156-110 Checkpoint Exam Questions and Answers

Question 1

What type of document contains information on alternative business locations, IT resources, and personnel?

A. End-user license agreement
B. Nondisclosure agreement
C. Acceptable use policy
D. Security policy
E. Business continuity plan

Answer : E

Question 2

Distinguish between the role of the data owner and the role of the data custodian. Complete the following sentence. The data owner is the:

A. department in the organization responsible for the data's physical storage location. The data custodian is anyone who has access the data for any reason.
B. person or entity who accesses/and or manipulates data or information, in the course of assigned duties. The data custodian is a person or process with the appropriate level of privilege to access the data.
C. person or entity ultimately responsible for the security of an information asset. The data custodian is the person or entity responsible for imposing and enforcing policies and restrictions, dictated by the data owner.
D. person or process that originally creates the information. The data custodian is a role that shifts to any person or process currently accessing the data, and passes to the next person or process to access the data.
E. person or entity responsible for imposing and enforcing policies and restrictions, dictated by the functional user. The data custodian is a person or process who accesses and/or manipulates the information.

Answer : C

Question 3

Which of the following is NOT a concern for enterprise physical security?

A. Network Intrusion Detection Systems
B. Social engineering
C. Dumpster diving
D. Property theft
E. Unauthorized access to a facility

Answer : A

Question 4

A(n) _____________ is a quantitative review of risks, to determine how an organization continue to function, in the event a risk is realized. .

A. Monitored risk process
B. Disaster-recovery plan
C. Business impact analysis
D. Full interruption test
E. Information security audit

Answer : C

Question 5

A(n)___________ is a one-way mathematical function that maps variable values into smaller values of a fixed length.

A. Symmetric key
B. Algorithm
C. Back door
D. Hash function
E. Integrity

Answer : D

Question 6

At ABC Corporation, access to critical information resources, such as database and e-mail servers, is controlled by the information-technology (IT) department. The supervisor in the department grants access to printers where the printer is located. Managers grant and revoke rights to files within their departments' directories on the file server, but the IT department controls who has access to the directories. Which type of access-management system is in use at ABC Corporation?

A. Centralized access management
B. Role-based access management
C. Hybrid access management
D. Decentralized access management
E. Privileged access management

Answer : C

Question 7

One individual is selected from each department, to attend a security-awareness course. Each person returns to his department, delivering the course to the remainder of the department. After training is complete, each person acts as a peer coach. Which type of training is this?

A. On-line training
B. Formal classroom training
C. Train-the-mentor training
D. Alternating-facilitator training
E. Self-paced training

Answer : C

Question 8

Which of the following are common failures that should be addressed in an (BCP) ? (Choose THREE.)

A. Connectivity failures
B. Accounting failures
C. Hardware failures
D. Utility failures
E. Personal failures

Answer : ACD

Question 9

Which of the following is an example of a simple, physical-access control?

A. Lock
B. Access control list
C. Background check
D. Token
E. Firewall

Answer : A

Question 10

Which of the following should be included in an enterprise Business Continuity Plan (BCP)? (Choose THREE.)

A. Accidental or intentional data deletion
B. Severe weather disasters
C. Employee terminations
D. Employee administrative leave
E. Minor power outages

Answer : ABE

Question 11

A __________ posture provides many levels of security possibilities, for access control.

A. Layered defensive
B. Multiple offensive
C. Flat defensive
D. Reactive defensive
E. Proactive offensive

Answer : A

Question 12

A(n) ___________ is the first step for determining which technical information assets should be protected.

A. Network diagram
B. Business Impact Analysis
C. Office floor plan
D. Firewall
E. Intrusion detection system

Answer : A

Question 13

Which of the following statements about the maintenance and review of information security policies is NOT true?

A. The review and maintenance of security policies should be tied to the performance evaluations of accountable individuals.
B. Review requirements should be included in the security policies themselves.
C. When business requirements change, security policies should be reviewed to confirm that policies reflect the new business requirements.
D. Functional users and information custodians are ultimately responsible for the accuracy and relevance of information security policies.
E. In the absence of changes to business requirements and processes, information-security policy reviews should be annual.

Answer : D

Question 14

_________ is a type of cryptography, where letters of an original message are systematically rearranged into another sequence.

A. Symmetric-key exchange
B. Steganography
C. Transposition cipher
D. Asymmetric-key encryption
E. Simple substitution cipher

Answer : C

Question 15

A(n) __________ is an abstract machine, which mediates all access subjects have to objects.

A. ACL
B. Reference monitor
C. State machine
D. TCB
E. Router

Answer : B

Check Point Certified Security Principles Associate (CCSPA) v1.0

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Talk to us!