CSSLP Domain 1 - Secure Software Concepts
UPDATED ACTUAL Exam Questions and
CORRECT Answers
The PRIMARY reason for incorporating security into the software development life cycle is to
protect
A. the unauthorized disclosure of information.
B. the corporate brand and reputation.
C. against hackers who intend to misuse the software.
D. the developers from releasing software with security defects. - CORRECT ANSWER -
B. the corporate brand and reputation
The resiliency of software to withstand attacks that attempt to modify or alter data in an
unauthorized manner is referred to as
A. Confidentiality
B. Integrity
C. Availability
D. Authorization - CORRECT ANSWER - B. integrity
The MAIN reason as to why the availability aspects of software must be part of the
organization's software security initiatives is:
A. software issues can cause downtime to the business
B. developers need to be trained in the business continuity procedures.
C. testing for availability of the software and data is often ignored.
D. hackers like to conduct Denial of Service (DoS) attacks against the organization - CORRECT
ANSWER - A. software issues can cause downtime to the business
Developing the software to monitor its functionality and report when the software is down and
unable to provide the expected service to the business is a protection to assure which of the
following?
, A. Confidentiality
B. Integrity
C. Availability
D. Authentication - CORRECT ANSWER - C. Availability
When a customer attempts to log into their bank account, the customer is required to enter a
nonce from the token device that was issued to the customer by the bank. This type of
authentication is also known as which of the following?
A. Ownership based authentication
B. Two factor authentication
C. Characteristic based authentication
D. Knowledge based authentication. - CORRECT ANSWER - A. Ownership based
authentication
Multi-factor authentication is most closely related to which of the following security design
principles?
A. Separation of Duties
B. Defense in depth
C. Complete mediation
D. Open design - CORRECT ANSWER - B. Defense in depth
Audit logs can be used for all of the following EXCEPT
A. providing evidentiary information
B. assuring that the user cannot deny their actions
C. detecting the actions that were undertaken
D. preventing a user from performing some unauthorized operations - CORRECT
ANSWER - D. preventing a user from performing some unauthorized operations
Organizations often pre-determine the acceptable number of user errors before recording them as
security violations. This number is otherwise known as
UPDATED ACTUAL Exam Questions and
CORRECT Answers
The PRIMARY reason for incorporating security into the software development life cycle is to
protect
A. the unauthorized disclosure of information.
B. the corporate brand and reputation.
C. against hackers who intend to misuse the software.
D. the developers from releasing software with security defects. - CORRECT ANSWER -
B. the corporate brand and reputation
The resiliency of software to withstand attacks that attempt to modify or alter data in an
unauthorized manner is referred to as
A. Confidentiality
B. Integrity
C. Availability
D. Authorization - CORRECT ANSWER - B. integrity
The MAIN reason as to why the availability aspects of software must be part of the
organization's software security initiatives is:
A. software issues can cause downtime to the business
B. developers need to be trained in the business continuity procedures.
C. testing for availability of the software and data is often ignored.
D. hackers like to conduct Denial of Service (DoS) attacks against the organization - CORRECT
ANSWER - A. software issues can cause downtime to the business
Developing the software to monitor its functionality and report when the software is down and
unable to provide the expected service to the business is a protection to assure which of the
following?
, A. Confidentiality
B. Integrity
C. Availability
D. Authentication - CORRECT ANSWER - C. Availability
When a customer attempts to log into their bank account, the customer is required to enter a
nonce from the token device that was issued to the customer by the bank. This type of
authentication is also known as which of the following?
A. Ownership based authentication
B. Two factor authentication
C. Characteristic based authentication
D. Knowledge based authentication. - CORRECT ANSWER - A. Ownership based
authentication
Multi-factor authentication is most closely related to which of the following security design
principles?
A. Separation of Duties
B. Defense in depth
C. Complete mediation
D. Open design - CORRECT ANSWER - B. Defense in depth
Audit logs can be used for all of the following EXCEPT
A. providing evidentiary information
B. assuring that the user cannot deny their actions
C. detecting the actions that were undertaken
D. preventing a user from performing some unauthorized operations - CORRECT
ANSWER - D. preventing a user from performing some unauthorized operations
Organizations often pre-determine the acceptable number of user errors before recording them as
security violations. This number is otherwise known as
