2023 Updated Verified Pass CSSLP Exam - Real Questions & Answers [Q151-Q170]

NEW QUESTION 151
Mark works as a Network Administrator for NetTech Inc. He wants users to access only those resources that are required for them. Which of the following access control models will he use?

Discretionary Access Control

Mandatory Access Control

Policy Access Control

Role-Based Access Control

Explanation:
Role-based access control (RBAC) is an access control model. In this model, a user can access resources according to his role in the organization. For example, a backup administrator is responsible for taking backups of important data. Therefore, he is only authorized to access this data for backing it up. However, sometimes users with different roles need to access the same resources. This situation can also be handled using the RBAC model.

NEW QUESTION 152
Which of the following phases of DITSCAP includes the activities that are necessary for the continuing operation of an accredited IT system in its computing environment and for addressing the changing threats that a system faces throughout its life cycle?

Phase 3, Validation

Phase 1, Definition

Phase 2, Verification

Phase 4, Post Accreditation Phase

NEW QUESTION 153
You work as an analyst for Tech Perfect Inc. You want to prevent information flow that may cause a conflict of interest in your organization representing competing clients. Which of the following security models will you use?

Bell-LaPadula model

Chinese Wall model

Clark-Wilson model

Biba model

NEW QUESTION 154
Which of the following are the principle duties performed by the BIOS during POST (power-on-self-test)?
Each correct answer represents a part of the solution. Choose all that apply.

It provides a user interface for system’s configuration.

It identifies, organizes, and selects boot devices.

It delegates control to other BIOS, if it is required.

It discovers size and verifies system memory.

It verifies the integrity of the BIOS code itself.

It interrupts the execution of all running programs.

NEW QUESTION 155
Which of the following allows multiple operating systems (guests) to run concurrently on a host computer?

Emulator

Hypervisor

Grid computing

CP/CMS

NEW QUESTION 156
John works as a professional Ethical Hacker. He is assigned a project to test the security of www.we-are-secure.com. You have searched all open ports of the we-are-secure server. Now, you want to perform the next information-gathering step, i.e., passive OS fingerprinting. Which of the following tools can you use to accomplish the task?

Superscan

NBTscan

Nmap

P0f

According to the scenario, you have searched all open ports of the we-are-secure server. Now you want to perform the next information-gathering step, i.e., passive OS fingerprinting. For this, you will use the P0f tool to accomplish the task. P0f is a passive OS fingerprinting tool that is used to identify the operating system of a target host simply by examining captured packets even when the device is behind a packet firewall. It does not generate any additional direct or indirect network traffic. P0f can also be used to gather various information, such as firewall presence, NAT use (for policy enforcement), existence of a load balancer setup, the distance to the remote system and its uptime, etc. Answer C is incorrect. Nmap is used for active OS fingerprinting. Nmap is a free open-source utility for network exploration and security auditing. It is used to discover computers and services on a computer network, thus creating a “map” of the network. Just like many simple port scanners, Nmap is capable of discovering passive services. In addition, Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card. Nmap runs on Linux, Microsoft Windows etc. Answer A is incorrect. SuperScan is a TCP/UDP port scanner. It also works as a ping sweeper and hostname resolver. It can ping a given range of IP addresses and resolve the host name of the remote system.The features of SuperScan are as follows: It scans any port range from a built-in list or any given range. It performs ping scans and port scans using any IP range. It modifies the port list and port descriptions using the built in editor. It connects to any discovered open port using user-specified “helper” applications. It has the transmission speed control utility. Answer B is incorrect. NBTscan is a scanner that scans IP networks for NetBIOS name information. It sends a NetBIOS status query to each address in a supplied range and lists received information in human readable form. It displays IP address, NetBIOS computer name, logged-in user name and MAC address of each responded host. NBTscan works in the same manner as nbtstat, but it operates on a range of addresses instead of just one.

NEW QUESTION 157
Which of the following process areas does the SSE-CMM define in the ‘Project and Organizational Practices’ category? Each correct answer represents a complete solution. Choose all that apply.

