Become a CSSLP – Certified Secure Software Lifecycle Professional Earning the globally recognized CSSLP secure software development
certification is a proven way to build your career and better incorporate
security practices into each phase of the software development lifecycle (SDLC).
CSSLP certification recognizes leading application security skills. It shows
employers and peers you have the advanced technical skills and knowledge
necessary for authentication, authorization and auditing throughout the SDLC
using best practices, policies and procedures established by the cybersecurity
experts at (ISC)².
Prove your skills, advance your career, and gain support from a community of
cybersecurity leaders here to help you throughout your professional journey.
Who Earns the CSSLP? The CSSLP is ideal for software development and security professionals
responsible for applying best practices to each phase of the SDLC – from
software design and implementation to testing and deployment – including those
in the following positions:
What will You Need to Know to Pass the CSSLP Exam? The CSSLP exam evaluates your expertise across eight security domains. Think
of the domains as topics you need to master based on your professional
experience and education.
For a complete list of acronyms and terms you may encounter during your (ISC)²
exam, reference the translated (ISC)² Certification Acronym and (ISC)²
Certification Terms glossaries.
Register for Your CSSLP Exam
Don’t wait. If you’re ready to pursue the CSSLP secure software development
certification, commit yourself now by registering for the exam.
Schedule your exam by creating an account with Pearson VUE, the leading provider
of global, computer-based testing for certification and licensure exams. You can
find details on testing locations, policies, accommodations and more on their
website.
Register Now
Get CSSLP Training that's Right for You With instructor-led online and classroom courses, (ISC)² has a training
option to fit your schedule and learning style. Trainings, seminars, courseware
and self-study aids directly from (ISC)² or one of our many Official Training
Providers help you get ready for the rigorous CSSLP exam by reviewing relevant
domains and topics. Visit the (ISC)² Training Finder to register for the course
that best meets your needs, including:
What will You Need to Know to Pass the CSSLP Exam?
The CSSLP exam evaluates your expertise across eight security domains. Think of
the domains as topics you need to master based on your professional experience
and education.
Download the CSSLP Exam Outline for a deeper dive into the CSSLP domains.
For a complete list of acronyms and terms you may encounter during your (ISC)²
exam, reference the translated (ISC)² Certification Acronym and (ISC)²
Certification Terms glossaries.
Register for Your CSSLP Exam
Don’t wait. If you’re ready to pursue the CSSLP secure software development
certification, commit yourself now by registering for the exam.
Schedule your exam by creating an account with Pearson VUE, the leading provider
of global, computer-based testing for certification and licensure exams. You can
find details on testing locations, policies, accommodations and more on their
website.
Register Now
Get CSSLP Training that's Right for You
With instructor-led online and classroom courses, (ISC)² has a training option
to fit your schedule and learning style. Trainings, seminars, courseware and
self-study aids directly from (ISC)² or one of our many Official Training
Providers help you get ready for the rigorous CSSLP exam by reviewing relevant
domains and topics. Visit the (ISC)² Training Finder to register for the course
that best meets your needs, including:
Join A Global Community Of Cybersecurity Leaders Once you are certified and become an (ISC)² member, you’re a part of a
global community of more than 140,000 certified cybersecurity professionals
focused on inspiring a safe and secure cyber world. In addition to that
extensive network, a wealth of continuing education opportunities help you keep
your skills sharp, informed of the latest trends and best practices, and ensures
your expertise remains relevant throughout your career. Learn more about (ISC)²
member benefits.
QUESTION 4
Which of the following penetration testing techniques automatically tests every phone line in an
exchange and tries to locate modems that are attached to the network?
A. Demon dialing
B. Sniffing
C. Social engineering
D. Dumpster diving
Answer: A
Explanation: The demon dialing technique automatically tests every phone line in an exchange
and tries to locate modems that are attached to the network. Information about these modems can
then be used to attempt external unauthorized access. Answer: B is incorrect. In sniffing, a
protocol analyzer is used to capture data packets that are later
decoded to collect information such
as passwords or infrastructure configurations. Answer: D is
incorrect. Dumpster diving technique is
used for searching paper disposal areas for unshredded or
otherwise improperly disposed-of
reports. Answer: C is incorrect. Social engineering is the most
commonly used technique of all,
getting information (like passwords) just by asking for them.
QUESTION 5
Which of the following roles is also known as the accreditor?
