CSSLP ACTUAL Exam Questions and
CORRECT Answers
800-30r1 - CORRECT ANSWER - Risk Management Guide For IT
800-61 - CORRECT ANSWER - Computer security incident handling guide - Forensics
and IR
800-115 - CORRECT ANSWER - Technical Guide to Information Security Testing and
Assessment
800-128 - CORRECT ANSWER - Guide for Security-Focused Configuration Management
of Information Systems - Configuration Control Board (CCB)
ISO 27001 - CORRECT ANSWER - Information Security Management System (ISMS)
ISO 25000 - CORRECT ANSWER - SQuaRE - System and Software Quality
Requirements and Evaluation
ISO 28000 - CORRECT ANSWER - Specification For Security Management Systems For
The Supply Chain
FIPS 140 - CORRECT ANSWER - Security Requirement for Cryptographic Modules
FIPS 186 - CORRECT ANSWER - Digital Signature Standard
FIPS 197 - CORRECT ANSWER - Advanced encryption Standard
FIPS 201 - CORRECT ANSWER - Personal key verification (infrastructure)
,ISO 15408 - CORRECT ANSWER - Common Criteria, gives rating to the 7 levels of
maturity
X.509 v3 - CORRECT ANSWER - Digital Certificate version - Latest spec for Public Key
Confidentiality - CORRECT ANSWER - The prevention of intentional or unintentional
unauthorized disclosure of information to unauthorized users or processes.
Ensures the secrecy and privacy of data. protection against unauthorized information disclosure
Integrity - CORRECT ANSWER - The prevention of intentional or unintentional
unauthorized modification or destruction of information.
reliable - performs as intended, protecting against improper data alteration
Availability - CORRECT ANSWER - Ensures the reliable and timely access to data or
computing resources by the appropriate personnel as well as guarantees that the systems are
functioning properly when needed.
access to the software or the data or information it handles
Integrity in the Lifecycle - CORRECT ANSWER - •Consistency
•Accuracy
•Trustworthiness
•Least privilege
Business Continuity Plan (BLP) - CORRECT ANSWER - How to stay in business, what
to do and how to prevent downtime
, Opposite of CIA (Malicious) - CORRECT ANSWER - DAD
Disclosure, alteration, and destruction:
•Destruction is the opposite of availabilityDAD
Disclosure, alteration, and destruction:
•Destruction is the opposite of availability
•Alteration is the opposite of integrity
•Disclosure is the opposite of confidentiality
•Alteration is the opposite of integrity
•Disclosure is the opposite of confidentiality
The 3 "R" - CORRECT ANSWER - Reliability, Resiliency, Recoverability
disaster recovery plan - CORRECT ANSWER - Written plan describing how to get back to
normal - fault tolerance, elimination of single point of failure
Business Impact Analysis (BIA) - CORRECT ANSWER - A process that identifies all
critical business functions and the effect that a specific disaster may have upon them.
Maximum Tolerable Downtime (MTD) - CORRECT ANSWER - Amount of time for
restoring a business process or function to normal operations without major loss
Recovery Point Objective (RPO) - CORRECT ANSWER - The maximum length of time
that an organization can tolerate between backups.
Test & Recovery Exercises - CORRECT ANSWER - Checklist Test
Structural Walkthrough
Simulation
Parallel
Full Interruption Test
CORRECT Answers
800-30r1 - CORRECT ANSWER - Risk Management Guide For IT
800-61 - CORRECT ANSWER - Computer security incident handling guide - Forensics
and IR
800-115 - CORRECT ANSWER - Technical Guide to Information Security Testing and
Assessment
800-128 - CORRECT ANSWER - Guide for Security-Focused Configuration Management
of Information Systems - Configuration Control Board (CCB)
ISO 27001 - CORRECT ANSWER - Information Security Management System (ISMS)
ISO 25000 - CORRECT ANSWER - SQuaRE - System and Software Quality
Requirements and Evaluation
ISO 28000 - CORRECT ANSWER - Specification For Security Management Systems For
The Supply Chain
FIPS 140 - CORRECT ANSWER - Security Requirement for Cryptographic Modules
FIPS 186 - CORRECT ANSWER - Digital Signature Standard
FIPS 197 - CORRECT ANSWER - Advanced encryption Standard
FIPS 201 - CORRECT ANSWER - Personal key verification (infrastructure)
,ISO 15408 - CORRECT ANSWER - Common Criteria, gives rating to the 7 levels of
maturity
X.509 v3 - CORRECT ANSWER - Digital Certificate version - Latest spec for Public Key
Confidentiality - CORRECT ANSWER - The prevention of intentional or unintentional
unauthorized disclosure of information to unauthorized users or processes.
Ensures the secrecy and privacy of data. protection against unauthorized information disclosure
Integrity - CORRECT ANSWER - The prevention of intentional or unintentional
unauthorized modification or destruction of information.
reliable - performs as intended, protecting against improper data alteration
Availability - CORRECT ANSWER - Ensures the reliable and timely access to data or
computing resources by the appropriate personnel as well as guarantees that the systems are
functioning properly when needed.
access to the software or the data or information it handles
Integrity in the Lifecycle - CORRECT ANSWER - •Consistency
•Accuracy
•Trustworthiness
•Least privilege
Business Continuity Plan (BLP) - CORRECT ANSWER - How to stay in business, what
to do and how to prevent downtime
, Opposite of CIA (Malicious) - CORRECT ANSWER - DAD
Disclosure, alteration, and destruction:
•Destruction is the opposite of availabilityDAD
Disclosure, alteration, and destruction:
•Destruction is the opposite of availability
•Alteration is the opposite of integrity
•Disclosure is the opposite of confidentiality
•Alteration is the opposite of integrity
•Disclosure is the opposite of confidentiality
The 3 "R" - CORRECT ANSWER - Reliability, Resiliency, Recoverability
disaster recovery plan - CORRECT ANSWER - Written plan describing how to get back to
normal - fault tolerance, elimination of single point of failure
Business Impact Analysis (BIA) - CORRECT ANSWER - A process that identifies all
critical business functions and the effect that a specific disaster may have upon them.
Maximum Tolerable Downtime (MTD) - CORRECT ANSWER - Amount of time for
restoring a business process or function to normal operations without major loss
Recovery Point Objective (RPO) - CORRECT ANSWER - The maximum length of time
that an organization can tolerate between backups.
Test & Recovery Exercises - CORRECT ANSWER - Checklist Test
Structural Walkthrough
Simulation
Parallel
Full Interruption Test
