Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

A development team is selecting a security testing standard to underpin their application assessment process. They choose the Open Source Security Testing Methodology Manual (OSSTMM) because it will let them quantify test results across different operational areas in a consistent way. According to OSSTMM, which feature specifically enables this quantitative comparison of security posture?

  • A focus on black-box web application assessments to enumerate OWASP Top 10 vulnerabilities.

  • Certification as a mandatory, legally binding standard under ISO and PCI DSS regulations.

  • A requirement that all vulnerability severities be expressed with the Common Vulnerability Scoring System (CVSS).

  • Its use of Risk Assessment Values (RAV) within the Operational Security Metrics model to assign numerical scores to test findings.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot