Get ISC2 CSSLP Exam Dumps

Answer : A

The Biba model is a formal state transition system of computer security policy that describes a set of access control rules

designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that subjects may

not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.

Answer : A

This is a type of service-level agreement.

A service-level agreement (SLA) is a negotiated agreement between two parties where one is the customer and the other is the service

provider. It records a common understanding about services, priorities, responsibilities, guarantees, and warranties. Each area of service

scope should have the 'level of service' defined. The SLA may specify the levels of availability, serviceability, performance, operation, or other

attributes of the service, such as billing.

Answer C is incorrect. Non-disclosure agreements (NDAs) are often used to protect the confidentiality of an invention as it is being

evaluated by potential licensees.

Answer D is incorrect. License agreements (LA) describe the rights and responsibilities of a party related to the use and exploitation of

intellectual property.

Answer B is incorrect. There is no such type of agreement as VPN.

Answer : C

A trade secret is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known. It helps

a business to obtain an economic advantage over its competitors or customers. In some jurisdictions, such secrets are referred to as

confidential information or classified information.

Answer A is incorrect. A copyright is a form of intellectual property, which secures to its holder the exclusive right to produce copies of

his or her works of original expression, such as a literary work, movie, musical work or sound recording, painting, photograph, computer

program, or industrial design, for a defined, yet extendable, period of time. It does not cover ideas or facts. Copyright laws protect intellectual

property from misuse by other individuals.

Answer B is incorrect. A utility model is an intellectual property right to protect inventions.

Answer D is incorrect. A cookie is a small bit of text that accompanies requests and pages as they move between Web servers and

browsers. It contains information that is read by a Web application, whenever a user visits a site. Cookies are stored in the memory or hard

disk of client computers. A Web site stores information, such as user preferences and settings in a cookie. This information helps in providing

customized services to users. There is absolutely no way a Web server can access any private information about a user or his computer

through cookies, unless a user provides the information. A Web server cannot access cookies created by other Web servers.

Answer : A, C, D

According to the NIST SAMATE, dynamic analysis tools operate by generating runtime vulnerability scenario using the following functions:

Resource fault injection

Network fault injection

System fault injection

User interface fault injection

Design attack

Implementation attack

File corruption

Answer B is incorrect. This function is summarized for static analysis tools.

Answer : A, C, D

In eavesdropping, dumpster diving, and shoulder surfing, the attacker violates the confidentiality of a system without affecting its state.

Hence, they are considered passive attacks.