Free ISC2 CSSLP Exam Questions

Become ISC2 Certified with updated CSSLP exam questions and correct answers

Page: 1 / 155

Total 774 Questions | Updated On: Apr 21, 2026

Add To Cart

Question 1

Which of the following statements about secure backup and restoration planning is correct?

A : In case of a system failure, create a disaster recovery plan that not only involves restoring data but also includes procedures for notifying the affected individuals, plans for mitigating further damage from data loss, and means for storing and retrieving the data securely.

B : In the world of cloud computing, the concept of creating backups is now an outmoded way of thinking. Merely make sure that all your databases create hot copies of the data in a secure cloud storage system for data recovery.

C : When creating backups, use a fast network connection to ensure that all data is backed up and to limit the time data is in motion.

D : When creating a plan for backup and restoration, you must consider that the cost of this action may exceed your normal operating budget.

Answer: A

Question 2

Code signing is done using what?

A : File integrity checks

B : Encrypted source code

C : Public key cryptography and hash functions

D : Controlled distribution channels such as SSL

Answer: C

Question 3

The operations phase of the software lifecycle is characterized by what?

A : It begins when software is released from development.

B : It begins with the development of the program requirements.

C : The response team is the process manager.

D : The development team is the process manager.

Answer: A

Question 4

When considering software security requirements, which operations correctly categorize functional and non-functional requirements?

A : Functional: security, operational, continuity, deployment. Non-functional: business requirements, use cases, stories

B : Functional: security, operational, deployment. Non-functional: business requirements, uses case, stories.

C : Functional: business requirements, use cases, stories. Non-functional: security, operational, deployment.

D : Functional: business requirements, use cases, stories. Non-functional: security, operational, continuity, deployment.

Answer: D

Question 5

What is qualitative risk analysis primarily based on?

A : Data from system logs

B : Threat analysis

C : Penetration tests

D : Expert judgment

Answer: D

Page: 1 / 155

Total 774 Questions | Updated On: Apr 21, 2026

Add To Cart