Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

Your organization reports application-security metrics every quarter. Leadership wants a single KPI that shows whether the program is actually reducing exposure to high-severity vulnerabilities across several agile teams, without being distorted by how much code is written or how many scans are run in a given release. Which metric is the most appropriate choice?

  • Percentage of critical vulnerabilities remediated within the agreed service-level target

  • Total lines of source code scanned for security defects each quarter

  • Number of user stories that include explicit security acceptance criteria

  • Average engineering hours spent fixing medium-severity defects per sprint

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Lifecycle Management
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot