156-110 Check Point Certified Security Principles Associate Set 1

_________ is a smaller, enhanced version of theX.500 protocol. It is used to provide directory-service information. (Choose the BEST answer.)


Options are :

  • Lightweight Directory Access Protoco (Correct)
  • X.400 Directory Access Protocol
  • Lightweight Host Configuration Protoc
  • Access control list
  • Role-based access control

Answer : Lightweight Directory Access Protoco

156-215.77 Check Point Certified Security Administrator Test Set 2

Which type of access management allows subjects to control some access of objects for other subjects?


Options are :

  • Nondiscretionary
  • Hybrid
  • Role-based
  • Discretionary (Correct)
  • Mandatory

Answer : Discretionary

You are considering purchasing a VPN solution to protect your organization's information assets. The solution you are reviewing uses RFC-compliant and open-standards encryption schemes. The vendor has submitted the system to a variety of recognized testing authorities. The vendor does not make the source code available to testing authorities. Does this solution adhere to the secure design principle of open design?


Options are :

  • No, because the software vendor could have changed the code after testing, which is not verifiable
  • Yes, because the methods are open, and the system does not rely on the secrecy of its internal mechanisms to provide protection. (Correct)
  • No, because the software vendor submitted the software to testing authorities only, and did not make the software available to the public for testing.
  • No, because if a software vendor refuses to reveal the source code for a product, it cannot comply with the open-design principle.
  • Yes, because the methods were tested by recognized testing authorities, and the source code is protected from vandalism.

Answer : Yes, because the methods are open, and the system does not rely on the secrecy of its internal mechanisms to provide protection.

_________ are the people who consume, manipulate, and produce information assets.


Options are :

  • Information asset owners
  • Audit-control groups
  • Information custodians
  • Business-unit owners
  • Functional users (Correct)

Answer : Functional users

156-315.77 Check Point Certified Security Expert Exam Set 5

Which of the following tests provides testing teams some information about hosts or networks?


Options are :

  • Full-knowledge test
  • Partial-knowledge test (Correct)
  • Zero-knowledge test
  • NONE

Answer : Partial-knowledge test

Which of the following is MOST likely to cause management to view a security-needs proposal as invalid?


Options are :

  • Ranked threats
  • Real-world examples
  • Exaggeration (Correct)
  • Temperate manner
  • quantified risks

Answer : Exaggeration

Which of the following is the BEST method for managing users in an enterprise?


Options are :

  • Use a Domain Name System
  • Implement centralized access control
  • Place them in a centralized Lightweight Directory Access Protocol. (Correct)
  • Enter user data in a spreadsheet.
  • Deploy Kerberos

Answer : Place them in a centralized Lightweight Directory Access Protocol.

Check Point Certified Security Administrator Set 2

Why should user populations be segmented?


Options are :

  • To provide authentication services
  • To prevent the generation of audit trails from gateway devices
  • To prevent appropriate collaboration
  • To allow resources to be shared among employees
  • To allow appropriate collaboration, and prevent inappropriate resource sharing (Correct)

Answer : To allow appropriate collaboration, and prevent inappropriate resource sharing

_________ intrusion-detection systems learn the behavior of a machine or network, and create a baseline.


Options are :

  • Behavioral analysis (Correct)
  • Pattern matching
  • Host
  • Network
  • Behavioral analysis

Answer : Behavioral analysis

Maintenance of the Business Continuity Plan (BCP) must be integrated with________an organizationís process.


Options are :

  • Disaster-recovery
  • Inventory-maintenance
  • Compensation-review
  • Change-control (Correct)
  • Discretionary-budget

Answer : Change-control

156-315.77 Check Point Certified Security Expert Exam Set 5

Which of these choices correctly describe denial-of-service (DoS) attacks? (Choose THREE.)


Options are :

  • DoS attacks free the target system of excessive overhead.
  • DoS attacks cause the attacked system to accept legitimate access requests.
  • DoS attacks do not require attackers to have any privileges on a target system, (Correct)
  • DoS ties up a system with so many requests, system resources are consumed, and performance degrades. (Correct)
  • DoS attacks are nearly impossible to stop, once they begin. (Correct)

Answer : DoS attacks do not require attackers to have any privileges on a target system, DoS ties up a system with so many requests, system resources are consumed, and performance degrades. DoS attacks are nearly impossible to stop, once they begin.

What is the purpose of resource isolation?


Options are :

  • To reduce the level of broadcast traffic on physical segments.
  • To enforce access controls, and clearly separate resources from each other. (Correct)
  • To automate the creation of access control lists and Trusted Computing Bases.
  • To make people buy more computers than they really need.
  • To ensure that anyone accessing a resource has appropriate integrity

Answer : To enforce access controls, and clearly separate resources from each other.

You are a system administrator managing a pool of database servers. Your software vendor releases a service pack, with many new features. What should you do? (Choose TWO.)


Options are :

  • Eliminate the testing phase of change control.
  • Refuse to install the service pack.
  • Read the release notes (Correct)
  • Install the service pack on all production database servers.
  • Install the service pack on a database server, in a test environment. (Correct)

Answer : Read the release notes Install the service pack on a database server, in a test environment.

156-315.71 Check Point Security Expert R71 Practice Exam Set 6

A _____________ attack uses multiple systems to launch a coordinated attack.


Options are :

  • Teardrop
  • Distributed denial-of-service (Correct)
  • FTP Bounce
  • Birthday
  • Salami

Answer : Distributed denial-of-service

To comply with the secure design principle of fail-safe defaults, what must a system do if it receives an instruction it does not understand? The system should:


Options are :

  • Cose the connection, and refuse all further traffic from the originator.
  • Send the instruction to a peer server, to see if the peer can execute.
  • Not launch its debugging features, and attempt to resolve the instruction.
  • Search for a close match in the instruction set it understands.
  • Not attempt to execute the instruction. (Correct)

Answer : Not attempt to execute the instruction.

