Question # 1 ISO 27003 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the following elements does this standard contain? Each correct answer represents a complete solution. Choose all that apply.
A. Inter-Organization Co-operation
B. Information Security Risk Treatment
C. CSFs (Critical success factors)
D. System requirements for certification bodies Managements
E. Terms and Definitions
Click for Answer
A. Inter-Organization Co-operation
C. CSFs (Critical success factors)
E. Terms and Definitions
Answer Description Explanation: ISO 27003 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is entitled as "Information Technology - Security techniques - Information security management system implementation guidance". The ISO 27003 standard provides guidelines for implementing an ISMS (Information Security Management System). It mainly focuses upon the PDCA method along with establishing, implementing, reviewing, and improving the ISMS itself. The ISO 27003 standard contains the following elements: Introduction Scope Terms and Definitions CSFs (Critical success factors) Guidance on process approach Guidance on using PDCA Guidance on Plan Processes Guidance on Do Processes Guidance on Check Processes Guidance on Act Processes Inter-Organization Co-operation Answer: B is incorrect. This element is included in the ISO 27005 standard.
Answer: D is incorrect. This element is included in the ISO 27006 standard.
Question # 2 Which of the following is an attack with IP fragments that cannot be reassembled?
A. Password guessing attack
B. Teardrop attack
C. Dictionary attack
D. Smurf attack
Click for Answer
Answer Description Explanation: Teardrop is an attack with IP fragments that cannot be reassembled. In this attack, corrupt packets are sent to the victim's computer by using IP's packet fragmentation algorithm. As a result of this attack, the victim's computer might hang. Answer: D is incorrect. Smurf is an ICMP attack that involves spoofing and flooding. Answer: C is incorrect. Dictionary attack is a type of password guessing attack. This type of attack uses a dictionary of common words to find out the password of a user. It can also use common words in either upper or lower case to find a password. There are many programs available on the Internet to automate and execute dictionary attacks. Answer: A is incorrect. A password guessing attack occurs when an unauthorized user tries to log on repeatedly to a computer or network by guessing usernames and passwords. Many password guessing programs that attempt to break passwords are available on the Internet. Following are the types of password guessing attacks: Brute force attack Dictionary attack
Question # 3 Which of the following types of signatures is used in an Intrusion Detection System to trigger on attacks that attempt to reduce the level of a resource or system, or to cause it to crash?
A. Access
B. Benign
C. DoS
D. Reconnaissance
Click for Answer
Answer Description Explanation: Following are the basic categories of signatures: Informational (benign): These types of signatures trigger on normal network activity. For example: ICMP echo requests The opening or closing of TCP or UDP connections Reconnaissance: These types of signatures trigger on attacks that uncover resources and hosts that are reachable, as well as any possible vulnerabilities that they might contain. For example: Reconnaissance attacks include ping sweeps DNS queries Port scanning Access: These types of signatures trigger on access attacks, which include unauthorized access, unauthorized escalation of privileges, and access to protected or sensitive data. For example: Back Orifice A Unicode attack against the Microsoft IIS NetBus DoS: These types of signatures trigger on attacks that attempt to reduce the level of a resource or system, or to cause it to crash. For example: TCP SYN floods The Ping of Death Smurf Fraggle Trinoo Tribe Flood Network
Question # 4 Which of the following is an example of over-the-air (OTA) provisioning in digital rights management?
A. Use of shared secrets to initiate or rebuild trust.
B. Use of software to meet the deployment goals.
C. Use of concealment to avoid tampering attacks.
D. Use of device properties for unique identification.
Click for Answer
A. Use of shared secrets to initiate or rebuild trust.
Answer Description Explanation: Over- the- air provisioning is a mechanism to deploy MIDlet suites over a network. It is a method of distributing MIDlet suites. MIDlet suite providers install their MIDlet suites on Web servers and provide a hypertext link for downloading. A user can use this link to download the MIDlet suite either through the Internet microbrowser or through WAP on his device. Over-the-air provisioning is required for end-to-end encryption or other security purposes in order to deliver copyrighted software to a mobile device. For example, use of shared secrets to initiate or rebuild trust. Answer: D and C are incorrect. The use of device properties for unique identification and the use of concealment to avoid tampering attacks are the security challenges in digital rights management (DRM). Answer: B is incorrect. The use of software and hardware to meet the deployment goals is a distracter.
Question # 5 A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company. Which of the following Internet laws has the credit card issuing company violated?
A. Trademark law
B. Security law
C. Privacy law
D. Copyright law
Click for Answer
Answer Description Explanation: The credit card issuing company has violated the Privacy law. According to the Internet Privacy law, a company cannot provide their customer's financial and personal details to other companies. Answer: A is incorrect. Trademark laws facilitate the protection of trademarks around the world. Answer: B is incorrect. There is no law such as Security law. Answer: D is incorrect. The Copyright law protects original works or creations of authorship including literary, dramatic, musical, artistic, and certain other intellectual works
Question # 6 Which of the following process areas does the SSE-CMM define in the 'Project and Organizational Practices' category? Each correct answer represents a complete solution. Choose all that apply.
