Test your basic knowledge |

CSSLP: Certified Secure Software Lifecycle Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. STRIDE






2. OWASP testing guide






3. Authorization






4. General security concept






5. Counter measures






6. Residual Risk






7. Configurations Parameters Management






8. Risk management process






9. Least common mechanism






10. Security Standards






11. Technical Controls






12. Flaw Hypothesis Method (FHM)






13. Single Loss Expectancy (SLE)






14. NIST standards related to software security






15. Availability






16. Least privilege






17. After identification step is...






18. Software security risk management methodologies






19. Common best practices significant to Sofware Security






20. Develop hack resilient software






21. Economy of mechanism






22. ISO/IEC 27006:2007






23. Non Repudiation






24. Threat






25. ISO/IEC 27005:2008






26. Properties of secure software






27. Integrity






28. ISO/IEC 27001:2005






29. Auditing






30. Challenges in implementing auditing/logging






31. Multifactor authentication






32. Confidentiality






33. FIPS 201






34. Holistic Security in software






35. OCTAVE






36. Management Controls






37. EALs levels






38. Phsychological acceptability






39. ISO/IEC 15408






40. Security profile of a software






41. Annual Rate of Occurence (ARO)






42. OWASP Top 10






43. Core Security Concept






44. ISO /IEC 27000:2009






45. FIPS 197 (Advance Cryptographic standards - AES)






46. Take-Grant Model






47. Safeguards






48. Security Controls






49. Operation Controls






50. Error and exception management