Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

During backlog refinement for a new cloud-based file storage service, you propose the following requirement: "The system shall encrypt all files at rest using AES-256 keys managed by the organization's HSM." According to secure requirement practices, how should this statement be classified and where is it most appropriately documented to ensure later verification?

  • An operational continuity requirement that belongs exclusively in disaster recovery procedures and deployment scripts

  • A compliance requirement derived from privacy legislation that is tracked only under data access provisioning records

  • A functional security requirement that should be expressed solely as a user story in the product backlog

  • A non-functional security requirement that should be recorded as a quality attribute and referenced in the Security Requirement Traceability Matrix

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Requirements
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot