CSSLP Test Questions with Correct Answers Already Passed
*-property - Answers Pronounced "star property," this aspect of the Bell-LaPadula security model is
commonly referred to as the "no-write-down" rule because it doesn't allow a user to write to a file with
a lower security classification, thus preserving confidentiality.
3DES - Answers Triple DES encryption—three rounds of DES encryption used to improve security.
802.11 - Answers A family of standards that describe network protocols for wireless devices.
802.1X - Answers An IEEE standard for performing authentication over networks.
abuse case - Answers A use case built around a work process designed to abuse a normal work process.
acceptance testing - Answers The formal analysis that is done to determine whether a system or
software product satisfies its acceptance criteria.
AUP - Answers acceptable use policy (AUP): A policy that communicates to users what specific uses of
computer resources are permitted.
access - Answers A subject's ability to perform specific operations on an object, such as a file. Typical
access levels include read, write, execute, and delete.
access control - Answers Mechanisms or methods used to determine what access permissions subjects
(such as users) have for specific objects (such as files).
ACL - Answers access control list (ACL): A list associated with an object (such as a file) that identifies
what level of access each subject (such as a user) has—what they can do to the object (such as read,
write, or execute).
Active Directory - Answers The directory service portion of the Windows operating system that stores
information about network-based entities (such as applications, files, printers, and people) and provides
a structured, consistent way to name, describe, locate, access, and manage these resources.
ActiveX - Answers A Microsoft technology that facilitates rich Internet applications and, therefore,
extends and enhances the functionality of Microsoft Internet Explorer. Like Java, ActiveX enables the
development of interactive content. When an ActiveX-aware browser encounters a webpage that
includes an unsupported feature, it can automatically install the appropriate application so the feature
can be used.
ARP - - Answers Address Resolution Protocol (ARP) : A protocol in the TCP/IP suite specification used to
map an IP address to a Media Access Control (MAC) address.
adware - Answers Advertising-supported software that automatically plays, displays, or downloads
advertisements after the software is installed or while the application is being used.
, algorithm - Answers A step-by-step procedure—typically an established computation for solving a
problem within a set number of steps.
alpha testing - Answers This is a form of end-to-end testing done prior to product delivery to determine
operational and functional issues.
ALE - Answers annualized loss expectancy (ALE) : How much an event is expected to cost the business
per year, given the dollar cost of the loss and how often it is likely to occur. ALE = single loss expectancy
* annualized rate of occurrence.
ARO - Answers annualized rate of occurrence (ARO) : The frequency with which an event is expected to
occur on an annualized basis.
anomaly - Answers Something that does not fit into an expected pattern.
application - Answers A program or group of programs designed to provide specific user functions, such
as a word processor or web server.
asset - Answers Resources and information an organization needs to conduct its business.
asymmetric encryption - Answers Also called public key cryptography, this is a system for encrypting
data that uses two mathematically derived keys to encrypt and decrypt a message—a public key,
available to everyone, and a private key, available only to the owner of the key.
attack - Answers An action taken against a vulnerability to exploit a system. Attack Surface Analyzer A
product from Microsoft designed to enumerate the elements of a system that are subject to attack.
attack surface evaluation - Answers An examination of the elements of a system that are subject to
attack and mitigations that can be applied.
attack surface measurement - Answers A measurement of the relative number of attack points in the
system throughout the development process.
attack surface minimization - Answers The processes used to minimize the number of attackable
elements in a system.
attack tree - Answers A graphical method of examining the required elements to successfully prosecute
an attack.
audit trail - Answers A set of records or events, generally organized chronologically, that record what
activity has occurred on a system. These records (often computer files) are often used in an attempt to
re-create what took place when a security incident occurred, and they can also be used to detect
possible intruders.
auditing - Answers Actions or processes used to verify the assigned privileges and rights of a user, or any
capabilities used to create and maintain a record showing who accessed a particular system and what
actions they performed.
