Question 1

ABC Corporation's network requires users to authenticate to cross the border firewall, and before entering restricted segments. Servers containing sensitive information require separate authentication. This is an example of which type of access-control method?
A) Single sign-on
B) Decentralized access control
C) Hybrid access control
D) Layered access control
E) Mandatory access control

Accepted Answer

This scenario describes layered access control, where multiple layers of authentication are required at different points in the network to access sensitive information.

Question 2

Which of the following should be included in an enterprise Business Continuity Plan (BCP)? (Choose THREE.)
A) Accidental or intentional data deletion
B) Severe weather disasters
C) Employee terminations
D) Employee administrative leave
E) Minor power outages

Accepted Answer

A Business Continuity Plan should address accidental or intentional data deletion, severe weather disasters, and minor power outages as these events can disrupt business operations and need strategies for continuity and recovery. Employee terminations and administrative leave are typically handled by HR policies rather than BCP.

Question 3

INFOSEC professionals are concerned about providing due care and due diligence. With whom should they consult, when protecting information assets?
A) Law enforcement in their region
B) Senior management, particularly business-unit owners
C) IETF enforcement officials
D) Other INFOSEC professionals
E) Their organizations' legal experts

Accepted Answer

INFOSEC professionals should consult with their organizations' legal experts to ensure that they are taking the appropriate steps to protect information assets.

Question 4

Virtual corporations typically use a(n) ___________ for maintaining centralized information assets.
A) Off-line repository
B) Floppy disk
C) Data warehouse
D) CD-ROM burner
E) Colocation

Accepted Answer

The answer of Virtual corporations typically use a(n) ___________ for...

Question 5

One individual is selected from each department, to attend a security-awareness course. Each person returns to his department, delivering the course to the remainder of the department. After training is complete, each person acts as a peer coach. Which type of training is this?
A) On-line training
B) Formal classroom training
C) Train-the-mentor training
D) Alternating-facilitator training
E) Self-paced training

Accepted Answer

This is an example of train-the-mentor training, where selected individuals are trained and then return to their departments to train others.

Question 6

A __________ posture provides many levels of security possibilities, for access control.
A) Layered defensive
B) Multiple offensive
C) Flat defensive
D) Reactive defensive
E) Proactive offensive

Accepted Answer

A layered defensive posture involves multiple layers of security measures, providing comprehensive access control and protection against various threats.

Question 7

_________ is a type of cryptography, where letters of an original message are systematically rearranged into another sequence.
A) Symmetric-key exchange
B) Steganography
C) Transposition cipher
D) Asymmetric-key encryption
E) Simple substitution cipher

Accepted Answer

A transposition cipher is a method of encryption where the positions of the characters in the plaintext are shifted according to a regular system to form the ciphertext.

Question 8

A(n) __________ occurs when intrusion-detection measures fail to recognize suspicious traffic or activity.
A) False positive
B) False negative
C) CIFS pop-up
D) Threshold
E) Alarm

Accepted Answer

A false negative occurs when intrusion-detection systems fail to identify or alert on suspicious or malicious activity, allowing it to go unnoticed.

Question 9

A(n)___________ is a one-way mathematical function that maps variable values into smaller values of a fixed length.
A) Symmetric key
B) Algorithm
C) Back door
D) Hash function
E) Integrity

Accepted Answer

A hash function is a one-way mathematical function that maps input data of variable size into a fixed-size string of characters, which is typically a sequence of numbers and letters.

Question 10

Maintenance of the Business Continuity Plan (BCP) must be integrated with________an organization's process.
A) Change-control
B) Disaster-recovery
C) Inventory-maintenance
D) Discretionary-budget
E) Compensation-review

Accepted Answer

Change-control processes ensure that any updates or modifications to the Business Continuity Plan are systematically managed and documented, maintaining the plan's relevance and effectiveness.

Question 11

Distinguish between the role of the data owner and the role of the data custodian. Complete the following sentence. The data owner is the:
A) department in the organization responsible for the data's physical storage location. The data custodian is anyone who has access the data for any reason.
B) person or entity who accesses/and or manipulates data or information, in the course of assigned duties. The data custodian is a person or process with the appropriate level of privilege to access the data.
C) person or entity ultimately responsible for the security of an information asset. The data custodian is the person or entity responsible for imposing and enforcing policies and restrictions, dictated by the data owner.
D) person or process that originally creates the information. The data custodian is a role that shifts to any person or process currently accessing the data, and passes to the next person or process to access the data.
E) person or entity responsible for imposing and enforcing policies and restrictions, dictated by the functional user. The data custodian is a person or process who accesses and/or manipulates the information.

Accepted Answer

The data owner is responsible for the security and governance of the data, while the data custodian implements and enforces the policies set by the data owner.

Question 12

A(n) ___________ is the first step for determining which technical information assets should be protected.
A) Network diagram
B) Business Impact Analysis
C) Office floor plan
D) Firewall
E) Intrusion detection system

Accepted Answer

The answer of A(n) ___________ is the first step for...

Question 13

Which of the following best describes the largest security challenge for Remote Offices/Branch Offices?
A) Leased-line security
B) Salami attacks
C) Unauthorized network connectivity
D) Distributed denial-of-service attacks
E) Secure access to remote organizational resources

Accepted Answer

Remote Offices/Branch Offices often face challenges in ensuring secure access to organizational resources, as they need to connect to central systems over potentially insecure networks.

