Test your basic knowledge |

CSSLP: Certified Secure Software Lifecycle Professional

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Phsychological acceptability






2. Configurations Parameters Management






3. Holistic Security in software






4. Security Risk Management Discipline






5. After identification step is...






6. Security Controls






7. Categories of controls






8. EALs levels






9. FIPS140-2 (Security requirement for cryptographic modules)






10. ISO/IEC 27006:2007






11. Clipping level






12. General security concept






13. Security Standards






14. Least privilege






15. Flaw Hypothesis Method (FHM)






16. Properties of secure software






17. Develop hack resilient software






18. ISO/IEC 9216






19. ISO/IEC 27001:2005






20. Common best practices significant to Sofware Security






21. Availability






22. NIST standards related to software security






23. PCI DSS






24. Access Matrix model


25. Technical Controls






26. Counter measures






27. Least common mechanism






28. Integrity






29. Vulnerability






30. Software security risk management methodologies






31. Accountability






32. FIPS 197 (Advance Cryptographic standards - AES)






33. Total Risk






34. ISO /IEC 27000:2009






35. Security design principles






36. Complete mediation






37. Compartmentalization






38. Benefits of coding standards






39. Security profile of a software






40. Popular guides developed by OWASP






41. Challenges in implementing auditing/logging






42. Authorization






43. Single Loss Expectancy (SLE)






44. Multifactor authentication






45. Threat






46. DREAD






47. Management Controls






48. ISO/IEC 27005:2008






49. OWASP Code Review Guide






50. Take-Grant Model