is incorrect. Valuations of the critical assets in hard costs is one of the final steps taken after performing the risk analysis.
Q93. The Web resource collection is a security constraint element summarized in the Java Servlet Specification v2.4. Which of the following elements does it include? Each correct answer represents a complete solution. Choose two.
A. HTTP methods
B. Role names
C. Transport guarantees
D. URL patterns
Answer: A,D
Explanation: Web resource collection is a set of URL patterns and HTTP operations that define all resources required to be protected. It is a security constraint element summarized in the Java Servlet Specification v2.4. The Web resource collection includes the following elements: URL patterns HTTP methods Answer: B is incorrect. An authorization constraint includes role names. Answer: C is incorrect. A user data constraint includes transport guarantees.
Q94. Della work as a project manager for BlueWell Inc. A threat with a dollar value of $250,000 is expected to happen in her project and the frequency of threat occurrence per year is
0.01. What will be the annualized loss expectancy in her project?
A. $2,000
B. $2,500
C. $3,510
D. $3,500
Answer: B
Explanation: The annualized loss expectancy in her project will be $2,500. Annualized loss expectancy (ALE) is the annually expected financial loss to an organization from a threat. The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as follows: ALE = Single Loss Expectancy (SLE) * Annualized Rate of Occurrence (ARO) Here, it is as follows:
ALE = SLE * ARO
= 250,000 * 0.01
= 2,500
Answer: D, C, and A are incorrect. These are not valid answers.
Q95. Which of the following scanning techniques helps to ensure that the standard software configuration is currently with the latest security patches and software, and helps to locate uncontrolled or unauthorized software?
A. Port Scanning
B. Discovery Scanning
C. Server Scanning
D. Workstation Scanning
Answer: D
Explanation: Workstation scanning provides help to ensure that the standard software configuration exists with the most recent security patches and software. It helps to locate uncontrolled or unauthorized software. A full workstation vulnerability scan of the standard corporate desktop configuration must be implemented on a regularly basis. Answer: B is incorrect. The discovery scanning technique is used to gather adequate information regarding each network device to identify what type of device it is, its operating system, and if it is running any externally vulnerable services, like Web services, FTP, or email.
Answer: C is incorrect. A full server vulnerability scan helps to determine if the server OS has been configured to the corporate standards and identify if applications have been updated with the latest security patches and software versions. Answer: A is incorrect. Port scanning technique describes the process of sending a data packet to a port to gather information about the state of the port.