156-110

Check Point Certified Security Principles Associate (CCSPA)

Version 1.0
QUESTION NO: 1

Which of the following is NOT a restriction, for partners accessing internal corporate
resources through an extranet?

A. Preventing modification of restricted information

B. Using restricted programs, to access databases and other information resources
C. Allowing access from any location
D. Preventing access to any network resource, other than those explicitly permitted
E. Viewing inventory levels for partner products only

Answer: C

QUESTION NO: 2

Which type of Business Continuity Plan (BCP) test involves practicing aspects of the
BCP, without actually interrupting operations or bringing an alternate site on-line?

A. Structured walkthrough
B. Checklist
C. Simulation
D. Full interruption
E. Parallel

Answer: C

QUESTION NO: 3

Which of the following equations results in the Single Loss Expectancy for an asset?

A. Asset Value x % Of Loss From Realized Exposure

B. Asset Value x % Of Loss From Realized Threat
C. Annualized Rate of Occurrence / Annualized Loss Expectancy
D. Asset Value x % Of Loss From Realized Vulnerability
E. Annualized Rate of Occurrence x Annualized Loss Expectancy

Answer: B

QUESTION NO: 4

Which of the following is an integrity requirement for Remote Offices/Branch Offices

(ROBOs)?

A. Private data must remain internal to an organization.

B. Data must be consistent between ROBO sites and headquarters.
C. Users must be educated about appropriate security policies.
D. Improvised solutions must provide the level of protection required.
E. Data must remain available to all remote offices.

Answer: B

QUESTION NO: 5
Operating-svstem fingerprinting uses all of the following, EXCEPT ______, to identify a
target operating system.

A. Sequence Verifier
B. Initial sequence number
C. Address spoofing
D. Time to Live
E. IP ID field

Answer: C

QUESTION NO: 6

Internal intrusions are loosely divided into which categories? (Choose TWO.)

A. Attempts by insiders to perform appropriate acts, on information assets to which they

have been given rights or permissions.
B. Attempts by insiders to access resources, without proper access rights
C. Attempts by insiders to access external resources, without proper access rights.
D. Attempts by insiders to perform inappropriate acts, on external information assets to
which they have been given rights or permissions.
E. Attempts by insiders to perform inappropriate acts, on information assets to which
they have been given rights or permissions.

Answer: B, E

QUESTION NO: 7

_________ occurs when an individual or process acquires a higher level of privilege. Or

access, than originally intended.

A. Security Triad
B. Privilege aggregation
C. Need-to-know
D. Privilege escalation
E. Least privilege

Answer: D

QUESTION NO: 8

Which encryption algorithm has the highest bit strength?

A. AES
B. Blowfish
C. DES
D. CAST
E. Triple DES

Answer: A

QUESTION NO: 9

How is bogus information disseminated?

A. Adversaries sort through trash to find information.
B. Adversaries use anomalous traffic patterns as indicators of unusual activity. They will
employ other methods, such as social engineering, to discover the cause of the noise.
C. Adversaries use movement patterns as indicators of activity.
D. Adversaries take advantage of a person's trust and goodwill.
E. Seemingly, unimportant pieces of data may yield enough information to an adversary,
for him to disseminate incorrect information and sound authoritative,

Answer: E

QUESTION NO: 10

Which type of Business Continuity Plan (BCP) test involves shutting down z on-line, and
moving all operations to the alternate site?

A. Parallel
B. Full interruption
C. Checklist
D. Structured walkthrough
E. Simulation

Answer: B

QUESTION NO: 11

What must system administrators do when they cannot access a complete i testing?

A. Extrapolate results from a limited subset.

B. Eliminate the testing phase of change control.
C. Request additional hardware and software.
D. Refuse to implement change requests.
E. Deploy directly to the production environment.

Answer: A

QUESTION NO: 12

To protect its information assets, ABC Company purchases a safeguard that costs
$60,000. The annual cost to maintain the safeguard is estimated to be $40,000. The
aggregate Annualized Loss Expectancy for the risks the safeguard is expected to
mitigate is $50,000.
At this rate of return, how long will it take ABC Company to recoup the cost of the
safeguard?

A. ABC Company will never recoup the cost of this safeguard.

B. Less than 7 years
C. Less than 3 years
D. Less than 1 year
E. Less than 5 years

Answer: B

QUESTION NO: 13

Which of the following is NOT an auditing function that should be performed regularly?
A. Reviewing IDS alerts
B. Reviewing performance logs
C. Reviewing IDS logs
D. Reviewing audit logs
E. Reviewing system logs

Answer: B

QUESTION NO: 14

Which TWO of the following items should be accomplished, when interviewing

candidates for a position within an organization?

A. Hire an investigation agency to run background checks.

B. Verify all dates of previous employment.
C. question candidates, using polygraphs, n
D. Contact personal and professional references.
E. Run criminal-background checks.

Answer: B, D

QUESTION NO: 15

Which of these metrics measure how a biometric device performs, when attempting to
authenticate subjects? (Choose THREE.)

A. False Rejection Rate

B. User Acceptance Rate
C. Crossover Error Rate
D. False Acceptance Rate
E. Enrollment Failure Rate

Answer: A, C, D

QUESTION NO: 16

A new U.S. Federal Information Processing Standard specifies a cryptographic

algorithm. This algorithm is used by U.S. government organizations to protect sensitive,
but unclassified, information. What is the name of this Standard?

A. Triple DES
B. Blowfish
C. AES
D. CAST
E. RSA

Answer: C

QUESTION NO: 17

Which of the following is likely in a small-business environment?

A. Most small businesses employ a full-time information-technology staff.

B. Resources are available as needed.
C. Small businesses have security personnel on staff.
D. Most employees have experience with information security.
E. Security budgets are very small.

Answer: E

QUESTION NO: 18

When attempting to identify OPSEC indicators, information-security professionals must:

(Choose THREE.)

A. Discover the information daily activities yield.

B. Meet with adversaries.
C. Perform business impact analysis surveys.
D. Scrutinize their organizations' daily activities.
E. Analyze indicators, to determine the information an adversary can glean? Both from
routine and nonroutine activities.

Answer: A, D, E

QUESTION NO: 19

Why should each system user and administrator have individual accounts? (Choose
TWO.)

A. Using generic user names and passwords increases system security and reliability.
B. Using separate accounts for each user reduces resource consumption, particularly
disk space.
C. By using individual login names and passwords, user actions can be traced.
D. If users do not have individual login names, processes can automatically run with
root/administrator access.
E. A generic user name and password for users and security administrators provides
anonymity, which prevents useful logging and auditing.

Answer: C, E

QUESTION NO: 20

Organizations____________ risk, when they convince another entity to assume the risk
for them.

A. Elevate
B. Assume
C. Deny
D. Transfer
E. Mitigate

Answer: D

QUESTION NO: 21

Which of the following best describes an external intrusion attempt on a local-area

network (LAN)?
A. Internal users try to gain unauthorized access to information assets outside the
organizational perimeter.
B. External-intrusion attempts from sources outside the LAN are not granted permissions
or rights to an organization's information assets
C. External users attempt to access public resources.
D. External intruders attempt exploitation of vulnerabilities, to remove their own access.
E. Internal users perform inappropriate acts on assets to which they have been given
rights or permissions.

Answer: B

QUESTION NO: 22

_________ intrusion detection involves comparing traffic to known characteristics of

malicious traffic, known as attack signatures.

A. Pattern matching
B. Statistical anomaly
C. Behavioral analysis
D. Host
E. Network

Answer: A

QUESTION NO: 23

If a firewall receives traffic not explicitly permitted by its security policy, what should the
firewall do?

A. Nothing
B. Do not log and drop the traffic.
C. Log and drop the traffic.
D. Log and pass the traffic.
E. Do not log and pass the traffic.

