Question 1

Which of the following requires all general support systems and major applications to be fully certified and accredited before these systems and applications are put into production? Each correct answer represents a part of the solution. Choose all that apply.

Options :

A : NIST

B : Office of Management and Budget (OMB)

C : FIPS

D : FISMA

Answer: B,D

Question 2

Which of the following is an important aspect to consider when creating an End-User License Agreement (EULA)?

Options :

A : Including complex legal terminology to ensure enforceability

B : Limiting the liability of the software vendor to the maximum extent possible

C : Clearly defining the permitted uses and restrictions of the software

D : Redacting any mention of user rights and restrictions

Answer: C

Question 3

What are the security advantages of virtualization, as described in the NIST Information Security and Privacy Advisory Board (ISPAB) paper "Perspectives on Cloud Computing and Standards"? Each correct answer represents a complete solution. Choose three

Options :

A : It increases capabilities for fault tolerant computing

B : It adds a layer of security for defense-in-depth

C : It decreases exposure of weak software

D : It decreases configuration effort

Answer: A,B,C

Question 4

What should supply chain prequalification be built on?

Options :

A : Performance of prior work

B : The capability maturity model

C : Performance criteria that are established in advance by the customer

D : Testing supplier knowledge

Answer: C

Question 5

Which of the following are controls that can be used to ensure software authenticity? (Choose all that apply.)

Options :

A : Specifications

B : Hash values

C : Nonrepudiation of origin

D : License keys

Answer: B,C

Free CSSLP Mock Exam – Practice Online Confidently

Buying Options: