[2026] ISC Certified Secure Software Lifecycle Professional Practice Test

문제1

Which of the following is used by attackers to record everything a person types, including usernames, passwords, and account information?

A. Packet sniffing

B. Wiretapping

C. Spoofing

D. Keystroke logging

정답: D

설명: (Fast2test 회원만 볼 수 있음)

문제2

Maria has been recently appointed as a Network Administrator in Gentech Inc. She has been tasked to perform network security testing to find out the vulnerabilities and shortcomings of the present network infrastructure. Which of the following testing approaches will she apply to accomplish this task?

A. Unit testing

B. Gray-box testing

C. Black-box testing

D. White-box testing

정답: C

설명: (Fast2test 회원만 볼 수 있음)

문제3

Which of the following NIST Special Publication documents provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives?

A. NIST SP 800-60

B. NIST SP 800-59

C. NIST SP 800-37

D. NIST SP 800-26

E. NIST SP 800-53

F. NIST SP 800-53A

G. Explanation:
NIST SP 800-26 (Security Self-Assessment Guide for Information Technology Systems) provides a guideline on questionnaires and checklists through which systems can be evaluated for compliance against specific control objectives.

정답: D

설명: (Fast2test 회원만 볼 수 있음)

문제4

Security controls are safeguards or countermeasures to avoid, counteract, or minimize security risks. Which of the following are types of security controls? Each correct answer represents a complete solution. Choose all that apply.

A. System-specific controls

B. Hybrid controls

C. Explanation:
Security controls are safeguards or countermeasures to avoid, counteract, or
minimize security risks. The following are the types of security controls for information systems,
that can be employed by an organization: 1.System-specific controls: These types of security
controls provide security capability for a particular information system only. 2.Common controls:
These types of security controls provide security capability for multiple information systems.
3.Hybrid controls: These types of security controls have features of both system-specific and common controls.

D. Storage controls

E. Common controls

정답: A,B,C,E

설명: (Fast2test 회원만 볼 수 있음)

문제5

In which of the following phases of the DITSCAP process does Security Test and Evaluation (ST&E) occur?

A. Phase 4

B. Phase 1

C. Phase 2

D. Phase 3

정답: D

설명: (Fast2test 회원만 볼 수 있음)

문제6

You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team has successfully completed the risk response planning and now you must initiate what risk process it is. Which of the following risk processes is repeated after the plan risk responses to determine if the overall project risk has been satisfactorily decreased?

A. Risk response implementation

B. Quantitative risk analysis

C. Risk identification

D. Qualitative risk analysis

정답: B

설명: (Fast2test 회원만 볼 수 있음)

문제7

Which of the following statements describe the main purposes of a Regulatory policy? Each correct answer represents a complete solution. Choose all that apply.

A. It acknowledges the importance of the computing resources to the business model

B. It provides a statement of support for information security throughout the enterprise

C. It gives an organization the confidence that it is following the standard and accepted industry policy.

D. It ensures that an organization is following the standard procedures or base practices of operation in its specific industry.

정답: C,D

설명: (Fast2test 회원만 볼 수 있음)

문제8

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully performed the following steps of the pre-attack phase to check the security of the We-are-secure network: Gathering information Determining the network range Identifying active systems Now, he wants to find the open ports and applications running on the network. Which of the following tools will he use to accomplish his task?

A. RIPE

B. Explanation:
In such a situation, John will use the SuperScan tool to find the open ports and applications on the We-are-secure network. SuperScan is a TCP/UDP port scanner. It also works as a ping sweeper and hostname resolver. It can ping a given range of IP addresses and resolve the host name of the remote system. The features of SuperScan are as follows: It scans any port range from a built-in list or any given range. It performs ping scans and port scans using any IP range. It modifies the port list and port descriptions using the built in editor. It connects to any discovered open port using user-specified "helper" applications. It has the transmission speed control utility.

C. ARIN

D. APNIC

E. SuperScan

정답: B,E

설명: (Fast2test 회원만 볼 수 있음)

문제9

Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.

A. It determines the actions and behaviors of a single individual within a system

B. It ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.

C. It ensures that unauthorized modifications are not made to data by authorized personnel or processes.

D. It ensures that modifications are not made to data by unauthorized personnel or processes.

정답: B,C,D

설명: (Fast2test 회원만 볼 수 있음)

문제10

Which of the following authentication methods is used to access public areas of a Web site?

A. Multi-factor authentication

B. Mutual authentication

C. Anonymous authentication

D. Biometrics authentication

정답: C

설명: (Fast2test 회원만 볼 수 있음)

문제11

Fill in the blank with an appropriate phrase The is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity.

A. Biba model

정답: A

The Biba model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

ISC Certified Secure Software Lifecycle Professional Practice Test - CSSLP무료 덤프문제 풀어보기

우리와 연락하기

유용한 링크

최신 업데이트