ISC2 CSSLP Exam Actual Questions

The scope and plan initiation process in BCP symbolizes the beginning of the BCP process. It emphasizes on creating the scope and the

additional elements required to define the parameters of the plan.

The scope and plan initiation phase embodies a check of the company's operations and support services. The scope activities include creating

a detailed account of the work required, listing the resources to be used, and defining the management practices to be employed.

Answer C is incorrect. The business impact assessment is a method used to facilitate business units to understand the impact of a

disruptive event. This phase includes the execution of a vulnerability assessment. This process makes out the mission-critical areas and

business processes that are important for the survival of business.

It is similar to the risk assessment process. The function of a business impact assessment process is to create a document, which is used to

help and understand what impact a disruptive event would have on the business.

Answer A is incorrect. The business continuity plan development refers to the utilization of the information collected in the Business

Impact Analysis (BIA) for the creation of the recovery strategy plan to support the critical business functions. The information gathered from

the BIA is mapped out to make a strategy for creating a continuity plan. The business continuity plan development process includes the areas

of plan implementation, plan testing, and ongoing plan maintenance. This phase also consists of defining and documenting the continuity

strategy.

Answer B is incorrect. The plan approval and implementation process involves creating enterprise-wide awareness of the plan, getting

the final senior management signoff, and implementing a maintenance procedure for updating the plan as required.

DITSCAP stands for DoD Information Technology Security Certification and Accreditation Process. The DoD Directive 5200.40 (DoD Information

Technology Security Certification and Accreditation Process) established the DITSCAP as the standard C&A process for the Department of

Defense. The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) is a process defined by the

United States Department of Defense (DoD) for managing risk. DIACAP replaced the former process, known as DITSCAP, in 2006.

Answer B is incorrect. This DoD Directive is known as National Industrial Security Program Operating Manual.

Answer C is incorrect. This DoD Directive is known as Defense Information Management (IM) Program.

Answer A is incorrect. This DoD Directive is known as Management and Control of Information Requirements.

The owner of information delegates the responsibility of protecting that information to a custodian. The following are the responsibilities of a

custodian with regard to data in an information classification program:

Running regular backups and routinely testing the validity of the backup data

Performing data restoration from the backups when necessary

Controlling access, adding and removing privileges for individual users

Answer C is incorrect. Determining what level of classification the information requires is the responsibility of the owner.

Confidentiality is a term that refers to the protection of data against unauthorized access. Administrators can provide confidentiality by

encrypting data. Symmetric encryption is a relatively fast encryption method. Hence, this method of encryption is best suited for encrypting

large amounts of data such as files on a computer.

Answer A is incorrect. Integrity ensures that no intentional or unintentional unauthorized modification is made to data.

Answer C is incorrect. Auditing is used to track user accounts for file and object access, logon attempts, system shutdown etc. This

enhances the security of the network. Before enabling auditing, the type of event to be audited should be specified in the Audit Policy in User

Manager for Domains.

The security challenges for DRM are as follows:

Key hiding: It prevents tampering attacks that target the secret keys. In the key hiding process, secret keys are used for

authentication, encryption, and node-locking.

Device fingerprinting: It prevents fraud and provides secure authentication. Device fingerprinting includes the summary of hardware

and software characteristics in order to uniquely identify a device.

OTA provisioning: It provides end-to-end encryption or other secure ways for delivery of copyrighted software to mobile devices.

Answer B is incorrect. Access control is not a security challenge for DRM.