A. Provide Ongoing Skills and Knowledge
B. Verify and Validate Security
C. Manage Project Risk
D. Improve Organization's System Engineering Process
Click for Answer
A. Provide Ongoing Skills and Knowledge
C. Manage Project Risk
D. Improve Organization's System Engineering Process
Answer Description Explanation: Project and Organizational Practices include the following process areas: PA12: Ensure Quality PA13: Manage Configuration PA14: Manage Project Risk PA15: Monitor and Control Technical Effort PA16: Plan Technical Effort PA17: Define Organization's System Engineering Process PA18: Improve Organization's System Engineering Process PA19: Manage Product Line Evolution PA20: Manage Systems Engineering Support Environment PA21: Provide Ongoing Skills and Knowledge PA22: Coordinate with Suppliers
Question # 7 Which of the following is an open source network intrusion detection system?
A. NETSH
B. Macof
C. Sourcefire
D. Snort
Click for Answer
Answer Description Explanation: Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP). The three main modes in which Snort can be configured are as follows: Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console. Packet logger mode: It logs the packets to the disk. Network intrusion detection mode: It is the most complex and configurable configuration, allowing Snort to analyze network traffic for matches against a user-defined rule set. Answer: B is incorrect. Macof is a tool of the dsniff tool set and used to flood the local network with random MAC addresses. It causes some switches to fail open in repeating mode, and facilitates sniffing. Answer: C is incorrect. Sourcefire is the company that owns and maintains Snort. Answer: A is incorrect. NETSH is not a network intrusion detection system. NETSH is a command line tool to configure TCP/IP settings such as the IP address, Subnet Mask, Default Gateway, DNS, WINS addresses, etc.
Question # 8 In which type of access control do user ID and password system come under?
A. Physical
B. Technical
C. Power
D. Administrative
Click for Answer
Answer Description Explanation: Technical access controls include IDS systems, encryption, network segmentation, and antivirus controls. Answer: D is incorrect. The policies and procedures implemented by an organization come under administrative access controls. Answer: A is incorrect. Security guards, locks on the gates, and alarms come under physical access controls. Answer: C is incorrect. There is no such type of access control as power control.
Up-to-Date
We always provide up-to-date CSSLP exam dumps to our clients. Keep checking website for updates and download.
Excellence
Quality and excellence of our Certified Secure Software Lifecycle Professional practice questions are above customers expectations. Contact live chat to know more.
Success
Your SUCCESS is assured with the CSSLP exam questions of passin1day.com. Just Buy, Prepare and PASS!
Quality
All our braindumps are verified with their correct answers. Download ISC2 Certification Practice tests in a printable PDF format.
Basic
$80
Any 3 Exams of Your Choice
3 Exams PDF + Online Test Engine
Buy Now
Premium
$100
Any 4 Exams of Your Choice
4 Exams PDF + Online Test Engine
Buy Now
Gold
$125
Any 5 Exams of Your Choice
5 Exams PDF + Online Test Engine
Buy Now
Passin1Day has a big success story in last 12 years with a long list of satisfied customers.
We are UK based company, selling CSSLP practice test questions answers. We have a team of 34 people in Research, Writing, QA, Sales, Support and Marketing departments and helping people get success in their life.
We dont have a single unsatisfied ISC customer in this time. Our customers are our asset and precious to us more than their money.
CSSLP Dumps
We have recently updated ISC CSSLP dumps study guide. You can use our ISC2 Certification braindumps and pass your exam in just 24 hours. Our Certified Secure Software Lifecycle Professional real exam contains latest questions. We are providing ISC CSSLP dumps with updates for 3 months. You can purchase in advance and start studying. Whenever ISC update Certified Secure Software Lifecycle Professional exam, we also update our file with new questions. Passin1day is here to provide real CSSLP exam questions to people who find it difficult to pass exam
ISC2 Certification can advance your marketability and prove to be a key to differentiating you from those who have no certification and Passin1day is there to help you pass exam with CSSLP dumps. ISC Certifications demonstrate your competence and make your discerning employers recognize that Certified Secure Software Lifecycle Professional certified employees are more valuable to their organizations and customers. We have helped thousands of customers so far in achieving their goals. Our excellent comprehensive ISC exam dumps will enable you to pass your certification ISC2 Certification exam in just a single try. Passin1day is offering CSSLP braindumps which are accurate and of high-quality verified by the IT professionals. Candidates can instantly download ISC2 Certification dumps and access them at any device after purchase. Online Certified Secure Software Lifecycle Professional practice tests are planned and designed to prepare you completely for the real ISC exam condition. Free CSSLP dumps demos can be available on customer’s demand to check before placing an order.
What Our Customers Say
Jeff Brown
Thanks you so much passin1day.com team for all the help that you have provided me in my ISC exam. I will use your dumps for next certification as well.
Mareena Frederick
You guys are awesome. Even 1 day is too much. I prepared my exam in just 3 hours with your CSSLP exam dumps and passed it in first attempt :)
Ralph Donald
I am the fully satisfied customer of passin1day.com. I have passed my exam using your Certified Secure Software Lifecycle Professional braindumps in first attempt. You guys are the secret behind my success ;)
Lilly Solomon
I was so depressed when I get failed in my Cisco exam but thanks GOD you guys exist and helped me in passing my exams. I am nothing without you.