Answer: C

QUESTION NO: 24

Which of the following statements about encryption's benefits is false? Encryption can:
(Choose TWO.)

A. significantly reduce the chance information will be modified by unauthorized entities.

B. only be used to protect data in transit. Encryption provides no protection to stored
data.
C. allow private information to be sent over public networks, in relative safety.
D. significantly reduce the chance information will be viewed by unauthorized entities.
E. prevent information from being destroyed by malicious entities, while in transit.

Answer: B, E

QUESTION NO: 25

Digital signatures are typically provided by a _______, where a third party verifies a
key’s authenticity.
A. Network firewall
B. Security administrator
C. Domain controller
D. Certificate Authority
E. Hash function

Answer: D

QUESTION NO: 26

Which types of security solutions should a home user deploy? (Choose TWO.)

A. Managed Security Gateway

B. Access control lists on a router
C. Personal firewall
D. Network intrusion-detection system
E. Anti-virus software

Answer: C, E

QUESTION NO: 27

Which type of access management uses information about job duties and positions, to
indicate subjects' clearance levels?

A. Discretionary
B. Role-based
C. Nondiscretionary
D. Hybrid
E. Mandatory

Answer: B

QUESTION NO: 28

Which of the following is a cost-effective solution for securely transmitting data between
remote offices?

A. Standard e-mail
B. Fax machine
C. Virtual private network
D. Bonded courier
E. Telephone

Answer: C

QUESTION NO: 29

_________ educate(s) security administrators and end users about organizations'

security policies.

A. Security-awareness training
B. Information Security (INFOSEC) briefings
C. Acceptable-use policies
D. Continuing education
E. Nondisclosure agreements

Answer: A

QUESTION NO: 30

Which of the following can be stored on a workstation? (Choose TWO.)

A. Payroll information
B. Data objects used by many employees
C. Databases
D. Interoffice memo
E. Customer correspondence

Answer: D, E

QUESTION NO: 31

What type of document contains information on alternative business locations, IT

resources, and personnel?

A. End-user license agreement

B. Nondisclosure agreement
C. Acceptable use policy
D. Security policy
E. Business continuity plan

Answer: E

QUESTION NO: 32

Distinguish between the role of the data owner and the role of the data custodian.
Complete the following sentence. The data owner is the:

A. department in the organization responsible for the data's physical storage location.
The data custodian is anyone who has access the data for any reason.
B. person or entity who accesses/and or manipulates data or information, in the course
of assigned duties. The data custodian is a person or process with the appropriate level
of privilege to access the data.
C. person or entity ultimately responsible for the security of an information asset. The
data custodian is the person or entity responsible for imposing and enforcing policies
and restrictions, dictated by the data owner.
D. person or process that originally creates the information. The data custodian is a role
that shifts to any person or process currently accessing the data, and passes to the next
person or process to access the data.
E. person or entity responsible for imposing and enforcing policies and restrictions,
dictated by the functional user. The data custodian is a person or process who accesses
and/or manipulates the information.

Answer: C

QUESTION NO: 33

Which of the following is NOT a concern for enterprise physical security?

A. Network Intrusion Detection Systems
B. Social engineering
C. Dumpster diving
D. Property theft
E. Unauthorized access to a facility

Answer: A

QUESTION NO: 34

A(n) _____________ is a quantitative review of risks, to determine how an organization

continue to function, in the event a risk is realized. .

A. Monitored risk process

B. Disaster-recovery plan
C. Business impact analysis
D. Full interruption test
E. Information security audit

Answer: C

QUESTION NO: 35

A(n)___________ is a one-way mathematical function that maps variable values into

smaller values of a fixed length.

A. Symmetric key
B. Algorithm
C. Back door
D. Hash function
E. Integrity

Answer: D

QUESTION NO: 36

At ABC Corporation, access to critical information resources, such as database and e-

mail servers, is controlled by the information-technology (IT) department. The supervisor
in the department grants access to printers where the printer is located. Managers grant
and revoke rights to files within their departments' directories on the file server, but the IT
department controls who has access to the directories. Which type of access-
management system is in use at ABC Corporation?

