Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During an operational risk assessment for a U.S.-hosted e-commerce platform that will store shoppers' payment-card data, you discover the project plan omits any tasks related to complying with the Payment Card Industry Data Security Standard (PCI DSS). From a regulatory or contractual standpoint, which adverse outcome is the project most likely to encounter if it goes live without first achieving PCI DSS compliance?

  • Civil fines under the CAN-SPAM Act for sending marketing emails without an opt-out link on order-confirmation messages.

  • A consent decree from the Federal Trade Commission (FTC) requiring independent audits of online advertising practices.

  • Monetary penalties from card brands and potential suspension of the organization's card-processing privileges for PCI DSS violations.

  • Export-control sanctions for failing to obtain an International Traffic in Arms Regulations (ITAR) license for the site's cryptographic libraries.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Deployment, Operations, Maintenance
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot