Free Practice ISC2 CSSLP Exam Questions 2025

Stay ahead with 100% Free Certified Secure Software Lifecycle Professional CSSLP Dumps Practice Questions

Page: 1 / 155

Total 774 Questions | Updated On: Apr 11, 2025

Add To Cart

Question 1

Microsoft software security expert Michael Howard defines some heuristics for determining code review in "A Process for Performing Security Code Reviews". Which of the following heuristics increase the application's attack surface? Each correct answer represents a complete solution. Choose all that apply

A : Code written in C/C++/assembly language

B : Code listening on a globally accessible network interface

C : Code that changes frequently

D : Anonymously accessible code

E : Code that runs by default

F : Code that runs in elevated context

Answer: A,B,D

Question 2

Which of the following statements about secure backup and restoration planning is correct?

A : In case of a system failure, create a disaster recovery plan that not only involves restoring data but also includes procedures for notifying the affected individuals, plans for mitigating further damage from data loss, and means for storing and retrieving the data securely.

B : In the world of cloud computing, the concept of creating backups is now an outmoded way of thinking. Merely make sure that all your databases create hot copies of the data in a secure cloud storage system for data recovery.

C : When creating backups, use a fast network connection to ensure that all data is backed up and to limit the time data is in motion.

D : When creating a plan for backup and restoration, you must consider that the cost of this action may exceed your normal operating budget.

Answer: A

Question 3

Quantitative risk assessment differs from qualitative risk assessment in that it predicts attacks based on what?

A : Penetration tests

B : Historical loss information

C : Projections based on qualitative factors

D : Zero-day loss information

Answer: B

Question 4

The key to ensuring that every module in the system is operating correctly is what? (Choose all that apply.)

A : Ensuring proper interface design

B : Staying on top of changes

C : Designer creativity

D : Ensuring proper valid inputs

Answer: A,D

Question 5

Which of the following are the tasks performed by the owner in the information classification schemes? Each correct answer represents a part of the solution. Choose three

A : To make original determination to decide what level of classification the information requires, which is based on the business requirements for the safety of the data.

B : To review the classification assignments from time to time and make alterations as the business requirements alter.

C : To perform data restoration from the backups whenever required

D : To delegate the responsibility of the data safeguard duties to the custodian.

Answer: A,B,D

Page: 1 / 155

Total 774 Questions | Updated On: Apr 11, 2025

Add To Cart