Top MCQs of CSSLP Certified Informations Secure Software Lifecycle Professional Certification for free online for both freshers and experienced candidates

Feedback

Home

General Knowledge
General Aptitude
General English
Networking
Interview Questions
- .NET
- Java
- ASP.NET
- C++
- Perl
- Python
- Ruby and Rails
- Struts
- Core Java
- Hibernate
- DB2
- MS SQL Server
- MySQL
- Oracle
- SQL
- DBMS
- Data Warehousing
- Data structures and Algorithms
- CCNA
- CCNP Routing
- CCNP Switching
- Internetworking
- Border Gateway Protocol
- MCSE
- Exchange Server
- Windows Server 2008
- DNS & Active Directory
- Firewall Questions
- Unix
- Linux Server Administrator
- Linux System Administrator
- Linux File Manipulation
Database

Home
Security
CSSLP

21.

During which phase of the software development lifecycle (SDLC) is threat modeling initiated?

A.
Requirements analysis
B.
Design
C.
Implementation
D.
Deployment

Answer & Explanation
Report

Answer : [B]
Explanation :

Although it is important to visit the threat model during the development, testing and deployment phase of the software development lifecycle (SDLC), the threat modeling exercise should commence in the design phase of the SDLC.

Report

Name

22.

Certificate Authority, Registration Authority, and Certificate Revocation Lists are all part of which of the following?

A.
Advanced Encryption Standard (AES)
B.
Steganography
C.
Public Key Infrastructure (PKI)
D.
Lightweight Directory Access Protocol (LDAP)

Answer & Explanation
Report

Answer : [C]
Explanation :

PKI makes it possible to securely exchange data by hiding or keeping secret a private key on one system while distributing the public key to the other systems participating in the exchange.

Report

Name

23.

The use of digital signatures has the benefit of providing which of the following that is not provided by symmetric key cryptographic design?

A.
Speed of cryptographic operations
B.
Confidentiality assurance
C.
Key exchange
D.
Non-repudiation

Answer & Explanation
Report

Answer : [D]
Explanation :

Non-repudiation and proof of origin (authenticity) is provided by the certificate authority (CA) attaching its digital signature, encrypted with the private key of the sender, to the communication that is to be authenticated, and this attests the authenticity of both the document and the sender.

Report

Name

24.

When passwords are stored in the database, the best defense against disclosure attacks can be accomplished using

A.
encryption.
B.
masking.
C.
hashing.
D.
obfuscation.

Answer & Explanation
Report

Answer : [C]
Explanation :

An important use for hashes is storing passwords. The actual password should never be stored in the database. Using hashing functions, you can store the hash value of the user password and use that value to authenticate the user. Because hashes are one-way (not reversible), they offer a heightened level of confidentiality assurance.

Report

Name

25.

Nicole is part of the ‘author’ role as well as she is included in the ‘approver’ role, allowing her to approve her own articles before it is posted on the company blog site. This violates the principle of

A.
least privilege.
B.
least common mechanisms.
C.
economy of mechanisms.
D.
separation of duties.

Answer & Explanation
Report

Answer : [D]
Explanation :

Separation of duties or sometimes it is referred to as separation of privilege is the principle that it is better to assign tasks to several specific individuals so that no one user has total control over the task themselves. It is closely related to the principle of least privilege which is the ideas that minimum amount of privilege is granted for the minimum (shortest) amount of time to individuals with a need to know.

Report

Name

Pages
1
2
3
4
5
6
7
8
9
10

Sitemap