156-110 : Check Point Certified Security Principles Associate (CCSPA) : Part 03

  1. You are a system administrator for a pool of Web servers. The vendor who sells your Web server posts a patch and sample exploit for a newly discovered vulnerability. You will take all of the actions listed below. Which of the following actions should you take first?

    • Run the sample exploit against a test server. 
    • Run the sample exploit against a production server.
    • Apply the patch to all production servers.
    • Test the patch on a production server.
    • Test the patch on a non-production server.
  2. Which of the following tests provides testing teams some information about hosts or networks?

    • Partial-knowledge test
    • Full-knowledge test
    • Zero-knowledge test
  3. _________ is a method of tricking users into revealing passwords, or other sensitive information.

    • Dumpster diving
    • Means testing
    • Social engineering 
    • Risk
    • Exposure
  4. Which of the following is the BEST method for managing users in an enterprise?

    • Enter user data in a spreadsheet.
    • Implement centralized access control.
    • Deploy Kerberos.
    • Place them in a centralized Lightweight Directory Access Protocol.
    • Use a Domain Name System.
  5. A security administrator implements Secure Configuration Verification (SCV), because SCV: (Choose THREE.)

    • Does not enable the administrator to monitor the configuration of remote computers.
    • Can block connectivity for machines that do not comply with the organization’s security policy.
    • Enables the administrator to monitor the configuration of remote computers.
    • Prevents attackers from penetrating headquarters’ Security Gateway.
    • Confirms that a remote configuration complies with the organization’s security policy.
  6. If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the organization’s e-mail policy?

    • Technologies and methods used to monitor and enforce the organization’s policies
    • Senior management and business-unit owner responsibilities and delegation options
    • Clear, legally defensible definition of what constitutes a business record
    • Consequences for violation of the organization’s acceptable-use policy 
    • No expectation of privacy for e-mail communications, using the organization’s resources
  7. You are preparing a machine that will be used as a dedicated Web server, be removed?

    • E.IRC
    • SMTP
    • FTP
    • HTTP 
    • PVP
  8. Embedding symbols in images or common items, such as pictures or quilts, is an example of __________.

    • Espionage
    • Transposition cipher
    • Key exchange
    • Arithmancy
    • Steganography
  9. Which of the following calculations is used when selecting countermeasures?

    • Annualized Rate of Occurrence
    • Single Loss Expectancy
    • Annualized Loss Expectancy
    • Business Impact Analysis
    • Business Continuity Plan
  10. Which of the following is the MOST important consideration, when developing security- awareness training materials?

    • Training material should be accessible and attractive.
    • Delivery mechanisms should allow easy development of additional materials, to complement core material.
    • Security-awareness training materials should never contradict an organizational security policy.
    • Appropriate language should be used to facilitate localization, should training materials require translation.
    • Written documentation should be archived, in case of disaster.
  11. Which of the following is likely in a small-business environment?

    • Most small businesses employ a full-time information-technology staff.
    • Resources are available as needed.
    • Small businesses have security personnel on staff.
    • Most employees have experience with information security.
    • Security budgets are very small.
  12. When attempting to identify OPSEC indicators, information-security professionals must: (Choose THREE.)

    • Discover the information daily activities yield.
    • Meet with adversaries.
    • Perform business impact analysis surveys.
    • Scrutinize their organizations’ daily activities.
    • Analyze indicators, to determine the information an adversary can glean both from routine and nonroutine activities.
  13. Why should each system user and administrator have individual accounts? (Choose TWO.)

    • Using generic user names and passwords increases system security and reliability.
    • Using separate accounts for each user reduces resource consumption, particularly disk space.
    • By using individual login names and passwords, user actions can be traced.
    • If users do not have individual login names, processes can automatically run with root/administrator access.
    • A generic user name and password for users and security administrators provides anonymity, which prevents useful logging and auditing.
  14. Which TWO of the following items should be accomplished, when interviewing candidates for a position within an organization?

    • Hire an investigation agency to run background checks.
    • Verify all dates of previous employment.
    • question candidates, using polygraphs, n
    • Contact personal and professional references.
    • Run criminal-background checks.
  15. Which of these metrics measure how a biometric device performs, when attempting to authenticate subjects? (Choose THREE.)

    • False Rejection Rate 
    • User Acceptance Rate
    • Crossover Error Rate
    • False Acceptance Rate
    • Enrollment Failure Rate
  16. A new U.S. Federal Information Processing Standard specifies a cryptographic algorithm. This algorithm is used by U.S. government organizations to protect sensitive, but unclassified, information. What is the name of this Standard?

    • Triple DES
    • Blowfish
    • AES 
    • CAST
    • RSA
  17. If a firewall receives traffic not explicitly permitted by its security policy, what should the firewall do?

    • Nothing
    • Do not log and drop the traffic.
    • Log and drop the traffic.
    • Log and pass the traffic.
    • Do not log and pass the traffic.
  18. Which of the following statements about encryption’s benefits is false? Encryption can: (Choose TWO.)

    • significantly reduce the chance information will be modified by unauthorized entities.
    • only be used to protect data in transit. Encryption provides no protection to stored data. 
    • allow private information to be sent over public networks, in relative safety.
    • significantly reduce the chance information will be viewed by unauthorized entities.
    • prevent information from being destroyed by malicious entities, while in transit.
  19. Digital signatures are typically provided by a _______, where a third party verifies a key’s authenticity.

    • Network firewall
    • Security administrator
    • Domain controller
    • Certificate Authority
    • Hash function
  20. Organizations____________ risk, when they convince another entity to assume the risk for them.

    • Elevate
    • Assume
    • Deny
    • Transfer
    • Mitigate
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments