Most Recent ISC2 CSSLP Exam Dumps

A code review is a systematic examination of computer source code, which searches and resolves issues occurred in the initial development

phase. It increases the software security by removing common vulnerabilities, such as format string exploits, race conditions, memory leaks,

and buffer overflows. A code review is performed in the following forms:

Pair programming

Informal walkthrough

Formal inspection

Answer C is incorrect. A peer review is an examination process in which author and one or more colleagues examine a work product,

such as document, code, etc., and evaluate technical content and quality. According to the Capability Maturity Model, peer review offers a

systematic engineering practice in order to detect and resolve issues occurring in the software artifacts, and stops the leakage into field

operations.

Answer A is incorrect. Management review is a management study into a project's status and allocation of resources.

Answer D is incorrect. In software audit review one or more auditors, who are not members of the software development organization,

perform an independent examination of a software product, software process, or a set of software processes for assessing compliance with

specifications, standards, contractual agreements, or other specifications.

The Biba model is a formal state transition system of computer security policy that describes a set of access control rules

designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may

not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

A life cycle model helps to provide an insight into the development process and emphasizes on the relationships among the

different activities in this process. This model describes a structured approach to the development and adjustment process involved in

producing and maintaining systems. The life cycle model addresses specifications, design, requirements, verification and validation, and

maintenance activities.

Regression testing focuses on finding defects after a major code change has occurred. Specifically, it seeks to uncover software regressions,

or old bugs that have come back. Such regressions occur whenever software functionality that was previously working correctly stops working

as intended. Typically, regressions occur as an unintended consequence of program changes, when the newly developed part of the software

collides with the previously existing code. Regression testing tests the system efficiency by systematically selecting the suitable and minimum

set of tests that are required to effectively cover the affected changes.

Answer A is incorrect. Unit testing is a type of testing in which each independent unit of an application is tested separately. During unit

testing, a developer takes the smallest unit of an application, isolates it from the rest of the application code, and tests it to determine

whether it works as expected. Unit testing is performed before integrating these independent units into modules. The most common approach

to unit testing requires drivers and stubs to be written. Drivers and stubs are programs. A driver simulates a calling unit, and a stub simulates

a called unit.

Answer C is incorrect. Acceptance testing is performed on the application before its implementation into the production environment. It

is done either by a client or an application specialist to ensure that the software meets the requirement for which it was made.

Answer B is incorrect. Integration testing is a software testing that seeks to verify the interfaces between components against a

software design. Software components may be integrated in an iterative way or all together ('big bang'). Normally the former is considered a

better practice since it allows interface issues to be localized more quickly and fixed.

Integration testing works to expose defects in the interfaces and interaction between the integrated components (modules). Progressively

larger groups of tested software components corresponding to elements of the architectural design are integrated and tested until the

software works as a system.

The business continuity plan is designed to protect critical business processes from natural or man-made failures or disasters and the

resultant loss of capital due to the unavailability of normal business processes.

Business Continuity Planning (BCP) is the creation and validation of a practiced logistical plan for how an organization will recover and restore

partially or completely interrupted critical (urgent) functions within a predetermined time after a disaster or extended disruption. The logistical

plan is called a business continuity plan.

Answer C is incorrect. The crisis communication plan can be broadly defined as the plan for the exchange of information before, during,

or after a crisis event. It is considered as a sub-specialty of the public relations profession that is designed to protect and defend an

individual, company, or organization facing a public challenge to its reputation.

The aim of crisis communication plan is to assist organizations to achieve continuity of critical business processes and information flows under

crisis, disaster or event driven circumstances.

Answer A is incorrect. A contingency plan is a plan devised for a specific situation when things could go wrong. Contingency plans are

often devised by governments or businesses who want to be prepared for anything that could happen. Contingency plans include specific

strategies and actions to deal with specific variances to assumptions resulting in a particular problem, emergency, or state of affairs. They also

include a monitoring process and 'triggers' for initiating planned actions. They are required to help governments, businesses, or individuals to

recover from serious incidents in the minimum time with minimum cost and disruption.

Answer D is incorrect. A disaster recovery plan should contain data, hardware, and software that can be critical for a business. It

should also include the plan for sudden loss such as hard disc crash. The business should use backup and data recovery utilities to limit the

loss of data.