Latest 156-110 Real Exam Download 61-70



Maintenance of the Business Continuity Plan (BCP) must be integrated with________an organization’s process.

A. Change-control
B. Disaster-recovery
C. Inventory-maintenance
D. Discretionary-budget
E. Compensation-review

Answer: A


A _____________ attack uses multiple systems to launch a coordinated attack.

A. Distributed denial-of-service
B. Teardrop
C. Birthday
D. FTP Bounce
E. Salami

Answer: A


You are considering purchasing a VPN solution to protect your organization’s information assets. The solution you are reviewing uses RFC-compliant and open-standards encryption schemes. The vendor has submitted the system to a variety of recognized testing authorities. The vendor does not make the source code available to testing authorities. Does this solution adhere to the secure design principle of open design?

A. No, because the software vendor could have changed the code after testing,which is not verifiable.
B. No, because the software vendor submitted the software to testing authorities only, and did not make the software available to the public for testing.
C. Yes, because the methods were tested by recognized testing authorities, and the source code is protected from vandalism.
D. Yes, because the methods are open, and the system does not rely on the secrecy of its internal mechanisms to provide protection.
E. No, because if a software vendor refuses to reveal the source code for a product, it cannot comply with the open-design principle.

Answer: D


To comply with the secure design principle of fail-safe defaults, what must a system do if it receives an instruction it does not understand? The system should:

A. send the instruction to a peer server, to see if the peer can execute.
B. not attempt to execute the instruction.
C. close the connection, and refuse all further traffic from the originator.
D. not launch its debugging features, and attempt to resolve the instruction.
E. search for a close match in the instruction set it understands.

Answer: B


Which of the following are enterprise administrative controls? (Choose TWO.)

A. Network access control
B. Facility access control
C. Password authentication
D. Background checks
E. Employee handbooks

Answer: D,E


You are a system administrator managing a pool of database servers. Your software vendor releases a service pack, with many new features. What should you do? (Choose TWO.)

A. Eliminate the testing phase of change control.
B. Read the release notes
C. Refuse to install the service pack.
D. Install the service pack on all production database servers.
E. Install the service pack on a database server, in a test environment.

Answer: B,E


Which type of access management allows subjects to control some access of objects for other subjects?

A. Discretionary
B. Hybrid
C. Mandatory
D. Role-based
E. Nondiscretionary

Answer: A


Why should user populations be segmented?

A. To allow resources to be shared among employees
B. To allow appropriate collaboration, and prevent inappropriate resource sharing
C. To prevent appropriate collaboration
D. To provide authentication services
E. To prevent the generation of audit trails from gateway devices

Answer: B


Public servers are typically placed in the ——— to enhance security.

A. Restricted Entry Zone
B. Open Zone
C. Internet Zone
D. Demilitarized Zone
E. Public Entry Zone

Answer: D


_________ is a smaller, enhanced version of theX.500 protocol. It is used to provide directory-service information. (Choose the BEST answer.)

A. Lightweight Directory Access Protoco
B. X.400 Directory Access Protocol
C. Access control list
D. Lightweight Host Configuration Protoc
E. Role-based access control

Answer: A

Download Latest Checkpoint 156-110 Real Free Tests , help you to pass exam 100%.