Weekend Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Activedumpsnet Logo
  1. Home
  2. Checkpoint
  3. Checkpoint Other Certification
  4. 156-110
  5. 156-110 - Check Point Certified Security Principles Associate (CCSPA)

Checkpoint 156-110 Check Point Certified Security Principles Associate (CCSPA) Exam Practice Test

Page: 1 / 10
Total 100 questions
Get 156-110 Full Access Download 156-110 PDF

Check Point Certified Security Principles Associate (CCSPA) Questions and Answers

Question 1

One individual is selected from each department, to attend a security-awareness course. Each person returns to his department, delivering the course to the remainder of the department. After training is complete, each person acts as a peer coach. Which type of training is this?

Options:

A.

On-line training

B.

Formal classroom training

C.

Train-the-mentor training

D.

Alternating-facilitator training

E.

Self-paced training

Question 2

What is mandatory sign-on? An authentication method that:

Options:

A.

uses smart cards, hardware tokens, and biometrics to authenticate users; also known as three-factor authentication

B.

requires the use of one-time passwords, so users authenticate only once, with a given set of credentials

C.

requires users to re-authenticate at each server and access control

D.

stores user credentials locally, so that users need only authenticate the first time a local machine is used

E.

allows users to authenticate once, and then uses tokens or other credentials to manage subsequent authentication attempts

Question 3

_______ involves gathering pieces of information and drawing a conclusion, whose sensitivity exceeds any of the individual pieces of information.

Options:

A.

Inference

B.

Social engineering

C.

Movement analysis

D.

Communication-pattern analysis

E.

Aggregation

Question 4

Which of the following should be included in an enterprise Business Continuity Plan (BCP)? (Choose THREE.)

Options:

A.

Accidental or intentional data deletion

B.

Severe weather disasters

C.

Employee terminations

D.

Employee administrative leave

E.

Minor power outages

Question 5

_______ intrusion-detection systems learn the behavior of a machine or network, and create a baseline.

Options:

A.

Behavioral analysis

B.

Statistical anomaly

C.

Network

D.

Pattern matching

E.

Host

Question 6

Which of the following are appropriate uses of asymmetric encryption? (Choose THREE.)

Options:

A.

Authentication

B.

Secure key-exchange mechanisms

C.

Public Web site access

D.

Data-integrity checking

E.

Sneaker net

Question 7

You are considering purchasing a VPN solution to protect your organization's information assets. The solution you are reviewing uses RFC-compliant and open-standards encryption schemes. The vendor has submitted the system to a variety of recognized testing authorities. The vendor does not make the source code available to testing authorities. Does this solution adhere to the secure design principle of open design?

Options:

A.

No, because the software vendor could have changed the code after testing, which is not verifiable.

B.

No, because the software vendor submitted the software to testing authorities only, and did not make the software available to the public for testing.

C.

Yes, because the methods were tested by recognized testing authorities, and the source code is protected from vandalism.

D.

Yes, because the methods are open, and the system does not rely on the secrecy of its internal mechanisms to provide protection.

E.

No, because if a software vendor refuses to reveal the source code for a product, it cannot comply with the open-design principle.

Question 8

If a firewall receives traffic not explicitly permitted by its security policy, what should the firewall do?

Options:

A.

Nothing

B.

Do not log and drop the traffic.

C.

Log and drop the traffic.

D.

Log and pass the traffic.

E.

Do not log and pass the traffic.

Question 9

Public servers are typically placed in the _______, to enhance security.

Options:

A.

Restricted Entry Zone

B.

Open Zone

C.

Internet Zone

D.

Demilitarized Zone

E.

Public Entry Zone

Question 10

Which of the following entities review partner-extranet requirements?

Options:

A.

Information systems

B.

Shipping and receiving

C.

Marketing

D.

Requesting department

E.

Chief Information Officer

Question 11

_______ intrusion detection involves comparing traffic to known characteristics of malicious traffic, known as attack signatures.

Options:

A.

Pattern matching

B.

Statistical anomaly

C.

Behavioral analysis

D.

Host

E.

Network

Question 12

At ABC Corporation, access to critical information resources, such as database and e-mail servers, is controlled by the information-technology (IT) department. The supervisor in the department grants access to printers where the printer is located. Managers grant and revoke rights to files within their departments' directories on the file server, but the IT department controls who has access to the directories. Which type of access-management system is in use at ABC Corporation?

Options:

A.

Centralized access management

B.

Role-based access management

C.

Hybrid access management

D.

Decentralized access management

E.

Privileged access management

Question 13

When should procedures be evaluated?

Options:

A.

When new functional users join an organization

B.

On the anniversary of the procedures' implementation

C.

Each time procedures are used

D.

Whenever business processes are modified

E.

When new exploits and attacks are discovered

Question 14

How is bogus information disseminated?

Options:

A.

Adversaries sort through trash to find information.

B.

Adversaries use anomalous traffic patterns as indicators of unusual activity. They will employ other methods, such as social engineering, to discover the cause of the noise.

C.

Adversaries use movement patterns as indicators of activity.

D.

Adversaries take advantage of a person's trust and goodwill.

E.

Seemingly, unimportant pieces of data may yield enough information to an adversary, for him to disseminate incorrect information and sound authoritative.

Question 15

Which of these metrics measure how a biometric device performs, when attempting to authenticate subjects? (Choose THREE.)

Options:

A.

False Rejection Rate

B.

User Acceptance Rate

C.

Crossover Error Rate

D.

False Acceptance Rate

E.

Enrollment Failure Rate

Load More 156-110 Questions 
Page: 1 / 10
Total 100 questions
Get 156-110 Full Access Download 156-110 PDF