Deck 1: Check Point Certified Security Principles Associate (CCSPA)

A) Parallel
B) Full interruption
C) Checklist
D) Structured walkthrough
E) Simulation

A) Attempts by insiders to perform appropriate acts, on information assets to which they have been given rights or permissions.
B) Attempts by insiders to access resources, without proper access rights
C) Attempts by insiders to access external resources, without proper access rights.
D) Attempts by insiders to perform inappropriate acts, on external information assets to which they have been given rights or permissions.
E) Attempts by insiders to perform inappropriate acts, on information assets to which they have been given rights or permissions.

A) Reviewing IDS alerts
B) Reviewing performance logs
C) Reviewing IDS logs
D) Reviewing audit logs
E) Reviewing system logs

A) Elevate
B) Assume
C) Deny
D) Transfer
E) Mitigate

A) Security-awareness training
B) Information Security (INFOSEC) briefings
C) Acceptable-use policies
D) Continuing education
E) Nondisclosure agreements

A) End-user license agreement
B) Nondisclosure agreement
C) Acceptable use policy
D) Security policy
E) Business continuity plan

A) Private data must remain internal to an organization.
B) Data must be consistent between ROBO sites and headquarters.
C) Users must be educated about appropriate security policies.
D) Improvised solutions must provide the level of protection required.
E) Data must remain available to all remote offices.

A) Sequence Verifier
B) Initial sequence number
C) Address spoofing
D) Time to Live
E) IP ID field

A) Standard e-mail
B) Fax machine
C) Virtual private network
D) Bonded courier
E) Telephone

A) Most small businesses employ a full-time information-technology staff.
B) Resources are available as needed.
C) Small businesses have security personnel on staff.
D) Most employees have experience with information security.
E) Security budgets are very small.

A) Managed Security Gateway
B) Access control lists on a router
C) Personal firewall
D) Network intrusion-detection system
E) Anti-virus software

A) significantly reduce the chance information will be modified by unauthorized entities.
B) only be used to protect data in transit. Encryption provides no protection to stored data.
C) allow private information to be sent over public networks, in relative safety.
D) significantly reduce the chance information will be viewed by unauthorized entities.
E) prevent information from being destroyed by malicious entities, while in transit.

A) AES
B) Blowfish
C) DES
D) CAST
E) Triple DES

A) False Rejection Rate
B) User Acceptance Rate
C) Crossover Error Rate
D) False Acceptance Rate
E) Enrollment Failure Rate

A) Hire an investigation agency to run background checks.
B) Verify all dates of previous employment.
C) question candidates, using polygraphs, n
D) Contact personal and professional references.
E) Run criminal-background checks.

A) Discretionary
B) Role-based
C) Nondiscretionary
D) Hybrid
E) Mandatory

A) Asset Value x % Of Loss From Realized Exposure
B) Asset Value x % Of Loss From Realized Threat
C) Annualized Rate of Occurrence / Annualized Loss Expectancy
D) Asset Value x % Of Loss From Realized Vulnerability
E) Annualized Rate of Occurrence x Annualized Loss Expectancy

A) Discover the information daily activities yield.
B) Meet with adversaries.
C) Perform business impact analysis surveys.
D) Scrutinize their organizations' daily activities.
E) Analyze indicators, to determine the information an adversary can glean both from routine and nonroutine activities.

A) Pattern matching
B) Statistical anomaly
C) Behavioral analysis
D) Host
E) Network

A) Single sign-on
B) Decentralized access control
C) Hybrid access control
D) Layered access control
E) Mandatory access control

A) Accidental or intentional data deletion
B) Severe weather disasters
C) Employee terminations
D) Employee administrative leave
E) Minor power outages

A) Law enforcement in their region
B) Senior management, particularly business-unit owners
C) IETF enforcement officials
D) Other INFOSEC professionals
E) Their organizations' legal experts

A) Off-line repository
B) Floppy disk
C) Data warehouse
D) CD-ROM burner
E) Colocation

A) On-line training
B) Formal classroom training
C) Train-the-mentor training
D) Alternating-facilitator training
E) Self-paced training

A) Layered defensive
B) Multiple offensive
C) Flat defensive
D) Reactive defensive
E) Proactive offensive

A) Symmetric-key exchange
B) Steganography
C) Transposition cipher
D) Asymmetric-key encryption
E) Simple substitution cipher

A) False positive
B) False negative
C) CIFS pop-up
D) Threshold
E) Alarm

A) Symmetric key
B) Algorithm
C) Back door
D) Hash function
E) Integrity

A) Change-control
B) Disaster-recovery
C) Inventory-maintenance
D) Discretionary-budget
E) Compensation-review

A) department in the organization responsible for the data's physical storage location. The data custodian is anyone who has access the data for any reason.
B) person or entity who accesses/and or manipulates data or information, in the course of assigned duties. The data custodian is a person or process with the appropriate level of privilege to access the data.
C) person or entity ultimately responsible for the security of an information asset. The data custodian is the person or entity responsible for imposing and enforcing policies and restrictions, dictated by the data owner.
D) person or process that originally creates the information. The data custodian is a role that shifts to any person or process currently accessing the data, and passes to the next person or process to access the data.
E) person or entity responsible for imposing and enforcing policies and restrictions, dictated by the functional user. The data custodian is a person or process who accesses and/or manipulates the information.

