Check Point Certified Security Principles Associate (CCSPA) (156-110) Free Practice Test

Question 1

____________________ are the people who consume, manipulate, and produce information assets.

A. Information asset owners

B. Audit-control groups

C. Business-unit owners

D. Functional users

E. Information custodians

Correct Answer: D

Question 2

You are considering purchasing a VPN solution to protect your organization's information assets. The solution you are reviewing uses RFC-compliant and open-standards encryption schemes. The vendor has submitted the system to a variety of recognized testing authorities. The vendor does not make the source code available to testing authorities.
Does this solution adhere to the secure design principle of open design?

A. No, because the software vendor could have changed the code after testing, which is not verifiable.

B. Yes, because the methods were tested by recognized testing authorities, and the source code is protected from vandalism.

C. Yes, because the methods are open, and the system does not rely on the secrecy of its internal mechanisms to provide protection.

D. No, because the software vendor submitted the software to testing authorities only, and did not make the software available to the public for testing.

E. No, because if a software vendor refuses to reveal the source code for a product, it cannot comply with the open-design principle.

Correct Answer: C

Question 3

If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the organization's e-mail policy?

A. Technologies and methods used to monitor and enforce the organization's policies

B. Clear, legally defensible definition of what constitutes a business record

C. Senior management and business-unit owner responsibilities and delegation options

D. No expectation of privacy for e-mail communications, using the organization's resources

E. Consequences for violation of the organization's acceptable-use policy

Correct Answer: D

Question 4

At ABC Corporation, access to critical information resources, such as database and e-mail servers, is controlled by the information-technology (IT) department. The supervisor in the department grants access to printers where the printer is located. Managers grant and revoke rights to files within their departments' directories on the file server, but the IT department controls who has access to the directories. Which type of access-management system is in use at ABC Corporation?

A. Hybrid access management

B. Centralized access management

C. Decentralized access management

D. Role-based access management

E. Privileged access management

Correct Answer: A

Question 5

Which of these choices correctly describe denial-of-service (DoS) attacks? (Choose
THREE.)

A. DoS attacks are nearly impossible to stop, once they begin.

B. DoS attacks free the target system of excessive overhead.

C. DoS attacks do not require attackers to have any privileges on a target system.

D. DoS attacks cause the attacked system to accept legitimate access requests.

E. DoS ties up a system with so many requests, system resources are consumed, and performance degrades.

Correct Answer: A,C,E

Question 6

You are a system administrator for a pool of Web servers. The vendor who sells your Web server posts a patch and sample exploit for a newly discovered vulnerability. You will take all of the actions listed below. Which of the following actions should you take first?

A. Apply the patch to all production servers.

B. Run the sample exploit against a test server.

C. Test the patch on a non-production server.

D. Run the sample exploit against a production server.

E. Test the patch on a production server.

Correct Answer: B

Question 7

Which of the following is NOT a Business Continuity Plan (BCP) recovery strategy?

A. Doing nothing; no action taken to recover the technology

B. Delegating risk to another entity, such as an insurer

C. Deferring action; action waiting until a later date

D. Manual procedures; alternative solution to technology available

E. Reciprocal agreements with another organization

Correct Answer: B

Question 8

Which of the following is an example of a simple, physical-access control?

A. Firewall

B. Lock

C. Background check

D. Access control list

E. Token

Correct Answer: B

Welcome to TestSimulate

CheckPoint Check Point Certified Security Principles Associate (CCSPA) (156-110) Free Practice Test