ISC CSSLP Certified Secure Software Lifecycle Professional Online Training

Question #41

Which of the following is a name, symbol, or slogan with which a product is identified?

A . Trademark
B . Copyright
C . Trade secret
D . Patent

Question #42

Della work as a project manager for BlueWell Inc. A threat with a dollar value of $250,000 is expected to happen in her project and the frequency of threat occurrence per year is 0.01.

What will be the annualized loss expectancy in her project?

A . $2,000
B . $2,500
C . $3,510
D . $3,500

Reveal Solution Hide Solution

Question #43

Which of the following coding practices are helpful in simplifying code? Each correct answer represents a complete solution. Choose all that apply.

A . Programmers should use multiple small and simple functions rather than a single complex function.
B . Software should avoid ambiguities and hidden assumptions, recursions, and GoTo statements.
C . Programmers should implement high-consequence functions in minimum required lines of code and follow proper coding standards.
D . Processes should have multiple entry and exit points.

Reveal Solution Hide Solution

Question #44

Which of the following methods does the Java Servlet Specification v2.4 define in the HttpServletRequest interface that control programmatic security? Each correct answer represents a complete solution. Choose all that apply.

A . getCallerIdentity()
B . isUserInRole()
C . getUserPrincipal()
D . getRemoteUser()

Reveal Solution Hide Solution

Question #45

You are the project manager of the CUL project in your organization. You and the project team are assessing the risk events and creating a probability and impact matrix for the identified risks.

Which one of the following statements best describes the requirements for the data type used in qualitative risk analysis?

A . A qualitative risk analysis encourages biased data to reveal risk tolerances.
B . A qualitative risk analysis required unbiased stakeholders with biased risk tolerances.
C . A qualitative risk analysis requires accurate and unbiased data if it is to be credible.
D . A qualitative risk analysis requires fast and simple data to complete the analysis.

Reveal Solution Hide Solution

Question #46

FIPS 199 defines the three levels of potential impact on organizations.

Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals?

A . Moderate
B . Low
C . Medium
D . High

Reveal Solution Hide Solution

Question #47

You work as the senior project manager in SoftTech Inc. You are working on a software project using configuration management. Through configuration management you are decomposing the verification system into identifiable, understandable, manageable, traceable units that are known as Configuration Items (CIs). According to you, which of the following processes is known as the decomposition process of a verification system into Configuration Items?

A . Configuration status accounting
B . Configuration identification
C . Configuration auditing
D . Configuration control

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Configuration identification is known as the decomposition process of a verification system into Configuration Items. Configuration identification is the process of identifying the attributes that define every aspect of a configuration item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the event that these attributes are changed.

ANS: D is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes and approval stages required to change a configuration item’s attributes and to re-baseline them. It supports the change of the functional and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes. Configuration control is a means of ensuring that system changes are approved before being implemented. Only the proposed and approved changes are implemented, and the implementation is complete and accurate.

ANS: A is incorrect. The configuration status accounting procedure is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time. It supports the functional and physical attributes of software at various points in time, and performs systematic control of accounting to the identified attributes for the purpose of maintaining software integrity and traceability throughout the software development life cycle.

ANS: C is incorrect. Configuration auditing is the quality assurance element of configuration management. It is occupied in the process of periodic checks to establish the consistency and completeness of accounting information and to validate that all configuration management policies are being followed. Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design documentation.

Question #48

Bill is the project manager of the JKH Project. He and the project team have identified a risk event in the project with a high probability of occurrence and the risk event has a high cost impact on the project. Bill discusses the risk event with Virginia, the primary project customer, and she decides that the requirements surrounding the risk event should be removed from the project. The removal of the requirements does affect the project scope, but it can release the project from the high risk exposure.

What risk response has been enacted in this project?

A . Mitigation
B . Transference
C . Acceptance
D . Avoidance

Reveal Solution Hide Solution

Question #49

Martha registers a domain named Microsoft.in. She tries to sell it to Microsoft Corporation. The infringement of which of the following has she made?

A . Copyright
B . Trademark
C . Patent
D . Intellectual property

Reveal Solution Hide Solution

Question #50

Which of the following is a variant with regard to Configuration Management?

A . A CI that has the same name as another CI but shares no relationship.
B . A CI that particularly refers to a software version.
C . A CI that has the same essential functionality as another CI but a bit different in some small manner.
D . A CI that particularly refers to a hardware specification.

Reveal Solution Hide Solution