Which of the following are enterprise administrative controls? (Choose TWO.)


Options are :

  • Background checks (Correct)
  • Facility access control
  • Password authentication
  • Network access control
  • Employee handbooks (Correct)

Answer : Background checks Employee handbooks

156-315.77 Check Point Certified Security Expert Exam Set 2

Public servers are typically placed in the --------- to enhance security.


Options are :

  • Restricted Entry Zone
  • Open Zone
  • Demilitarized Zone (Correct)
  • Public Entry Zone
  • Internet Zone

Answer : Demilitarized Zone

How do virtual corporations maintain confidentiality?


Options are :

  • Data hashes
  • Redundant servers
  • Security by obscurity
  • Encryption (Correct)
  • Checksum

Answer : Encryption

Who should have physical access to network-connectivity devices and corporate servers?


Options are :

  • Accounting, information-technology, and auditing staff
  • Only appropriate information-technology personnel (Correct)
  • Only the maintenance staff
  • Managers and C-level executives
  • Customers and clients

Answer : Only appropriate information-technology personnel

156-515.65 Check Point Certified Security Expert Plus Exam Set 2

_________ is a method of tricking users into revealing passwords, or other sensitive information.


Options are :

  • Means testing
  • Exposure
  • Risk
  • Social engineering (Correct)
  • Dumpster diving

Answer : Social engineering

----------- is issued by senior management, and defines an organization's security goals.


Options are :

  • Records-retention procedure
  • Acceptable-use policy
  • Security policy mission statement (Correct)
  • Organizational security policy
  • Service level agreement

Answer : Security policy mission statement

156-315.77 Check Point Certified Security Expert Exam Set 19

Which of the following is the MOST important consideration, when developing securityawareness training materials?


Options are :

  • Training material should be accessible and attractive
  • Appropriate language should be used to facilitate localization, should training materials require translation.
  • Written documentation should be archived, in case of disaster.
  • Security-awareness training materials should never contradict an organizational security policy. (Correct)
  • Delivery mechanisms should allow easy development of additional materials, to complement core material.

Answer : Security-awareness training materials should never contradict an organizational security policy.

Which of the following calculations is used when selecting countermeasures?


Options are :

  • Business Impact Analysis
  • Business Continuity Plan
  • Annualized Loss Expectancy (Correct)
  • Single Loss Expectancy
  • Annualized Rate of Occurrence

Answer : Annualized Loss Expectancy

Which of these strategies can be employed to test training effectiveness? (Choose THREE.)


Options are :

  • Test employees on security concepts several months after training has ended. (Correct)
  • Provide feedback forms for employees to rate instruction and training material, immediately after training has ended
  • Include auditors before and after the training. This checks to see if the number of security-related incidents is reduced, because of the training. (Correct)
  • Create a survey for managers, to see if participants practice behaviors presented during training. (Correct)
  • Give incentives to employees who attend security-awareness training. Perform spotchecks, to see if incentives are displayed

Answer : Test employees on security concepts several months after training has ended. Include auditors before and after the training. This checks to see if the number of security-related incidents is reduced, because of the training. Create a survey for managers, to see if participants practice behaviors presented during training.

156-315.77 Check Point Certified Security Expert Exam Set 22

#NAME?


Options are :

  • Exploitation
  • Baselining
  • A countermeasure
  • Penetration testing (Correct)
  • A vulnerability

Answer : Penetration testing

Embedding symbols in images or common items, such as pictures or quilts, is an example of __________.


Options are :

  • Steganography (Correct)
  • Transposition cipher
  • Arithmancy
  • Espionage
  • Key exchange

Answer : Steganography

If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the organization's e-mail policy?


Options are :

  • Consequences for violation of the organization's acceptable-use policy
  • Senior management and business-unit owner responsibilities and delegation options
  • Clear, legally defensible definition of what constitutes a business record
  • Technologies and methods used to monitor and enforce the organization's policies
  • No expectation of privacy for e-mail communications, using the organization's resources (Correct)

Answer : No expectation of privacy for e-mail communications, using the organization's resources

156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7

A security administrator implements Secure Configuration Verification (SCV), because SCV: (Choose THREE.)


Options are :

  • Prevents attackers from penetrating headquarters' Security Gateway
  • Confirms that a remote configuration complies with the organization's security policy. (Correct)
  • Enables the administrator to monitor the configuration of remote computers. (Correct)
  • Can block connectivity for machines that do not comply with the organization's security policy (Correct)
  • Does not enable the administrator to monitor the configuration of remote computers

Answer : Confirms that a remote configuration complies with the organization's security policy. Enables the administrator to monitor the configuration of remote computers. Can block connectivity for machines that do not comply with the organization's security policy

You are a system administrator for a pool of Web servers. The vendor who sells your Web server posts a patch and sample exploit for a newly discovered vulnerability. You will take all of the actions listed below. Which of the following actions should you take first?


Options are :

  • Run the sample exploit against a production server.
  • Run the sample exploit against a test server. (Correct)
  • Apply the patch to all production servers.
  • Test the patch on a production server
  • Test the patch on a non-production server.

Answer : Run the sample exploit against a test server.

You are preparing a machine that will be used as a dedicated Web server, be removed?


Options are :

  • PVP
  • SMTP
  • E.IRC
  • FTP
  • HTTP (Correct)

Answer : HTTP

156-315.71 Check Point Security Expert R71 Practical Exam Set 5

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions