Get yourself composed for Microsoft actual exam and upgrade your skills with Flydumps Checkpoint 156-110 practice test products. Once you have practiced through our assessment material, familiarity on Checkpoint 156-110 exam domains get a significant boost. Flydumps practice tests enable you to raise your performance level and assure the guaranteed success for Checkpoint 156-110 exam .
QUESTION 22
Which of these choices correctly describe denial-of-service (DoS) attacks? (Choose THREE.)
A. DoS attacks do not require attackers to have any privileges on a target system.
B. DoS attacks are nearly impossible to stop, once they begin.
C. DoS attacks free the target system of excessive overhead.
D. DoS ties up a system with so many requests, system resources are consumed, and performance degrades.
E. DoS attacks cause the attacked system to accept legitimate access requests.
Correct Answer: ABD
QUESTION 23
Which of the following is NOT a restriction, for partners accessing internal corporate resources through an extranet?
A. Preventing modification of restricted information
B. Using restricted programs, to access databases and other information resources
C. Allowing access from any location
D. Preventing access to any network resource, other than those explicitly permitted
E. Viewing inventory levels for partner products only
Correct Answer: C
QUESTION 24
A(n) __________________________ is issued by senior management, and defines an organization’s security goals.
A. Records-retention procedure
B. Acceptable-use policy
C. Organizational security policy
D. Security policy mission statement
E. Service level agreement
Correct Answer: D
QUESTION 25
_______________________________ occurs when an individual or process acquires a higher level of privilege, or access, than originally intended.
A. Security Triad
B. Privilege aggregation
C. Need-to-know
D. Privilege escalation
E. Least privilege
Correct Answer: D
QUESTION 26
_________ is a smaller, enhanced version of the X.500 protocol. It is used to provide directory-service information. (Choose the BEST answer.)
A. Lightweight Directory Access Protocol
B. X.400 Directory Access Protocol
C. Access control list
D. Lightweight Host Configuration Protocol
E. Role-based access control
Correct Answer: A
QUESTION 27
Which of the following is an integrity requirement for Remote Offices/Branch Offices (ROBOs)?
A. Private data must remain internal to an organization.
B. Data must be consistent between ROBO sites and headquarters.
C. Users must be educated about appropriate security policies.
D. Improvised solutions must provide the level of protection required.
E. Data must remain available to all remote offices.
Correct Answer: B
QUESTION 28
____________________ are the people who consume, manipulate, and produce information assets.
A. Information asset owners
B. Business-unit owners
C. Audit-control groups
D. Information custodians
E. Functional users
Correct Answer: E
QUESTION 29
You are a system administrator managing a pool of database servers. Your software vendor releases a service pack, with many new features. What should you do? (Choose TWO.)
A. Eliminate the testing phase of change control.
B. Read the release notes.
C. Refuse to install the service pack.
D. Install the service pack on all production database servers.
E. Install the service pack on a database server, in a test environment.
Correct Answer: BE
QUESTION 30
Enterprise employees working remotely require access to data at an organization’s headquarters. Which of the following is the BEST method to transfer this data?
A. Standard e-mail
B. Faxed information
C. Dial-in access behind the enterprise firewall
D. Virtual private network
E. CD-ROMs shipped with updated versions of the data
Correct Answer: D
QUESTION 31
_______ is the process of confirming that implemented security safeguards work as expected.
A. Penetration testing
B. Exploitation
C. Baselining
D. A vulnerability
E. A countermeasure
Correct Answer: A
QUESTION 32
A _______ attack uses multiple systems to launch a coordinated attack.
A. Distributed denial-of-service
B. Teardrop
C. Birthday
D. FTP Bounce
E. Salami
Correct Answer: A
QUESTION 33
What must system administrators do when they cannot access a complete replica of their production environment for testing?
A. Extrapolate results from a limited subset.
B. Eliminate the testing phase of change control.
C. Request additional hardware and software.
D. Refuse to implement change requests.
E. Deploy directly to the production environment.
Correct Answer: A
QUESTION 34
Which of the following entities review partner-extranet requirements?
A. Information systems
B. Shipping and receiving
C. Marketing
D. Requesting department
E. Chief Information Officer
Correct Answer: D
QUESTION 35
Which type of Business Continuity Plan (BCP) test involves practicing aspects of the BCP, without actually interrupting operations or bringing an alternate site on-line?