Provide Ongoing Skills and Knowledge

Verify and Validate Security

Manage Project Risk

Improve Organization’s System Engineering Process

NEW QUESTION 158
Security is a state of well-being of information and infrastructures in which the possibilities of successful yet undetected theft, tampering, and/or disruption of information and services are kept low or tolerable. Which of the following are the elements of security? Each correct answer represents a complete solution. Choose all that apply.

Integrity

Authenticity

Confidentiality

Availability

NEW QUESTION 159
Which of the following are examples of the application programming interface (API)? Each correct answer represents a complete solution. Choose three.

HTML

PHP

.NET

Perl

NEW QUESTION 160
The Phase 2 of DITSCAP C&A is known as Verification. The goal of this phase is to obtain a fully integrated system for certification testing and accreditation. What are the process activities of this phase?
Each correct answer represents a complete solution. Choose all that apply.

Certification analysis

Assessment of the Analysis Results

Configuring refinement of the SSAA

System development

Registration

NEW QUESTION 161
DRAG DROP
Auditing is used to track user accounts for file and object access, logon attempts, system shutdown, and many more vulnerabilities to enhance the security of the network. It encompasses a wide variety of activities. Place the different auditing activities in front of their descriptions.
Select and Place:

NEW QUESTION 162
John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. He has successfully performed the following steps of the pre-attack phase to check the security of the We-are-secure network: Gathering information Determining the network range Identifying active systems Now, he wants to find the open ports and applications running on the network. Which of the following tools will he use to accomplish his task?

ARIN

APNIC

RIPE

SuperScan

Explanation:
In such a situation, John will use the SuperScan tool to find the open ports and applications on the We-are-secure network. SuperScan is a TCP/UDP port scanner. It also works as a ping sweeper and hostname resolver. It can ping a given range of IP addresses and resolve the host name of the remote system. The features of SuperScan are as follows: It scans any port range from a built-in list or any given range. It performs ping scans and port scans using any IP range. It modifies the port list and port descriptions using the built in editor. It connects to any discovered open port using user-specified “helper” applications. It has the transmission speed control utility.

NEW QUESTION 163
The Systems Development Life Cycle (SDLC) is the process of creating or altering the systems; and the models and methodologies that people use to develop these systems. Which of the following are the different phases of system development life cycle? Each correct answer represents a complete solution. Choose all that apply.

Testing

Implementation

Operation/maintenance

Development/acquisition

Disposal

Initiation

NEW QUESTION 164
Penetration testing (also called pen testing) is the practice of testing a computer system, network, or Web application to find vulnerabilities that an attacker could exploit. Which of the following areas can be exploited in a penetration test? Each correct answer represents a complete solution. Choose all that apply.

Kernel flaws

Information system architectures

Race conditions

File and directory permissions

Buffer overflows

Trojan horses

Social engineering

NEW QUESTION 165
FITSAF stands for Federal Information Technology Security Assessment Framework. It is a methodology for assessing the security of information systems. Which of the following FITSAF levels shows that the procedures and controls have been implemented?

Level 2

Level 3

Level 5

Level 1

Level 4

NEW QUESTION 166
SIMULATION
Fill in the blank with an appropriate phrase The is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity.

NEW QUESTION 167
Which of the following are the benefits of information classification for an organization? Each correct answer represents a complete solution. Choose two.

It helps reduce the Total Cost of Ownership (TCO).

It helps identify which protections apply to which information.

It helps identify which information is the most sensitive or vital to an organization.

It ensures that modifications are not made to data by unauthorized personnel or processes.

NEW QUESTION 168
Which of the following terms ensures that no intentional or unintentional unauthorized modification is made to data?

Non-repudiation

Integrity

Authentication

Confidentiality

NEW QUESTION 169
A security policy is an overall general statement produced by senior management that dictates what role security plays within the organization. What are the different types of policies? Each correct answer represents a complete solution. Choose all that apply.

Advisory

Systematic

Informative

Regulatory

NEW QUESTION 170
Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to have a security program in place. What are the objectives of a security program? Each correct answer represents a complete solution. Choose all that apply.

Security education

Security organization

System classification

Information classification