*-property - Answers Pronounced "star property," this aspect of the Bell-LaPadula security model is
commonly referred to as the "no-write-down" rule because it doesn't allow a user to write to a file with
a lower security classification, thus preserving confidentiality.
3DES - Answers Triple DES encryption—three rounds of DES encryption used to improve security.
802.11 - Answers A family of standards that describe network protocols for wireless devices.
802.1X - Answers An IEEE standard for performing authentication over networks.
abuse case - Answers A use case built around a work process designed to abuse a normal work process.
acceptance testing - Answers The formal analysis that is done to determine whether a system or
software product satisfies its acceptance criteria.
AUP - Answers acceptable use policy (AUP): A policy that communicates to users what specific uses of
computer resources are permitted.
access - Answers A subject's ability to perform specific operations on an object, such as a file. Typical
access levels include read, write, execute, and delete.
access control - Answers Mechanisms or methods used to determine what access permissions subjects
(such as users) have for specific objects (such as files).
ACL - Answers access control list (ACL): A list associated with an object (such as a file) that identifies
what level of access each subject (such as a user) has—what they can do to the object (such as read,
write, or execute).
Active Directory - Answers The directory service portion of the Windows operating system that stores
information about network-based entities (such as applications, files, printers, and people) and provides
a structured, consistent way to name, describe, locate, access, and manage these resources.
ActiveX - Answers A Microsoft technology that facilitates rich Internet applications and, therefore,
extends and enhances the functionality of Microsoft Internet Explorer. Like Java, ActiveX enables the
development of interactive content. When an ActiveX-aware browser encounters a webpage that
includes an unsupported feature, it can automatically install the appropriate application so the feature
can be used.
ARP - - Answers Address Resolution Protocol (ARP) : A protocol in the TCP/IP suite specification used to
map an IP address to a Media Access Control (MAC) address.
adware - Answers Advertising-supported software that automatically plays, displays, or downloads
advertisements after the software is installed or while the application is being used.
, algorithm - Answers A step-by-step procedure—typically an established computation for solving a
problem within a set number of steps.
alpha testing - Answers This is a form of end-to-end testing done prior to product delivery to determine
operational and functional issues.
ALE - Answers annualized loss expectancy (ALE) : How much an event is expected to cost the business
per year, given the dollar cost of the loss and how often it is likely to occur. ALE = single loss expectancy
* annualized rate of occurrence.
ARO - Answers annualized rate of occurrence (ARO) : The frequency with which an event is expected to
occur on an annualized basis.
anomaly - Answers Something that does not fit into an expected pattern.
application - Answers A program or group of programs designed to provide specific user functions, such
as a word processor or web server.
asset - Answers Resources and information an organization needs to conduct its business.
asymmetric encryption - Answers Also called public key cryptography, this is a system for encrypting
data that uses two mathematically derived keys to encrypt and decrypt a message—a public key,
available to everyone, and a private key, available only to the owner of the key.
attack - Answers An action taken against a vulnerability to exploit a system. Attack Surface Analyzer A
product from Microsoft designed to enumerate the elements of a system that are subject to attack.
attack surface evaluation - Answers An examination of the elements of a system that are subject to
attack and mitigations that can be applied.
attack surface measurement - Answers A measurement of the relative number of attack points in the
system throughout the development process.
attack surface minimization - Answers The processes used to minimize the number of attackable
elements in a system.
attack tree - Answers A graphical method of examining the required elements to successfully prosecute
an attack.
audit trail - Answers A set of records or events, generally organized chronologically, that record what
activity has occurred on a system. These records (often computer files) are often used in an attempt to
re-create what took place when a security incident occurred, and they can also be used to detect
possible intruders.
auditing - Answers Actions or processes used to verify the assigned privileges and rights of a user, or any
capabilities used to create and maintain a record showing who accessed a particular system and what
actions they performed.