A. Centralized access management

B. Role-based access management
C. Hybrid access management
D. Decentralized access management
E-Privileged access management

Answer: C

QUESTION NO: 37

One individual is selected from each department, to attend a security-awareness course.

Each person returns to his department, delivering the course to the remainder of the
department. After training is complete, each person acts as a peer coach. Which type of
training is this?

A. On-line training
B. Formal classroom training
C. Train-the-mentor training
D. Alternating-facilitator training
E. Self-paced training

Answer: C

QUESTION NO: 38

Which of the following are common failures that should be addressed in an (BCP) ?
(Choose THREE.)

A. Connectivity failures
B. Accounting failures
C. Hardware failures
D. Utility failures
E. Personal failures

Answer: A, C, D

QUESTION NO: 39

Which of the following is an example of a simple, physical-access control?

A. Lock
B. Access control list
C. Background check
D. Token
E. Firewall

Answer: A

QUESTION NO: 40

Which of the following should be included in an enterprise Business Continuity Plan

(BCP)? (Choose THREE.)

A. Accidental or intentional data deletion

B. Severe weather disasters
C. Employee terminations
D. Employee administrative leave
E. Minor power outages

Answer: A, B, E

QUESTION NO: 41

A __________ posture provides many levels of security possibilities, for access control.

A. Layered defensive
B. Multiple offensive
C. Flat defensive
D. Reactive defensive
E. Proactive offensive

Answer: A

QUESTION NO: 42

A(n) ___________ is the first step for determining which technical information assets
should be protected.

A. Network diagram
B. Business Impact Analysis
C. Office floor plan
D. Firewall
E. Intrusion detection system

Answer: A

QUESTION NO: 43

Which of the following statements about the maintenance and review of information
security policies is NOT true?

A. The review and maintenance of security policies should be tied to the performance
evaluations of accountable individuals.
B. Review requirements should be included in the security policies themselves.
C. When business requirements change, security policies should be reviewed to confirm
that policies reflect the new business requirements.
D. Functional users and information custodians are ultimately responsible for the
accuracy and relevance of information security policies.
E. In the absence of changes to business requirements and processes, information-
security policy reviews should be annual.

Answer: D

QUESTION NO: 44

_________ is a type of cryptography, where letters of an original message are

systematically rearranged into another sequence.

A. Symmetric-key exchange
B. Steganography
C. Transposition cipher
D. Asymmetric-key encryption
E. Simple substitution cipher

Answer: C

QUESTION NO: 45

A(n) __________ is an abstract machine, which mediates all access subjects have to
objects.

A. ACL
B. Reference monitor
C. State machine
D. TCB
E. Router

Answer: B

QUESTION NO: 46

__________ is the state of being correct, or the degree of certainty a person or process
can have, that the data in an information asset is correct.

A. Confidentiality
B. Integrity
C. Authenticity
D. Privacy
E. Availability

Answer: B

QUESTION NO: 47

Enterprise employees working remotely require access to data at an organization's

headquarters. Which of the following is the BEST method to transfer this data?

A. Standard e-mail
B. Faxed information
C. Dial-in access behind the enterprise firewall
D. Virtual private network
E. CD-ROMs shipped with updated versions of the data

Answer: D

QUESTION NO: 48

INFOSEC professionals are concerned about providing due care and due diligence. With
whom should they consult, when protecting information assets?

A. Law enforcement in their region

B. Senior management, particularly business-unit owners
C. IETF enforcement officials
D. Other INFOSEC professionals
E. Their organizations' legal experts

Answer: E

QUESTION NO: 49

The items listed below are examples of ___________ controls.

*Procedures and policies

*Employee security-awareness training
*Employee background checks
*Increasing management security awareness
A. Technical
B. Administrative
C. Role-based
D. Mandatory
E. Physical

Answer: B

QUESTION NO: 50

A(n) ___________ is an unintended communication path that can be used to violate a

system security policy.

A. Covert channel
B. Integrity axiom
C. Simple rule violation
D. Inferred fact
E. Aggregated data set

Answer: A

QUESTION NO: 51

_________ involves gathering pieces of information and drawing a conclusion, whose

sensitivity exceeds any of the Individual pieces of Information.

A. Inference
B. Social engineering
C. Movement analysis
D. Communication-pattern analysis
E. Aggregation

Answer: E

QUESTION NO: 52

What is mandatory sign-on? An authentication method that:

A. uses smart cards, hardware tokens, and biometrics to authenticate users; also known
as three-factor authentication
B. requires the use of one-time passwords, so users authenticate only once, with a given
set of credentials
C. requires users to re-authenticate at each server and access control
D. stores user credentials locally, so that users need only authenticate the first time a
local machine is used
E. allows users to authenticate once, and then uses tokens or other credentials to
manage subsequent authentication attempts

Answer: C

QUESTION NO: 53

Virtual corporations typically use a(n) ___________ for maintaining centralized

information assets.

A. Off-line repository
B. Floppy disk
C. Data warehouse
D. CD-ROM burner
E. Colocation

Answer: E

QUESTION NO: 54

ABC Corporation's network is configured such that a user must log in individually at each
server and access control. Which type of authentication is in use?

A. Role-based access control

B. Three-factor authentication
C. Single sign-on
D. Hybrid access control
E. Mandatory sign-on

Answer: E

QUESTION NO: 55

ABC Corporation's network requires users to authenticate to cross the border firewall,
and before entering restricted segments. Servers containing sensitive information
require separate authentication. This is an example of which type of access-control
method?

A. Single sign-on
B. Decentralized access control
C. Hybrid access control
D. Layered access control
E. Mandatory access control

Answer: D

QUESTION NO: 56

Which of the following is NOT a Business Continuity Plan (BCP) recovery strategy?

A. Delegating risk to another entity, such as an insurer

B. Manual procedures; alternative solution to technology available
C. Deferring action; action waiting until a later date
D. Reciprocal agreements with another organization
E. Doing nothing; no action taken to recover the technology

Answer: A

QUESTION NO: 57

A(n) __________ occurs when intrusion-detection measures fail to recognize suspicious

traffic or activity.

A. False positive
B. False negative
C. CIFS pop-up
D. Threshold
E. Alarm

Answer: B

QUESTION NO: 58

All of the following are possible configurations for a corporate intranet, EXCEPT:

A. Value-added network
B. Wide-area network
C. Campus-area network
D. Metropolitan-area network
E. Local-area network

Answer: A

QUESTION NO: 59

Why does the (ISC)2 access-control systems and methodology functional domain
address both the confidentiality and integrity aspects of the Information Security Triad?
Access-control systems and methodologies:

A. are required standards in health care and banking.

B. provide redundant systems and data backups.
C. control who is allowed to view and modify information.
D. are academic models not suitable for implementation.
E. set standards for acceptable media-storage devices.

Answer: C

QUESTION NO: 60

Which of the following best describes the largest security challenge for Remote
Offices/Branch Offices?

A. Leased-line security
B. Salami attacks
C. Unauthorized network connectivity
D. Distributed denial-of-service attacks
E. Secure access to remote organizational resources

Answer: E

QUESTION NO: 61

Maintenance of the Business Continuity Plan (BCP) must be integrated with________an

organization’s process.

A. Change-control
B. Disaster-recovery
C. Inventory-maintenance
D. Discretionary-budget
E. Compensation-review

Answer: A
QUESTION NO: 62

A _____________ attack uses multiple systems to launch a coordinated attack.

A. Distributed denial-of-service
B. Teardrop
C. Birthday
D. FTP Bounce
E. Salami

Answer: A

QUESTION NO: 63

You are considering purchasing a VPN solution to protect your organization's information
assets. The solution you are reviewing uses RFC-compliant and open-standards
encryption schemes. The vendor has submitted the system to a variety of recognized
testing authorities. The vendor does not make the source code available to testing
authorities. Does this solution adhere to the secure design principle of open design?

A. No, because the software vendor could have changed the code after testing, which is
not verifiable.
B. No, because the software vendor submitted the software to testing authorities only,
and did not make the software available to the public for testing.
C. Yes, because the methods were tested by recognized testing authorities, and the
source code is protected from vandalism.
D. Yes, because the methods are open, and the system does not rely on the secrecy of
its internal mechanisms to provide protection.
E. No, because if a software vendor refuses to reveal the source code for a product, it
cannot comply with the open-design principle.

Answer: D

QUESTION NO: 64

To comply with the secure design principle of fail-safe defaults, what must a system do if
it receives an instruction it does not understand? The system should:

A. send the instruction to a peer server, to see if the peer can execute.
B. not attempt to execute the instruction.
C. close the connection, and refuse all further traffic from the originator.
D. not launch its debugging features, and attempt to resolve the instruction.
E. search for a close match in the instruction set it understands.

Answer: B

QUESTION NO: 65

Which of the following are enterprise administrative controls? (Choose TWO.)

A. Network access control

B. Facility access control
C. Password authentication
D. Background checks
E. Employee handbooks
Answer: D, E

QUESTION NO: 66

You are a system administrator managing a pool of database servers. Your software
vendor releases a service pack, with many new features. What should you do? (Choose
TWO.)

A. Eliminate the testing phase of change control.

B. Read the release notes
C. Refuse to install the service pack.
D. Install the service pack on all production database servers.
E. Install the service pack on a database server, in a test environment.

Answer: B, E

QUESTION NO: 67

Which type of access management allows subjects to control some access of objects for
other subjects?

A. Discretionary
B. Hybrid
C. Mandatory
D. Role-based
E. Nondiscretionary

Answer: A

QUESTION NO: 68

Why should user populations be segmented?

A. To allow resources to be shared among employees

B. To allow appropriate collaboration, and prevent inappropriate resource sharing
C. To prevent appropriate collaboration
D. To provide authentication services
E. To prevent the generation of audit trails from gateway devices

Answer: B

QUESTION NO: 69

Public servers are typically placed in the --------- to enhance security.

A. Restricted Entry Zone

B. Open Zone
C. Internet Zone
D. Demilitarized Zone
E. Public Entry Zone

Answer: D
QUESTION NO: 70

_________ is a smaller, enhanced version of theX.500 protocol. It is used to provide

directory-service information. (Choose the BEST answer.)

A. Lightweight Directory Access Protoco

B. X.400 Directory Access Protocol
C. Access control list
D. Lightweight Host Configuration Protoc
E. Role-based access control

Answer: A

QUESTION NO: 71

What is the purpose of resource isolation?

A. To reduce the level of broadcast traffic on physical segments.

B. To ensure that anyone accessing a resource has appropriate integrity.
C. To automate the creation of access control lists and Trusted Computing Bases.
D. To enforce access controls, and clearly separate resources from each other.
E. To make people buy more computers than they really need.

Answer: D

QUESTION NO: 72

_________ intrusion-detection systems learn the behavior of a machine or network, and

create a baseline.

A. Behavioral analysis
B. Statistical anomaly
C. Network
D. Pattern matching
E. Host

Answer: B

QUESTION NO: 73

How do virtual corporations maintain confidentiality?

A. Encryption
B. Checksum
C. Data hashes
D. Redundant servers
E. Security by obscurity

Answer: A

QUESTION NO: 74

Which of these choices correctly describe denial-of-service (DoS) attacks? (Choose

THREE.)
A. DoS attacks do not require attackers to have any privileges on a target system,
B. DoS attacks are nearly impossible to stop, once they begin.
C. DoS attacks free the target system of excessive overhead.
D. DoS ties up a system with so many requests, system resources are consumed, and
performance degrades.
E. DoS attacks cause the attacked system to accept legitimate access requests.

