Question 1

----------- is issued by senior management, and defines an organization's security goals.

Accepted Answer

A)  Records-retention procedure 
B)  Acceptable-use policy 
C)  Organizational security policy 
D)  Security policy mission statement 
E)  Service level agreement 
A)  Records-retention procedure 
B)  Acceptable-use policy 
C)  Organizational security policy 
D)  Security policy mission statement 
E)  Service level agreement

Question 2

When attempting to identify OPSEC indicators, information-security professionals must: (Choose THREE.)

Accepted Answer

A)  Discover the information daily activities yield. 
B)  Meet with adversaries. 
C)  Perform business impact analysis surveys. 
D)  Scrutinize their organizations' daily activities. 
E)  Analyze indicators, to determine the information an adversary can glean both from routine and nonroutine activities. 
A)  Discover the information daily activities yield. 
B)  Meet with adversaries. 
C)  Perform business impact analysis surveys. 
D)  Scrutinize their organizations' daily activities. 
E)  Analyze indicators, to determine the information an adversary can glean both from routine and nonroutine activities.

Question 3

Which of the following is a cost-effective solution for securely transmitting data between remote offices?

Accepted Answer

A)  Standard e-mail 
B)  Fax machine 
C)  Virtual private network 
D)  Bonded courier 
E)  Telephone 
A)  Standard e-mail 
B)  Fax machine 
C)  Virtual private network 
D)  Bonded courier 
E)  Telephone

Question 4

A(n) __________ occurs when intrusion-detection measures fail to recognize suspicious traffic or activity.

Accepted Answer

A)  False positive 
B)  False negative 
C)  CIFS pop-up 
D)  Threshold 
E)  Alarm 
A)  False positive 
B)  False negative 
C)  CIFS pop-up 
D)  Threshold 
E)  Alarm

Question 5

One individual is selected from each department, to attend a security-awareness course. Each person returns to his department, delivering the course to the remainder of the department. After training is complete, each person acts as a peer coach. Which type of training is this?

Accepted Answer

A)  On-line training 
B)  Formal classroom training 
C)  Train-the-mentor training 
D)  Alternating-facilitator training 
E)  Self-paced training 
A)  On-line training 
B)  Formal classroom training 
C)  Train-the-mentor training 
D)  Alternating-facilitator training 
E)  Self-paced training

Question 6

A new U.S. Federal Information Processing Standard specifies a cryptographic algorithm. This algorithm is used by U.S. government organizations to protect sensitive, but unclassified, information. What is the name of this Standard?

Accepted Answer

A)  Triple DES 
B)  Blowfish 
C)  AES 
D)  CAST 
E)  RSA 
A)  Triple DES 
B)  Blowfish 
C)  AES 
D)  CAST 
E)  RSA

Question 7

Which encryption algorithm has the highest bit strength?

Accepted Answer

A)  AES 
B)  Blowfish 
C)  DES 
D)  CAST 
E)  Triple DES 
A)  AES 
B)  Blowfish 
C)  DES 
D)  CAST 
E)  Triple DES

Question 8

You are considering purchasing a VPN solution to protect your organization's information assets. The solution you are reviewing uses RFC-compliant and open-standards encryption schemes. The vendor has submitted the system to a variety of recognized testing authorities. The vendor does not make the source code available to testing authorities. Does this solution adhere to the secure design principle of open design?

Accepted Answer

A)  No, because the software vendor could have changed the code after testing, which is not verifiable. 
B)  No, because the software vendor submitted the software to testing authorities only, and did not make the software available to the public for testing. 
C)  Yes, because the methods were tested by recognized testing authorities, and the source code is protected from vandalism. 
D)  Yes, because the methods are open, and the system does not rely on the secrecy of its internal mechanisms to provide protection. 
E)  No, because if a software vendor refuses to reveal the source code for a product, it cannot comply with the open-design principle. 
A)  No, because the software vendor could have changed the code after testing, which is not verifiable. 
B)  No, because the software vendor submitted the software to testing authorities only, and did not make the software available to the public for testing. 
C)  Yes, because the methods were tested by recognized testing authorities, and the source code is protected from vandalism. 
D)  Yes, because the methods are open, and the system does not rely on the secrecy of its internal mechanisms to provide protection. 
E)  No, because if a software vendor refuses to reveal the source code for a product, it cannot comply with the open-design principle.

Question 9

A(n) ___________ is the first step for determining which technical information assets should be protected.

Accepted Answer

A)  Network diagram 
B)  Business Impact Analysis 
C)  Office floor plan 
D)  Firewall 
E)  Intrusion detection system 
A)  Network diagram 
B)  Business Impact Analysis 
C)  Office floor plan 
D)  Firewall 
E)  Intrusion detection system

Question 10

Which type of access management uses information about job duties and positions, to indicate subjects' clearance levels?

Accepted Answer

A)  Discretionary 
B)  Role-based 
C)  Nondiscretionary 
D)  Hybrid 
E)  Mandatory 
A)  Discretionary 
B)  Role-based 
C)  Nondiscretionary 
D)  Hybrid 
E)  Mandatory

Question 11

A _____________ attack uses multiple systems to launch a coordinated attack.

Accepted Answer

A)  Distributed denial-of-service 
B)  Teardrop 
C)  Birthday 
D)  FTP Bounce 
E)  Salami 
A)  Distributed denial-of-service 
B)  Teardrop 
C)  Birthday 
D)  FTP Bounce 
E)  Salami

Question 12

Which of the following best describes the largest security challenge for Remote Offices/Branch Offices?

Accepted Answer

A)  Leased-line security 
B)  Salami attacks 
C)  Unauthorized network connectivity 
D)  Distributed denial-of-service attacks 
E)  Secure access to remote organizational resources 
A)  Leased-line security 
B)  Salami attacks 
C)  Unauthorized network connectivity 
D)  Distributed denial-of-service attacks 
E)  Secure access to remote organizational resources

Question 13

ABC Corporation's network requires users to authenticate to cross the border firewall, and before entering restricted segments. Servers containing sensitive information require separate authentication. This is an example of which type of access-control method?

Accepted Answer

A)  Single sign-on 
B)  Decentralized access control 
C)  Hybrid access control 
D)  Layered access control 
E)  Mandatory access control 
A)  Single sign-on 
B)  Decentralized access control 
C)  Hybrid access control 
D)  Layered access control 
E)  Mandatory access control

Question 14

Which principle of secure design states that a security mechanism's methods must be testable?

Accepted Answer

A)  Separation of privilege 
B)  Least common mechanism 
C)  Complete mediation 
D)  Open design 
E)  Economy of mechanism 
A)  Separation of privilege 
B)  Least common mechanism 
C)  Complete mediation 
D)  Open design 
E)  Economy of mechanism

Question 15

Which of the following statements about encryption's benefits is false? Encryption can: (Choose TWO.)

Accepted Answer

A)  significantly reduce the chance information will be modified by unauthorized entities. 
B)  only be used to protect data in transit. Encryption provides no protection to stored data. 
C)  allow private information to be sent over public networks, in relative safety. 
D)  significantly reduce the chance information will be viewed by unauthorized entities. 
E)  prevent information from being destroyed by malicious entities, while in transit. 
A)  significantly reduce the chance information will be modified by unauthorized entities. 
B)  only be used to protect data in transit. Encryption provides no protection to stored data. 
C)  allow private information to be sent over public networks, in relative safety. 
D)  significantly reduce the chance information will be viewed by unauthorized entities. 
E)  prevent information from being destroyed by malicious entities, while in transit.

Question 16

Organizations____________ risk, when they convince another entity to assume the risk for them.

Accepted Answer

A)  Elevate 
B)  Assume 
C)  Deny 
D)  Transfer 
E)  Mitigate 
A)  Elevate 
B)  Assume 
C)  Deny 
D)  Transfer 
E)  Mitigate

Question 17

The items listed below are examples of ___________ controls. *Procedures and policies *Employee security-awareness training *Employee background checks *Increasing management security awareness

Accepted Answer

A)  Technical 
B)  Administrative 
C)  Role-based 
D)  Mandatory 
E)  Physical 
A)  Technical 
B)  Administrative 
C)  Role-based 
D)  Mandatory 
E)  Physical

Question 18

Which of the following are appropriate uses of asymmetric encryption? (Choose THREE.)

Accepted Answer

A)  Authentication 
B)  Secure key-exchange mechanisms 
C)  Public Web site access 
D)  Data-integrity checking 
E)  Sneaker net 
A)  Authentication 
B)  Secure key-exchange mechanisms 
C)  Public Web site access 
D)  Data-integrity checking 
E)  Sneaker net

Question 19

Which of the following is NOT an auditing function that should be performed regularly?

Accepted Answer

A)  Reviewing IDS alerts 
B)  Reviewing performance logs 
C)  Reviewing IDS logs 
D)  Reviewing audit logs 
E)  Reviewing system logs 
A)  Reviewing IDS alerts 
B)  Reviewing performance logs 
C)  Reviewing IDS logs 
D)  Reviewing audit logs 
E)  Reviewing system logs

Question 20

Which of the following equations results in the Single Loss Expectancy for an asset?