A) Network diagram
B) Business Impact Analysis
C) Office floor plan
D) Firewall
E) Intrusion detection system

A) Leased-line security
B) Salami attacks
C) Unauthorized network connectivity
D) Distributed denial-of-service attacks
E) Secure access to remote organizational resources

A) The review and maintenance of security policies should be tied to the performance evaluations of accountable individuals.
B) Review requirements should be included in the security policies themselves.
C) When business requirements change, security policies should be reviewed to confirm that policies reflect the new business requirements.
D) Functional users and information custodians are ultimately responsible for the accuracy and relevance of information security policies.
E) In the absence of changes to business requirements and processes, information-security policy reviews should be annual.

A) uses smart cards, hardware tokens, and biometrics to authenticate users; also known as three-factor authentication
B) requires the use of one-time passwords, so users authenticate only once, with a given set of credentials
C) requires users to re-authenticate at each server and access control
D) stores user credentials locally, so that users need only authenticate the first time a local machine is used
E) allows users to authenticate once, and then uses tokens or other credentials to manage subsequent authentication attempts

A) are required standards in health care and banking.
B) provide redundant systems and data backups.
C) control who is allowed to view and modify information.
D) are academic models not suitable for implementation.
E) set standards for acceptable media-storage devices.

A) Technical
B) Administrative
C) Role-based
D) Mandatory
E) Physical

A) Standard e-mail
B) Faxed information
C) Dial-in access behind the enterprise firewall
D) Virtual private network
E) CD-ROMs shipped with updated versions of the data

A) ACL
B) Reference monitor
C) State machine
D) TCB
E) Router

A) Value-added network
B) Wide-area network
C) Campus-area network
D) Metropolitan-area network
E) Local-area network

A) Identification
B) Authentication
C) Authorization
D) Validation
E) Biometrics

A) Authentication
B) Secure key-exchange mechanisms
C) Public Web site access
D) Data-integrity checking
E) Sneaker net

A) Separation of privilege
B) Least common mechanism
C) Complete mediation
D) Open design
E) Economy of mechanism

A) Enter user data in a spreadsheet.
B) Implement centralized access control.
C) Deploy Kerberos.
D) Place them in a centralized Lightweight Directory Access Protocol.
E) Use a Domain Name System.

A) To allow resources to be shared among employees
B) To allow appropriate collaboration, and prevent inappropriate resource sharing
C) To prevent appropriate collaboration
D) To provide authentication services
E) To prevent the generation of audit trails from gateway devices

A) Records-retention procedure
B) Acceptable-use policy
C) Organizational security policy
D) Security policy mission statement
E) Service level agreement

A) ICMPtraffic
B) Peak traffic
C) Fragmented packets
D) Insufficient bandwidth
E) Burst traffic

A) Network access control
B) Facility access control
C) Password authentication
D) Background checks
E) Employee handbooks

A) When new functional users join an organization
B) On the anniversary of the procedures' implementation
C) Each time procedures are used
D) Whenever business processes are modified
E) When new exploits and attacks are discovered

A) Partial-knowledge test
B) Full-knowledge test
C) Zero-knowledge test

A) Distributed denial-of-service
B) Teardrop
C) Birthday
D) FTP Bounce
E) Salami

A) To reduce the level of broadcast traffic on physical segments.
B) To ensure that anyone accessing a resource has appropriate integrity.
C) To automate the creation of access control lists and Trusted Computing Bases.
D) To enforce access controls, and clearly separate resources from each other.
E) To make people buy more computers than they really need.

A) Customers and clients
B) Accounting, information-technology, and auditing staff
C) Managers and C-level executives
D) Only appropriate information-technology personnel
E) Only the maintenance staff

A) Patches may re-enable services previously disabled.
B) Patches are a kind of virus.
C) Patches always overwrite user data.
D) Only patches on vendor-pressed CDs can be trusted.
E) Patches usually break important system functionality.

A) No, because the software vendor could have changed the code after testing, which is not verifiable.
B) No, because the software vendor submitted the software to testing authorities only, and did not make the software available to the public for testing.
C) Yes, because the methods were tested by recognized testing authorities, and the source code is protected from vandalism.
D) Yes, because the methods are open, and the system does not rely on the secrecy of its internal mechanisms to provide protection.
E) No, because if a software vendor refuses to reveal the source code for a product, it cannot comply with the open-design principle.

A) Real-world examples
B) Exaggeration
C) Ranked threats
D) quantified risks
E) Temperate manner

A) Eliminate the testing phase of change control.
B) Read the release notes
C) Refuse to install the service pack.
D) Install the service pack on all production database servers.
E) Install the service pack on a database server, in a test environment.

A) Restricted Entry Zone
B) Open Zone
C) Internet Zone
D) Demilitarized Zone
E) Public Entry Zone

A) Information systems
B) Shipping and receiving
C) Marketing
D) Requesting department
E) Chief Information Officer

A) Create a survey for managers, to see if participants practice behaviors presented during training.
B) Provide feedback forms for employees to rate instruction and training material, immediately after training has ended.
C) Include auditors before and after the training. This checks to see if the number of security-related incidents is reduced, because of the training.
D) Give incentives to employees who attend security-awareness training. Perform spot-checks, to see if incentives are displayed.
E) Test employees on security concepts several months after training has ended.