Answer: A, B, D

QUESTION NO: 75

Which of the following is MOST likely to cause management to view a security-needs

proposal as invalid?

A. Real-world examples
B. Exaggeration
C. Ranked threats
D. quantified risks
E. Temperate manner

Answer: B

QUESTION NO: 76

Which of the following tests provides testing teams some information about hosts or
networks?

A. Partial-knowledge test
B. Full-knowledge test
C. Zero-knowledge test

Answer: A

QUESTION NO: 77

_________ is a method of tricking users into revealing passwords, or other sensitive

information.

A. Dumpster diving
B. Means testing
C. Social engineering
D. Risk
E. Exposure

Answer: C

QUESTION NO: 78

Which of the following is the BEST method for managing users in an enterprise?

A. Enter user data in a spreadsheet.

B. Implement centralized access control.
C. Deploy Kerberos.
D. Place them in a centralized Lightweight Directory Access Protocol.
E. Use a Domain Name System.
Answer: D

QUESTION NO: 79

_________ are the people who consume, manipulate, and produce information assets.

A. Information asset owners

B. Business-unit owners
C. Audit-control groups
D. Information custodians
E. Functional users

Answer: E

QUESTION NO: 80

Who should have physical access to network-connectivity devices and corporate

servers?

A. Customers and clients

B. Accounting, information-technology, and auditing staff
C. Managers and C-level executives
D. Only appropriate information-technology personnel
E. Only the maintenance staff

Answer: D

QUESTION NO: 81

You are a system administrator for a pool of Web servers. The vendor who sells your
Web server posts a patch and sample exploit for a newly discovered vulnerability. You
will take all of the actions listed below. Which of the following actions should you take
first?

A. Run the sample exploit against a test server.

B. Run the sample exploit against a production server.
C. Apply the patch to all production servers.
D. Test the patch on a production server.
E. Test the patch on a non-production server.

Answer: A

QUESTION NO: 82

Embedding symbols in images or common items, such as pictures or quilts, is an

example of __________.

A. Espionage
B. Transposition cipher
C. Key exchange
D. Arithmancy
E. Steganography

Answer: E
QUESTION NO: 83

Which of the following calculations is used when selecting countermeasures?

A. Annualized Rate of Occurrence

B. Single Loss Expectancy
C. Annualized Loss Expectancy
D. Business Impact Analysis
E. Business Continuity Plan

Answer: C

QUESTION NO: 84

Which of the following is the MOST important consideration, when developing security-
awareness training materials?

A. Training material should be accessible and attractive.

B. Delivery mechanisms should allow easy development of additional materials, to
complement core material.
C. Security-awareness training materials should never contradict an organizational
security policy.
D. Appropriate language should be used to facilitate localization, should training
materials require translation.
E. Written documentation should be archived, in case of disaster.

Answer: C

QUESTION NO: 85

A security administrator implements Secure Configuration Verification (SCV), because

SCV: (Choose THREE.)

A. Does not enable the administrator to monitor the configuration of remote computers.
B. Can block connectivity for machines that do not comply with the organization's
security policy.
C. Enables the administrator to monitor the configuration of remote computers. 1 D.
Prevents attackers from penetrating headquarters' Security Gateway.
E. Confirms that a remote configuration complies with the organization's security policy.

Answer: B, C, E

QUESTION NO: 86

If e-mail is subject to review by individuals other than the sender and recipient, what
should be clearly stated in the organization's e-mail policy?

A. Technologies and methods used to monitor and enforce the organization's policies
B. Senior management and business-unit owner responsibilities and delegation options
C. Clear, legally defensible definition of what constitutes a business record
D. Consequences for violation of the organization's acceptable-use policy
E. No expectation of privacy for e-mail communications, using the organization's
resources
Answer: E

QUESTION NO: 87

You are preparing a machine that will be used as a dedicated Web server, be removed?

