You
are a system administrator for a pool of Web servers. The vendor who
sells your Web server posts a patch and sample exploit for a newly
discovered vulnerability. You will take all of the actions listed below.
Which of the following actions should you take first?
Options are :
- Run the sample exploit against a production server.
- Run the sample exploit against a test server.
(Correct)
- Test the patch on a production server
- Apply the patch to all production servers.
- Test the patch on a non-production server.
Answer : Run the sample exploit against a test server.
#NAME?
Options are :
- Exploitation
- Baselining
- A vulnerability
- Penetration testing
(Correct)
- A countermeasure
Answer : Penetration testing
Which of the following is the MOST important consideration, when developing securityawareness training materials?
Options are :
- Training material should be accessible and attractive
- Appropriate language should be used to facilitate localization, should training materials require translation.
- Security-awareness training materials should never contradict an organizational security policy.
(Correct)
- Delivery mechanisms should allow easy development of additional materials, to complement core material.
- Written documentation should be archived, in case of disaster.
Answer : Security-awareness training materials should never contradict an organizational security policy.
156-315.71 Check Point Security Expert R71 Practical Exam Set 5
----------- is issued by senior management, and defines an organization's security goals.
Options are :
- Security policy mission statement
(Correct)
- Records-retention procedure
- Acceptable-use policy
- Service level agreement
- Organizational security policy
Answer : Security policy mission statement
#NAME?
Options are :
- Biometrics
- Authorization
- Authentication
- Identification
(Correct)
- Validation
Answer : Identification
Embedding symbols in images or common items, such as pictures or quilts, is an example of __________.
Options are :
- Espionage
- Key exchange
- Transposition cipher
- Arithmancy
- Steganography
(Correct)
Answer : Steganography
156-315.71 Check Point Security Expert R71 Practice Exam Set 4
Which of the following entities review partner-extranet requirements?
Options are :
- Information systems
- Requesting department
(Correct)
- Marketing
- Chief Information Officer
- Shipping and receiving
Answer : Requesting department
#NAME?
Options are :
- ICMPtraffic
- Peak traffic
- Fragmented packets
- Insufficient bandwidth
(Correct)
- Burst traffic
Answer : Insufficient bandwidth
The
items listed below are examples of ___________ controls. *Smart cards
*Access control lists *Authentication servers *Auditing
Options are :
- Technical
(Correct)
- Role-based
- Physical
- Mandatory
- Administrative
Answer : Technical
156-315.71 Check Point Security Expert R71 Practice Exam Set 2
A security administrator implements Secure Configuration Verification (SCV), because SCV: (Choose THREE.)
Options are :
- Does not enable the administrator to monitor the configuration of remote computers
- Confirms that a remote configuration complies with the organization's security policy.
(Correct)
- Enables the administrator to monitor the configuration of remote computers.
(Correct)
- Prevents attackers from penetrating headquarters' Security Gateway
- Can block connectivity for machines that do not comply with the organization's security policy
(Correct)
Answer : Confirms that a remote configuration complies with the organization's security policy.
Enables the administrator to monitor the configuration of remote computers.
Can block connectivity for machines that do not comply with the organization's security policy
Which of these metrics measure how a biometric device performs, when attempting to authenticate subjects? (Choose THREE.)
Options are :
- False Acceptance Rate
(Correct)
- Enrollment Failure Rate
- False Rejection Rate
(Correct)
- User Acceptance Rate
- Crossover Error Rate
(Correct)
Answer : False Acceptance Rate
False Rejection Rate
Crossover Error Rate
156-315.77 Check Point Certified Security Expert Exam Set 16
How is bogus information disseminated?
Options are :
- Adversaries take advantage of a person's trust and goodwill.
- Seemingly, unimportant pieces of data may yield enough information to an adversary, for him to disseminate incorrect information and sound authoritative.
(Correct)
- Adversaries use anomalous traffic patterns as indicators of unusual activity. They will employ other methods, such as social engineering, to discover the cause of the noise.
- Adversaries use movement patterns as indicators of activity.
- Adversaries sort through trash to find information.
Answer : Seemingly, unimportant pieces of data may yield enough information to an adversary, for him to disseminate incorrect information and sound authoritative.
A
new U.S. Federal Information Processing Standard specifies a
cryptographic algorithm. This algorithm is used by U.S. government
organizations to protect sensitive, but unclassified, information. What
is the name of this Standard?
Options are :
- CAST
- Blowfish
- Triple DES
- RSA
- AES
(Correct)
Answer : AES
To
protect its information assets, ABC Company purchases a safeguard that
costs $60,000. The annual cost to maintain the safeguard is estimated to
be $40,000. The aggregate Annualized Loss Expectancy for the risks the
safeguard is expected to mitigate is $50,000. At this rate of return,
how long will it take ABC Company to recoup the cost of the safeguard?
Options are :
- Less than 5 years
- Less than 7 years
(Correct)
- Less than 1 year
- Less than 3 years
- ABC Company will never recoup the cost of this safeguard.
Answer : Less than 7 years
156-215.77 Check Point Certified Security Administrator Exam Set 3
Why should each system user and administrator have individual accounts? (Choose TWO.)
Options are :
- If users do not have individual login names, processes can automatically run with root/administrator access.
- A generic user name and password for users and security administrators provides anonymity, which prevents useful logging and auditing.
(Correct)
- By using individual login names and passwords, user actions can be traced
(Correct)
- Using separate accounts for each user reduces resource consumption, particularly disk space
- Using generic user names and passwords increases system security and reliability.
Answer : A generic user name and password for users and security administrators provides anonymity, which prevents useful logging and auditing.
By using individual login names and passwords, user actions can be traced
Which TWO of the following items should be accomplished, when interviewing candidates for a position within an organization?
Options are :
- question candidates, using polygraphs, n
- Run criminal-background checks.
- Contact personal and professional references.
(Correct)
- Verify all dates of previous employment.
(Correct)
- Hire an investigation agency to run background checks.
Answer : Contact personal and professional references.
Verify all dates of previous employment.
Organizations____________ risk, when they convince another entity to assume the risk for them.
Options are :
- Transfer
(Correct)
- Elevate
- Deny
- Assume
- Mitigate
Answer : Transfer
Check Point Certified Security Expert Exam Set 6
Which of the following equations results in the Single Loss Expectancy for an asset?
Options are :
- Asset Value x % Of Loss From Realized Threat
(Correct)
- Annualized Rate of Occurrence x Annualized Loss Expectancy
- Asset Value x % Of Loss From Realized Exposure
- Asset Value x % Of Loss From Realized Vulnerability
- Annualized Rate of Occurrence / Annualized Loss Expectancy
Answer : Asset Value x % Of Loss From Realized Threat
Which of the following is likely in a small-business environment?
Options are :
- Resources are available as needed.
- Small businesses have security personnel on staff.
- Most employees have experience with information security.
- Security budgets are very small.
(Correct)
- Most small businesses employ a full-time information-technology staff.
Answer : Security budgets are very small.
What must system administrators do when they cannot access a complete i testing?
Options are :
- Extrapolate results from a limited subset.
(Correct)
- Refuse to implement change requests.
- Eliminate the testing phase of change control.
- Deploy directly to the production environment.
- Request additional hardware and software.
Answer : Extrapolate results from a limited subset.
156-315.77 Check Point Certified Security Expert Exam Set 21
Which encryption algorithm has the highest bit strength?
Options are :
- CAST
- DES
- AES
(Correct)
- Blowfish
- Triple DES
Answer : AES
Which
type of Business Continuity Plan (BCP) test involves shutting down z
on-line, & moving all operations to the alternate site?
Options are :
- Checklist
- Parallel
- Simulation
- Structured walkthrough
- Full interruption
(Correct)
Answer : Full interruption
Which of the following is NOT a restriction, for partners accessing internal corporate resources through an extranet?
Options are :
- Using restricted programs, to access databases and other information resources
- Preventing access to any network resource, other than those explicitly permitted
- Preventing modification of restricted information
- Allowing access from any location
(Correct)
- Viewing inventory levels for partner products only
Answer : Allowing access from any location
156-315.13 Check Point Security Expert R76(GAiA) Exam Set 7
Which of the following is an integrity requirement for Remote Offices/Branch Offices (ROBOs)?
Options are :
- Improvised solutions must provide the level of protection required.
- Data must remain available to all remote offices.
- Data must be consistent between ROBO sites and headquarters.
(Correct)
- Private data must remain internal to an organization.
- Users must be educated about appropriate security policies
Answer : Data must be consistent between ROBO sites and headquarters.
Which of the following is NOT an auditing function that should be performed regularly?
Options are :
- Reviewing IDS alerts
- Reviewing system logs
- Reviewing performance logs
(Correct)
- Reviewing audit logs
- Reviewing IDS logs
Answer : Reviewing performance logs
Which
type of Business Continuity Plan (BCP) test involves practicing aspects
of the BCP, without actually interrupting operations or bringing an
alternate site on-line?
Options are :
- Checklist
- Structured walkthrough
- Simulation
(Correct)
- Parallel
- Full interruption
Answer : Simulation
Check Point Certified Security Administrator Set 2
_______ occurs when an individual or process acquires a higher level of privilege. Or access, than originally intended.
Options are :
- Privilege escalation
(Correct)
- Least privilege
- Need-to-know
- Security Triad
- Privilege aggregation
Answer : Privilege escalation
When attempting to identify OPSEC indicators, information-security professionals must: (Choose THREE.)
Options are :
- Perform business impact analysis surveys.
- Meet with adversaries.
- Discover the information daily activities yield.
(Correct)
- Analyze indicators, to determine the information an adversary can glean both from routine and nonroutine activities.
(Correct)
- Scrutinize their organizations' daily activities.
(Correct)
Answer : Discover the information daily activities yield.
Analyze indicators, to determine the information an adversary can glean both from routine and nonroutine activities.
Scrutinize their organizations' daily activities.
Operating-svstem fingerprinting uses all of the following, EXCEPT ______, to identify a target operating system.
Options are :
- Time to Live
- Address spoofing
(Correct)
- Sequence Verifier
- Initial sequence number
- IP ID field
Answer : Address spoofing
Check Point Certified Security Expert Exam Set 11
Internal intrusions are loosely divided into which categories? (Choose TWO.)
Options are :
- Attempts by insiders to perform inappropriate acts, on external information assets to which they have been given rights or permissions.
- Attempts by insiders to perform appropriate acts, on information assets to which they have been given rights or permissions.
- Attempts by insiders to perform inappropriate acts, on information assets to which they have been given rights or permissions.
(Correct)
- Attempts by insiders to access resources, without proper access rights
(Correct)
- Attempts by insiders to access external resources, without proper access rights.
Answer : Attempts by insiders to perform inappropriate acts, on information assets to which they have been given rights or permissions.
Attempts by insiders to access resources, without proper access rights