Question 14

Which of the following statements about the maintenance and review of information security policies is NOT true?
A) The review and maintenance of security policies should be tied to the performance evaluations of accountable individuals.
B) Review requirements should be included in the security policies themselves.
C) When business requirements change, security policies should be reviewed to confirm that policies reflect the new business requirements.
D) Functional users and information custodians are ultimately responsible for the accuracy and relevance of information security policies.
E) In the absence of changes to business requirements and processes, information-security policy reviews should be annual.

Accepted Answer

Functional users and information custodians are not ultimately responsible for the accuracy and relevance of information security policies; this responsibility typically lies with the information security team or designated policy owners.

Question 15

What is mandatory sign-on? An authentication method that:
A) uses smart cards, hardware tokens, and biometrics to authenticate users; also known as three-factor authentication
B) requires the use of one-time passwords, so users authenticate only once, with a given set of credentials
C) requires users to re-authenticate at each server and access control
D) stores user credentials locally, so that users need only authenticate the first time a local machine is used
E) allows users to authenticate once, and then uses tokens or other credentials to manage subsequent authentication attempts

Accepted Answer

Mandatory sign-on requires users to re-authenticate at each server and access control, ensuring security by verifying identity at each point of access.

Question 16

Why does the (ISC)2 access-control systems and methodology functional domain address both the confidentiality and integrity aspects of the Information Security Triad? Access-control systems and methodologies:
A) are required standards in health care and banking.
B) provide redundant systems and data backups.
C) control who is allowed to view and modify information.
D) are academic models not suitable for implementation.
E) set standards for acceptable media-storage devices.

Accepted Answer

Access-control systems and methodologies are designed to ensure that only authorized individuals can view (confidentiality) and modify (integrity) information, thus addressing both aspects of the Information Security Triad.

Question 17

The items listed below are examples of ___________ controls. *Procedures and policies *Employee security-awareness training *Employee background checks *Increasing management security awareness
A) Technical
B) Administrative
C) Role-based
D) Mandatory
E) Physical

Accepted Answer

These items are examples of administrative controls, which involve policies, procedures, and training to manage and reduce risk.

Question 18

Enterprise employees working remotely require access to data at an organization's headquarters. Which of the following is the BEST method to transfer this data?
A) Standard e-mail
B) Faxed information
C) Dial-in access behind the enterprise firewall
D) Virtual private network
E) CD-ROMs shipped with updated versions of the data

Accepted Answer

A Virtual Private Network (VPN) is the best method as it provides a secure and encrypted connection over the internet, allowing remote employees to access data safely as if they were directly connected to the organization's internal network.

Question 19

A(n) __________ is an abstract machine, which mediates all access subjects have to objects.
A) ACL
B) Reference monitor
C) State machine
D) TCB
E) Router

Accepted Answer

A reference monitor is an abstract machine that mediates all access subjects have to objects. It is responsible for enforcing the security policy of the system and ensuring that all accesses are authorized.

Question 20

All of the following are possible configurations for a corporate intranet, EXCEPT:
A) Value-added network
B) Wide-area network
C) Campus-area network
D) Metropolitan-area network
E) Local-area network

Accepted Answer

A value-added network (VAN) is a private network provider that enhances services for businesses, typically used for secure data exchange, rather than a configuration for a corporate intranet.

Exam 1: Check Point Certified Security Principles Associate (CCSPA)

ABC Corporation's network requires users to authenticate to cross the border firewall, and before entering restricted segments. Servers containing sensitive information require separate authentication. This is an example of which type of access-control method?

Which of the following should be included in an enterprise Business Continuity Plan (BCP) ? (Choose THREE.)

INFOSEC professionals are concerned about providing due care and due diligence. With whom should they consult, when protecting information assets?

Virtual corporations typically use a(n) ___________ for maintaining centralized information assets.

One individual is selected from each department, to attend a security-awareness course. Each person returns to his department, delivering the course to the remainder of the department. After training is complete, each person acts as a peer coach. Which type of training is this?

A __________ posture provides many levels of security possibilities, for access control.

_________ is a type of cryptography, where letters of an original message are systematically rearranged into another sequence.

A(n) __________ occurs when intrusion-detection measures fail to recognize suspicious traffic or activity.

A(n) ___________ is a one-way mathematical function that maps variable values into smaller values of a fixed length.

Maintenance of the Business Continuity Plan (BCP) must be integrated with________an organization's process.

Distinguish between the role of the data owner and the role of the data custodian. Complete the following sentence. The data owner is the:

A(n) ___________ is the first step for determining which technical information assets should be protected.

Which of the following best describes the largest security challenge for Remote Offices/Branch Offices?

Which of the following statements about the maintenance and review of information security policies is NOT true?

What is mandatory sign-on? An authentication method that:

Why does the (ISC) 2 access-control systems and methodology functional domain address both the confidentiality and integrity aspects of the Information Security Triad? Access-control systems and methodologies:

The items listed below are examples of ___________ controls. Procedures and policies Employee security-awareness training Employee background checks Increasing management security awareness

Enterprise employees working remotely require access to data at an organization's headquarters. Which of the following is the BEST method to transfer this data?

A(n) __________ is an abstract machine, which mediates all access subjects have to objects.

All of the following are possible configurations for a corporate intranet, EXCEPT: