156-110 : Check Point Certified Security Principles Associate (CCSPA) : Part 03
-
You are a system administrator for a pool of Web servers. The vendor who sells your Web server posts a patch and sample exploit for a newly discovered vulnerability. You will take all of the actions listed below. Which of the following actions should you take first?
- Run the sample exploit against a test server.
- Run the sample exploit against a production server.
- Apply the patch to all production servers.
- Test the patch on a production server.
- Test the patch on a non-production server.
-
Which of the following tests provides testing teams some information about hosts or networks?
- Partial-knowledge test
- Full-knowledge test
- Zero-knowledge test
-
_________ is a method of tricking users into revealing passwords, or other sensitive information.
- Dumpster diving
- Means testing
- Social engineering
- Risk
- Exposure
-
Which of the following is the BEST method for managing users in an enterprise?
- Enter user data in a spreadsheet.
- Implement centralized access control.
- Deploy Kerberos.
- Place them in a centralized Lightweight Directory Access Protocol.
- Use a Domain Name System.
-
A security administrator implements Secure Configuration Verification (SCV), because SCV: (Choose THREE.)
- Does not enable the administrator to monitor the configuration of remote computers.
- Can block connectivity for machines that do not comply with the organization’s security policy.
- Enables the administrator to monitor the configuration of remote computers.
- Prevents attackers from penetrating headquarters’ Security Gateway.
- Confirms that a remote configuration complies with the organization’s security policy.
-
If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the organization’s e-mail policy?
- Technologies and methods used to monitor and enforce the organization’s policies
- Senior management and business-unit owner responsibilities and delegation options
- Clear, legally defensible definition of what constitutes a business record
- Consequences for violation of the organization’s acceptable-use policy
- No expectation of privacy for e-mail communications, using the organization’s resources
-
You are preparing a machine that will be used as a dedicated Web server, be removed?
- E.IRC
- SMTP
- FTP
- HTTP
- PVP
-
Embedding symbols in images or common items, such as pictures or quilts, is an example of __________.
- Espionage
- Transposition cipher
- Key exchange
- Arithmancy
- Steganography
-
Which of the following calculations is used when selecting countermeasures?
- Annualized Rate of Occurrence
- Single Loss Expectancy
- Annualized Loss Expectancy
- Business Impact Analysis
- Business Continuity Plan
-
Which of the following is the MOST important consideration, when developing security- awareness training materials?
- Training material should be accessible and attractive.
- Delivery mechanisms should allow easy development of additional materials, to complement core material.
- Security-awareness training materials should never contradict an organizational security policy.
- Appropriate language should be used to facilitate localization, should training materials require translation.
- Written documentation should be archived, in case of disaster.
-
Which of the following is likely in a small-business environment?
- Most small businesses employ a full-time information-technology staff.
- Resources are available as needed.
- Small businesses have security personnel on staff.
- Most employees have experience with information security.
- Security budgets are very small.
-
When attempting to identify OPSEC indicators, information-security professionals must: (Choose THREE.)
- Discover the information daily activities yield.
- Meet with adversaries.
- Perform business impact analysis surveys.
- Scrutinize their organizations’ daily activities.
- Analyze indicators, to determine the information an adversary can glean both from routine and nonroutine activities.
-
Why should each system user and administrator have individual accounts? (Choose TWO.)
- Using generic user names and passwords increases system security and reliability.
- Using separate accounts for each user reduces resource consumption, particularly disk space.
- By using individual login names and passwords, user actions can be traced.
- If users do not have individual login names, processes can automatically run with root/administrator access.
- A generic user name and password for users and security administrators provides anonymity, which prevents useful logging and auditing.
-
Which TWO of the following items should be accomplished, when interviewing candidates for a position within an organization?
- Hire an investigation agency to run background checks.
- Verify all dates of previous employment.
- question candidates, using polygraphs, n
- Contact personal and professional references.
- Run criminal-background checks.
-
Which of these metrics measure how a biometric device performs, when attempting to authenticate subjects? (Choose THREE.)
- False Rejection Rate
- User Acceptance Rate
- Crossover Error Rate
- False Acceptance Rate
- Enrollment Failure Rate
-
A new U.S. Federal Information Processing Standard specifies a cryptographic algorithm. This algorithm is used by U.S. government organizations to protect sensitive, but unclassified, information. What is the name of this Standard?
- Triple DES
- Blowfish
- AES
- CAST
- RSA
-
If a firewall receives traffic not explicitly permitted by its security policy, what should the firewall do?
- Nothing
- Do not log and drop the traffic.
- Log and drop the traffic.
- Log and pass the traffic.
- Do not log and pass the traffic.
-
Which of the following statements about encryption’s benefits is false? Encryption can: (Choose TWO.)
- significantly reduce the chance information will be modified by unauthorized entities.
- only be used to protect data in transit. Encryption provides no protection to stored data.
- allow private information to be sent over public networks, in relative safety.
- significantly reduce the chance information will be viewed by unauthorized entities.
- prevent information from being destroyed by malicious entities, while in transit.
-
Digital signatures are typically provided by a _______, where a third party verifies a key’s authenticity.
- Network firewall
- Security administrator
- Domain controller
- Certificate Authority
- Hash function
-
Organizations____________ risk, when they convince another entity to assume the risk for them.
- Elevate
- Assume
- Deny
- Transfer
- Mitigate
Subscribe
0 Comments
Newest