A. Data owner
B. Chief Risk Officer
C. Chief Information Officer
D. Designated Approving Authority
Answer: D
Explanation: Designated Approving Authority (DAA) is also known as the accreditor. Answer: A is
incorrect. The data owner (information owner) is usually a member of management, in charge of a
specific business unit, and is ultimately responsible for the protection and use of a specific subset
of information. Answer: B is incorrect. A Chief Risk Officer (CRO) is also known as Chief Risk
Management Officer (CRMO). The Chief Risk Officer or Chief Risk Management Officer of a
corporation is the executive accountable for enabling the efficient and effective governance of
significant risks, and related opportunities, to a business and its various segments. Risks are
commonly categorized as strategic, reputational, operational, financial, or compliance-related.
CRO's are accountable to the Executive Committee and The Board for enabling the business to
balance risk and reward. In more complex organizations, they are generally responsible for
coordinating the organization's Enterprise Risk Management (ERM) approach. Answer: C is
incorrect. The Chief Information Officer (CIO), or Information Technology (IT) director, is a job title
commonly given to the most senior executive in an enterprise responsible for the information
technology and computer systems that support enterprise goals. The CIO plays the role of a
leader and reports to the chief executive officer, chief operations officer, or chief financial officer. In
military organizations, they report to the commanding officer.
QUESTION 6
DoD 8500.2 establishes IA controls for information systems according to the Mission Assurance
Categories (MAC) and confidentiality levels. Which of the following MAC levels requires high
integrity and medium availability?
A. MAC III
B. MAC IV
C. MAC I
D. MAC II
Answer: D
Explanation: The various MAC levels are as follows: MAC I: It states that the systems have high
availability and high integrity. MAC II: It states that the systems have high integrity and medium
availability. MAC III: It states that the systems have basic integrity and availability.
QUESTION 7
Microsoft software security expert Michael Howard defines some heuristics for determining code
review in "A Process for Performing Security Code Reviews". Which of the following heuristics
increase the application's attack surface? Each correct answer represents a complete solution.
Choose all that apply.
A. Code written in C/C++/assembly language
B. Code listening on a globally accessible network interface
C. Code that changes frequently
D. Anonymously accessible code
E. Code that runs by default
F. Code that runs in elevated context
Answer: B,D,E,F
Explanation: Microsoft software security expert Michael Howard defines the following heuristics
for determining code review in "A Process for Performing Security Code Reviews": Old code:
Newer code provides better understanding of software security and has lesser number of
vulnerabilities. Older code must be checked deeply. Code that runs by default: It must have high
quality, and must be checked deeply than code that does not execute by default. Code that runs
by default increases the application's attack surface.
Code that runs in elevated context: It must have higher quality. Code that runs in elevated
privileges must be checked deeply and increases the application's attack surface. Anonymously
accessible code: It must be checked deeply than code that only authorized users and
administrators can access, and it increases the application's attack surface. Code listening on a
globally accessible network interface: It must be checked deeply for security vulnerabilities and
increases the application's attack surface. Code written in C/C++/assembly language: It is prone to
security vulnerabilities, for example, buffer overruns. Code with a history of security vulnerabilities:
It includes additional vulnerabilities except concerted efforts that are required for removing them.
Code that handles sensitive data: It must be checked deeply to ensure that data is protected from
unintentional disclosure. Complex code: It includes undiscovered errors because it is more difficult
to analyze complex code manually and programmatically. Code that changes frequently: It has
more security vulnerabilities than code that does not change frequently.
QUESTION 8
Which of the following cryptographic system services ensures that information will not be disclosed
to any unauthorized person on a local network?
A. Authentication
B. Integrity
C. Non-repudiation
D. Confidentiality
Answer: D
Explanation: The confidentiality service of a cryptographic system ensures that information will
not be disclosed to any unauthorized person on a local network.
QUESTION 9
What are the various activities performed in the planning phase of the Software Assurance
Acquisition process? Each correct answer represents a complete solution. Choose all that apply.
A. Develop software requirements.
B. Implement change control procedures.
C. Develop evaluation criteria and evaluation plan.
D. Create acquisition strategy.
Answer: A,C,D
Explanation: The various activities performed in the planning phase of the Software Assurance
Acquisition process are as follows: Determine software product or service requirements. Identify
associated risks. Develop software requirements. Create acquisition strategy. Develop evaluation
criteria and evaluation plan. Define development and use of SwA due diligence questionnaires.
Answer: B is incorrect. This activity is performed in the monitoring and acceptance phase of the
Software Assurance acquisition process. Click here to
view complete Q&A of CSSLP exam
Certkingdom Review,
Certkingdom PDF Torrents
This exam is designed for candidates looking to demonstrate foundational
knowledge of Microsoft Dynamics 365, Power Platform applications, and the cloud
computing model. This exam will cover the considerations and benefits of
adopting Dynamics 365, the Power Platform, and cloud services in general. This
exam can be taken as a precursor to Dynamics 365 certifications and training.
Candidates for this exam should have general knowledge or relevant working
experience in an Information Technology (IT) environment. Candidates should also
have a basic understanding of business scenarios and experience in addressing
business, legal, and security requirements for IT projects. Less
Understand Dynamics 365 (40-45%)
Understand apps for customer engagement Microsoft Dynamics 365 for Sales
Microsoft Dynamics 365 for Customer Service
Microsoft Dynamics 365 for Field Service
Microsoft Dynamics 365 for Project Service Automation
Microsoft Dynamics 365 for Marketing
Understand apps for unified operations Microsoft Dynamics 365 for Finance and Operations
Microsoft Dynamics 365 for Talent
Microsoft Dynamics 365 for Retail
Microsoft Dynamics 365 for Business Central
Understand power platform Common Data Service (CDS)
Common Data Model (CDM)
PowerApps
Flow
Understand application basics infrastructure stack
solutions basics
business applications terminology
scenarios of business applications in action
Understand cloud concepts (25-30%)
Understand cloud architecture cloud computing overview
Microsoft Azure
and utilize cloud-based apps
Compare different types of cloud services available Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)
and hybrid, public, private, or government
Compare cloud offerings with corresponding on-premises offerings when to use on-premises vs. cloud
explore the stack
examine cost options
Understand deployments and releases (20-25%)
Compare different types of deployments application life cycle
online deployment
and on-premises deployment
Compare different types of releases private preview
public preview
general availability
and hybrid, public, private, or government
Understand role-based security model
security model
manage security
determine roles
implement role based security
and manage teams
Understand GDPR
describe GDPR and understand how Microsoft Dynamics 365 addresses and supports
GDPR
Understand licensing, onboarding, and support (15-20%)
Understand licensing options licensing types
and choosing the right licensing options
Describe setup and support options trials
FastTrack
support offerings
and training offerings Question: 1
You need to select a Dynamics 365 for Customer Engagement application to help
your organization efficiently track, manage, and deliver project-based services.
Which application should you select?
A. Customer Service
B. Field Service
C. Project Service automation
D. Sales
Answer: B Question: 2 You are an administrator in Dynamics 365 for Customer Engagement apps.
You need to create solution components using customization tools.
Which two components can be included in a solution? Each correct answer presents
a complete solution.
NOTE: Each correct selection is worth one point.
A. audit logs
B. sitemap
C. team
D. business unit
E. global option sets
Answer: A,E Question: 3 You are a system administrator for an organization that has Dynamics 365 for
Sales and Dynamics 365 for Customer Service.
A user who logs in to the Microsoft 365 portal sees only Dynamics 365 for Sales.
You need to enable the user to see Dynamics 365 for Customer Service.
What are two possible ways to achieve this goal? Each correct answer presents a
complete solution.
NOTE: Each correct selection is worth one point.
A. In Dynamics 365 model driven apps, enable the features.
B. In PowerApps, create the application.
C. Type the URL of the web application for Dynamics 365 for Customer Service.
D. Assign the correct security role to the user's ID
E. Add the correct licensing to the user ID in Active Directory.
QUESTION: 1
When designing a WLAN to support voice in a large office, which design element is of the highest
concern for performance?
A. Frequency Selection
B. Roaming
C. AP vendor
D. Band steering
Answer: A
QUESTION: 2
What is the minimum PoE budget needed on a switch to support 6 (six) APs that can only be
powered using IEEE 802.3at if no other details are provided?
A. 320 W
B. 60 W
C. 180 W
D. 240 W
Answer: B
QUESTION: 3
In high-density environments, such as stadiums and convention centers, what extra factor has to be
taken into account that can attenuate Wi-Fi signals when these environments are having an event?
A. Thick walls
B. I-Beams
C. People
D. Fire doors
Answer: C
QUESTION: 4
What document is typically created to launch a project?
A. Bill of Materials
B. Project Charter
C. Work Breakdown Structure
D. Budget
Answer: B
QUESTION: 5
Your new customer is concerned about maintaining privacy for their proprietary information when
you conduct information gathering for their WLAN design. Which document can you use to directly
address their concern?
Additional Preparation and Information A combination of Oracle training and hands-on experience (attained via labs
and/or field experience) provides the best preparation for passing the exam.
Initial Setup
Set up Enterprise and Industry
Manage Roles, Visibility, and Security
Plan for Access Control
Manage Personalization and Internationalization
Set up Organizations and Users
Define and enable Geographies
(UPDATED FOR 18B) Set up Mobile and Email Integration
Lead Management Describe the Leads Lifecycle
Configure Lead Conversion
Configure Sales Leads
Forecasting
Describe Forecasting Options
Set up Lookups, Profile Options, and Configuration Activities
Run Forecast Processes
Sales Performance Manage Quota Formulas and Plans
Describe the capabilities of Sales Analytics
Define access points for reports
Define Extensions for Sales Describe the Oracle Recommended guidelines for working in sandboxes
Describe the Tools used to extend and modify the application
Extend Custom Fields and Pages
Use Scripting and Web Services
Use recommended configuration practices to maximize performance
Customer Management
Manage Accounts and Contacts
Enable Customer Data Management
Manage Activities
Set up Sales Predictor and Recommendations
Opportunity Management Describe Sales Methods
Track Partner Contacts in Opportunities
Configure Opportunity Management
Manage References and Competitors
Set up Products and Sales Catalogs
Territory Management and Assignment Rules Plan for Territory Assignment
Manage Synchronization and Schedulable Processes
Explain Configuration Activities
Manage Sales Territories
Set up an Assignment Manager
Migrate Configurations to Production
Plan for Production configuration
Migrate Data
Migrate Configurations
Cloud Implementations Describe Cloud instance management, including Updates, Upgrades, and
Environment Refreshes
Describe Service Entitlements
Set up auditing policy
Describe a testing strategy, a go-live, and a process handoff
Question: 1 Which statement is correct with regards to leads and opportunities?
A. Once a lead is converted to an opportunity, you can manually add multiple
opportunities to it.
B. Lead to opportunity is a one-to-one relation, hence you cannot have one lead
assigned to multiple opportunities.
C. You can have multiple leads associated with a single opportunity but not a
single lead associated with multiple opportunities.
D. Once a lead is converted to an opportunity, you cannot associate another
opportunity with it.
Answer: A
Question: 2 Which three options are mandatory procedures to consider in migration
planning? (Choose three.)
A. Lock all the configuration data in the test environment.
B. Review all the customizations and configuration performed in the test
environment.
C. Define which data should be migrated from the test environment.
D. Check if there are no configuration records at all in the production
environment.
E. Verify if both environments are in the same release and patch bundle.
Answer: B, C, E
Question: 3 Identify two criteria that must be met for salespeople to submit their
forecasts. (Choose two.)
A. forecast past forecast due date
B. territory freeze date past forecast due date
C. forecast before forecast due date
D. forecast before territory freeze date
E. forecast past territory freeze date
Answer: A, B
Question: 4 Your customer has thousands of products and would like to migrate from his
legacy system to Oracle Sales Cloud.
Which statement is true regarding Importing Product Groups?
A. The import procedures are covered in the topic, Importing Product Groups.
B. You’ll create only the root group in the UI and import the rest.
C. You’ll create all of the subgroups (under the root group) manually in the UI.
D. You can directly import an entire product group along with a root group.
Course Content Course Introduction:
Introduce the following contents of Huawei IP Products:Product
Highlights,Competitive Analysis,Case Studies and Quotations.
Target Audience Those who are engaged in selling Huawei Enterprise IP network products,
including: Switches, WLAN, Routers, Security etc.
Prerequisites • With the basic knowledge of data communication
• Familiar with the TCP / IP basic principles and common Ethernet technologies
• Familiar with common network devices of data communication
• Familiar with Huawei Enterprise IP network products, including: Switches, WLAN,
Routers, Security etc.
Objectives On completion of this course the participants will be able to know about :
• Huawei Enterprise IP Product Family
• Huawei Enterprise Network Solution
• Competitive Analysis
• Quotations
Question: 1 Which of the below is not the high-reliability technology?
A. VPN FRR
B. E-Trunk
C. IP/LDP FRR
D. IBGP
Answer: D
Question: 2 Which are main differences between CE12800S and CE12800?() (Multiple Choice)
A. demension size
B. the number of switching fabric
C. no orthogonal architecture
D. new line card only for CE128S
Answer: AB
Question: 3 Which models does S12700 compete against overseas? (Multiple Choice)
A. Cisco 3850
B. Cisco 6800
C. Cisco 4500X
D. Cisco N9000
E. HP 10500
Answer: BE
Question: 4 How much switching fabric slots that NE40E-X8 could support?
