ISC2 CSSLP Exam Dumps

When an attacker successfully inserts an intermediary software or program between two communicating hosts, it is known as man-in-the-

middle attack.

Documentation control is a method of ensuring that system changes should be agreed upon before being implemented, only the proposed

and approved changes are implemented, and the implementation is complete and accurate. Documentation control is involved in the strict

events for proposing, monitoring, and approving system changes and their implementation.

It helps the change process by supporting the person who synchronizes the analytical task, approves system changes, reviews the

implementation of changes, and oversees other tasks such as documenting the controls.

Answer D is incorrect. Configuration auditing is the quality assurance element of configuration management. It is occupied in the

process of periodic checks to establish the consistency and completeness of accounting information and to validate that all configuration

management policies are being followed.

Configuration audits are broken into functional and physical configuration audits. They occur either at delivery or at the moment of effecting

the change. A functional configuration audit ensures that functional and performance attributes of a configuration item are achieved, while a

physical configuration audit ensures that a configuration item is installed in accordance with the requirements of its detailed design

documentation.

Answer A is incorrect. Configuration control is a procedure of the Configuration management. Configuration control is a set of processes

and approval stages required to change a configuration item's attributes and to re-baseline them. It supports the change of the functional

and physical attributes of software at various points in time, and performs systematic control of changes to the identified attributes.

Answer C is incorrect. Configuration identification is the process of identifying the attributes that define every aspect of a configuration

item. A configuration item is a product (hardware and/or software) that has an end-user purpose. These attributes are recorded in

configuration documentation and baselined. Baselining an attribute forces formal configuration change control processes to be effected in the

event that these attributes are changed.

The various types of internal tests performed on builds are as follows:

Regression tests: It is also known as the verification testing. These tests are developed to confirm that capabilities in earlier builds

continue to work correctly in the subsequent builds.

Functional test: These tests emphasizes on verifying that the build meets its functional and data requirements and correctly generates

each expected display and report.

Performance tests: These tests are used to identify the performance thresholds of each build.

Reliability tests: These tests are used to identify the reliability thresholds of each build.

Process redundancy permits software to run simultaneously on multiple geographically distributed locations, with voting on results. It

prevents attacks in which an attacker can get physical control of a machine, insert unauthorized software, and alter data.

The areas of information system, as separated by Information Assurance Framework, are as follows:

Local Computing Environments: This area includes servers, client workstations, operating system, and applications.

Enclave Boundaries: This area consists of collection of local computing devices, regardless of physical location, that are interconnected

via local area networks (LANs) and governed by a single security policy.

Networks and Infrastructures: This area provides the network connectivity between enclaves. It includes operational area networks

(OANs), metropolitan area networks (MANs), and campus area networks (CANs).

Supporting Infrastructures: This area provides security services for networks, client workstations, Web servers, operating systems,

applications, files, and single-use infrastructure machines.