When should procedures be evaluated?
A. When new functional users join an organization
B. On the anniversary of the procedures’ implementation
C. Each time procedures are used
D. Whenever business processes are modified
E. When new exploits and attacks are discovered
Which principle of secure design states that a security mechanism’s methods must be testable?
A. Separation of privilege
B. Least common mechanism
C. Complete mediation
D. Open design
E. Economy of mechanism
Which of these strategies can be employed to test training effectiveness? (Choose THREE.)
A. Create a survey for managers, to see if participants practice behaviors presented during training.
B. Provide feedback forms for employees to rate instruction and training material, immediately after training has ended.
C. Include auditors before and after the training. This checks to see if the number of security-related incidents is reduced, because of the training.
D. Give incentives to employees who attend security-awareness training. Perform spot-checks, to see if incentives are displayed.
E. Test employees on security concepts several months after training has ended.
Which of the following represents a valid reason for testing a patch on a non-production system, before applying it to a production system?
A. Patches may re-enable services previously disabled.
B. Patches are a kind of virus.
C. Patches always overwrite user data.
D. Only patches on vendor-pressed CDs can be trusted.
E. Patches usually break important system functionality.
The items listed below are examples of ___________ controls.
*Smart cards *Access control lists *Authentication servers *Auditing
Which of the following are appropriate uses of asymmetric encryption? (Choose THREE.)
B. Secure key-exchange mechanisms
C. Public Web site access
D. Data-integrity checking
E. Sneaker net
———- is the process of conforming that implemented security safeguards work as expected.
A. Penetration testing
D. A vulnerability
E. A countermeasure
What is single sign-on? An authentication method:
A. that allows users to authenticate once, and then uses tokens or other credentials to manage subsequent authentication attempts
B. that stores user credentials locally, so that users need only authenticate the first time, a local machine is used
C. requiring the use of one-time passwords, so users authenticate only once, with a given set of credentials.
D. that uses smart cards, hardware tokens, and biometrics to authenticate users; also known as three-factor authentication
E. that requires users to re-authenticate for every resource accessed
——- can mimic the symptoms of a denial-of-service attack, and the resulting loss in productivity can be no less devastating to an organization.
B. Peak traffic
C. Fragmented packets
D. Insufficient bandwidth
E. Burst traffic
Why should the number of services on a server be limited to required services?
A. Every open service represents a potential vulnerability.
B. Closed systems require special connectivity services.
C. Running extra services makes machines more efficient.
D. All services are inherently stable and secure.
E. Additional services make machines more secure.
Download Latest Checkpoint 156-110 Real Free Tests , help you to pass exam 100%.