A. E.IRC
B. SMTP
C. FTP
D. HTTP
E. PVP

Answer: D

QUESTION NO: 88

----------- is issued by senior management, and defines an organization's security goals.

A. Records-retention procedure
B. Acceptable-use policy
C. Organizational security policy
D. Security policy mission statement
E. Service level agreement

Answer: D

QUESTION NO: 89

Which of the following entities review partner-extranet requirements?

A. Information systems
B. Shipping and receiving
C. Marketing
D. Requesting department
E. Chief Information Officer

Answer: D

QUESTION NO: 90

------------ is the process of subjects establishing who they are to an access control.

A. Identification
B. Authentication
C. Authorization
D. Validation
E. Biometrics

Answer: A

QUESTION NO: 91

When should procedures be evaluated?

A. When new functional users join an organization
B. On the anniversary of the procedures' implementation
C. Each time procedures are used
D. Whenever business processes are modified
E. When new exploits and attacks are discovered

Answer: D

QUESTION NO: 92

Which principle of secure design states that a security mechanism's methods must be
testable?

A. Separation of privilege
B. Least common mechanism
C. Complete mediation
D. Open design
E. Economy of mechanism

Answer: D

QUESTION NO: 93

Which of these strategies can be employed to test training effectiveness? (Choose

THREE.)

A. Create a survey for managers, to see if participants practice behaviors presented

during training.
B. Provide feedback forms for employees to rate instruction and training material,
immediately after training has ended.
C. Include auditors before and after the training. This checks to see if the number of
security-related incidents is
reduced, because of the training.
D. Give incentives to employees who attend security-awareness training. Perform spot-
checks, to see if incentives are displayed.
E. Test employees on security concepts several months after training has ended.

Answer: A, C, E

QUESTION NO: 94

Which of the following represents a valid reason for testing a patch on a non-production
system, before applying it to a production system?

A. Patches may re-enable services previously disabled.

B. Patches are a kind of virus.
C. Patches always overwrite user data.
D. Only patches on vendor-pressed CDs can be trusted.
E. Patches usually break important system functionality.

Answer: A

QUESTION NO: 95

The items listed below are examples of ___________ controls.

 *Smart cards
*Access control lists
*Authentication servers
*Auditing

A. Role-based
B. Administrative
C. Technical
D. Physical
E. Mandatory

Answer: C

QUESTION NO: 96

Which of the following are appropriate uses of asymmetric encryption? (Choose

THREE.)

A. Authentication
B. Secure key-exchange mechanisms
C. Public Web site access
D. Data-integrity checking
E. Sneaker net

Answer: A, B, D

QUESTION NO: 97

---------- is the process of conforming that implemented security safeguards work as

expected.

A. Penetration testing
B. Exploitation
C. Baselining
D. A vulnerability
E. A countermeasure

Answer: A

QUESTION NO: 98

What is single sign-on? An authentication method:

A. that allows users to authenticate once, and then uses tokens or other credentials to
manage subsequent authentication attempts
B. that stores user credentials locally, so that users need only authenticate the first time,
a local machine is used
C. requiring the use of one-time passwords, so users authenticate only once, with a
given set of credentials.
D. that uses smart cards, hardware tokens, and biometrics to authenticate users; also
known as three-factor authentication
E. that requires users to re-authenticate for every resource accessed

Answer: A
QUESTION NO: 99

------- can mimic the symptoms of a denial-of-service attack, and the resulting loss in
productivity can be no less devastating to an organization.

A. ICMPtraffic
B. Peak traffic
C. Fragmented packets
D. Insufficient bandwidth
E. Burst traffic

Answer: D

QUESTION NO: 100

Why should the number of services on a server be limited to required services?

A. Every open service represents a potential vulnerability.

B. Closed systems require special connectivity services.
C. Running extra services makes machines more efficient.
D. All services are inherently stable and secure.
E. Additional services make machines more secure.

Answer: A