Accepted Answer

A)  Asset Value x % Of Loss From Realized Exposure 
B)  Asset Value x % Of Loss From Realized Threat 
C)  Annualized Rate of Occurrence / Annualized Loss Expectancy 
D)  Asset Value x % Of Loss From Realized Vulnerability 
E)  Annualized Rate of Occurrence x Annualized Loss Expectancy 
A)  Asset Value x % Of Loss From Realized Exposure 
B)  Asset Value x % Of Loss From Realized Threat 
C)  Annualized Rate of Occurrence / Annualized Loss Expectancy 
D)  Asset Value x % Of Loss From Realized Vulnerability 
E)  Annualized Rate of Occurrence x Annualized Loss Expectancy

----------- is issued by senior management, and defines an organization's security goals.

When attempting to identify OPSEC indicators, information-security professionals must: (Choose THREE.)

Which of the following is a cost-effective solution for securely transmitting data between remote offices?

A(n) __________ occurs when intrusion-detection measures fail to recognize suspicious traffic or activity.

One individual is selected from each department, to attend a security-awareness course. Each person returns to his department, delivering the course to the remainder of the department. After training is complete, each person acts as a peer coach. Which type of training is this?

A new U.S. Federal Information Processing Standard specifies a cryptographic algorithm. This algorithm is used by U.S. government organizations to protect sensitive, but unclassified, information. What is the name of this Standard?

Which encryption algorithm has the highest bit strength?

A(n) ___________ is the first step for determining which technical information assets should be protected.

Which type of access management uses information about job duties and positions, to indicate subjects' clearance levels?

A _____________ attack uses multiple systems to launch a coordinated attack.

Which of the following best describes the largest security challenge for Remote Offices/Branch Offices?

ABC Corporation's network requires users to authenticate to cross the border firewall, and before entering restricted segments. Servers containing sensitive information require separate authentication. This is an example of which type of access-control method?

Which principle of secure design states that a security mechanism's methods must be testable?

Which of the following statements about encryption's benefits is false? Encryption can: (Choose TWO.)

Organizations____________ risk, when they convince another entity to assume the risk for them.

The items listed below are examples of ___________ controls. Procedures and policies Employee security-awareness training Employee background checks Increasing management security awareness

Which of the following are appropriate uses of asymmetric encryption? (Choose THREE.)

Which of the following is NOT an auditing function that should be performed regularly?

Which of the following equations results in the Single Loss Expectancy for an asset?

Check Point Certified Security Administrator (CCSA R80)

Check Point Certified Security Expert - R80

Filters

Exam 1: Check Point Certified Security Principles Associate (CCSPA)

----------- is issued by senior management, and defines an organization's security goals.

When attempting to identify OPSEC indicators, information-security professionals must: (Choose THREE.)

Which of the following is a cost-effective solution for securely transmitting data between remote offices?

A(n) __________ occurs when intrusion-detection measures fail to recognize suspicious traffic or activity.

One individual is selected from each department, to attend a security-awareness course. Each person returns to his department, delivering the course to the remainder of the department. After training is complete, each person acts as a peer coach. Which type of training is this?

A new U.S. Federal Information Processing Standard specifies a cryptographic algorithm. This algorithm is used by U.S. government organizations to protect sensitive, but unclassified, information. What is the name of this Standard?

Which encryption algorithm has the highest bit strength?

A(n) ___________ is the first step for determining which technical information assets should be protected.

Which type of access management uses information about job duties and positions, to indicate subjects' clearance levels?

A _____________ attack uses multiple systems to launch a coordinated attack.

Which of the following best describes the largest security challenge for Remote Offices/Branch Offices?

ABC Corporation's network requires users to authenticate to cross the border firewall, and before entering restricted segments. Servers containing sensitive information require separate authentication. This is an example of which type of access-control method?

Which principle of secure design states that a security mechanism's methods must be testable?

Which of the following statements about encryption's benefits is false? Encryption can: (Choose TWO.)

Organizations____________ risk, when they convince another entity to assume the risk for them.

The items listed below are examples of ___________ controls. *Procedures and policies *Employee security-awareness training *Employee background checks *Increasing management security awareness

Which of the following are appropriate uses of asymmetric encryption? (Choose THREE.)

Which of the following is NOT an auditing function that should be performed regularly?

Which of the following equations results in the Single Loss Expectancy for an asset?

Check Point Certified Security Administrator (CCSA R80)

Check Point Certified Security Expert - R80

Filters

The items listed below are examples of ___________ controls. Procedures and policies Employee security-awareness training Employee background checks Increasing management security awareness