Tag - CSSLP exam

You work as a project manager for BlueWell Inc. You with your team are using a method or a (technical) process that conceives the risks even if all theoretically possible safety measures would be applied. One of your team member wants to know that what is a residual risk. What...

Which of the following is the duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in business continuity?A . RTOB . RTAC . RPOD . RCOView AnswerAnswer: A Explanation: The Recovery...

Which of the following methods does the Java Servlet Specification v2.4 define in the HttpServletRequest interface that control programmatic security? Each correct answer represents a complete solution. Choose all that apply.A . getCallerIdentity()B . isUserInRole()C . getUserPrincipal()D . getRemoteUser()View AnswerAnswer: BCD Explanation: The various methods of the HttpServletRequest interface are...

In which of the following testing methodologies do assessors use all available documentation and work under no constraints, and attempt to circumvent the security features of an information system?A . Full operational testB . Penetration testC . Paper testD . Walk-through testView AnswerAnswer: B Explanation: A penetration testing is a...

Which of the following cryptographic system services ensures that information will not be disclosed to any unauthorized person on a local network?A . AuthenticationB . IntegrityC . Non-repudiationD . ConfidentialityView AnswerAnswer: D Explanation: The confidentiality service of a cryptographic system ensures that information will not be disclosed to any unauthorized...

Which of the following roles is also known as the accreditor?A . Data ownerB . Chief Risk OfficerC . Chief Information OfficerD . Designated Approving AuthorityView AnswerAnswer: D Explanation: Designated Approving Authority (DAA) is also known as the accreditor. ANS: A is incorrect. The data owner (information owner) is usually...

You are the project manager of the NNN project for your company. You and the project team are working together to plan the risk responses for the project. You feel that the team has successfully completed the risk response planning and now you must initiate what risk process it is....

The Phase 1 of DITSCAP C&A is known as Definition Phase. The goal of this phase is to define the C&A level of effort, identify the main C&A roles and responsibilities, and create an agreement on the method for implementing the security requirements. What are the process activities of this...

Which of the following is a variant with regard to Configuration Management?A . A CI that has the same name as another CI but shares no relationship.B . A CI that particularly refers to a software version.C . A CI that has the same essential functionality as another CI but...

FIPS 199 defines the three levels of potential impact on organizations. Which of the following potential impact levels shows limited adverse effects on organizational operations, organizational assets, or individuals?A . ModerateB . LowC . MediumD . HighView AnswerAnswer: B Explanation: The potential impact is called low if the loss of...