A. Structured walkthrough
B. Checklist
C. Simulation
D. Full interruption
E. Parallel
Correct Answer: C
QUESTION 36
Which of these strategies can be employed to test training effectiveness? (Choose THREE.)
A. Create a survey for managers, to see if participants practice behaviors presented during training.
B. Provide feedback forms for employees to rate instruction and training material, immediately after training has ended.
C. Include auditors before and after the training. This checks to see if the number of security-related incidents is reduced, because of the training.
D. Give incentives to employees who attend security-awareness training. Perform spot-checks, to see if incentives are displayed.
E. Test employees on security concepts several months after training has ended.
Correct Answer: ACE
QUESTION 37
_________________ is the process of subjects establishing who they are to an access control.
A. Identification
B. Authentication
C. Authorization
D. Validation
E. Biometrics
Correct Answer: A
QUESTION 38
Public servers are typically placed in the _______, to enhance security.
A. Restricted Entry Zone
B. Open Zone
C. Internet Zone
D. Demilitarized Zone
E. Public Entry Zone
Correct Answer: D
QUESTION 39
_______ involves gathering pieces of information and drawing a conclusion, whose sensitivity exceeds any of the individual pieces of information.
A. Inference
B. Social engineering
C. Movement analysis
D. Communication-pattern analysis
E. Aggregation
Correct Answer: E
QUESTION 40
When should procedures be evaluated?
A. When new functional users join an organization
B. On the anniversary of the procedures’ implementation
C. Each time procedures are used
D. Whenever business processes are modified
E. When new exploits and attacks are discovered
Correct Answer: D
QUESTION 41
If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the organization’s e-mail policy?
A. Technologies and methods used to monitor and enforce the organization’s policies
B. Senior management and business-unit owner responsibilities and delegation options
C. Clear, legally defensible definition of what constitutes a business record
D. Consequences for violation of the organization’s acceptable-use policy
E. No expectation of privacy for e-mail communications, using the organization’s resources
Correct Answer: E
QUESTION 42
Which of the following are common failures that should be addressed in an organization’s Business Continuity Plan (BCP) ? (Choose THREE.)
A. Connectivity failures
B. Accounting failures
C. Hardware failures
D. Utility failures
E. Personal failures
Correct Answer: ACD
QUESTION 43
Which TWO of the following items should be accomplished, when interviewing candidates for a position within an organization?
A. Hire an investigation agency to run background checks.
B. Verify all dates of previous employment.
C. Question candidates, using polygraphs.
D. Contact personal and professional references.
E. Run criminal-background checks.
Correct Answer: BD QUESTION 44
A _______ _______ posture provides many levels of security possibilities, for access control.
A. Layered defensive
B. Multiple offensive
C. Flat defensive
D. Reactive defensive
E. Proactive offensive
Correct Answer: A
QUESTION 45
At ABC Corporation, access to critical information resources, such as database and e-mail servers, is controlled by the information-technology (IT) department. The supervisor in the department grants access to printers where the printer is located. Managers grant and revoke rights to files within their departments’ directories on the file server, but the IT department controls who has access to the directories. Which type of access-management system is in use at ABC Corporation?
A. Centralized access management
B. Role-based access management
C. Hybrid access management
D. Decentralized access management
E. Privileged access management
Correct Answer: C
QUESTION 46
Embedding symbols in images or common items, such as pictures or quilts, is an example of __________.
A. Espionage
B. Transposition cipher
C. Key exchange
D. Arithmancy
E. Steganography
Correct Answer: E
QUESTION 47
Why should each system user and administrator have individual accounts? (Choose TWO.)
A. Using generic user names and passwords increases system security and reliability.
B. Using separate accounts for each user reduces resource consumption, particularly disk space.
C. By using individual login names and passwords, user actions can be traced.
D. If users do not have individual login names, processes can automatically run with root/administrator access.
E. A generic user name and password for users and security administrators provides anonymity, which prevents useful logging and auditing.
Correct Answer: CE
QUESTION 48
A(n) _______ occurs when intrusion-detection measures fail to recognize suspicious traffic or activity.
A. False positive
B. False negative
C. CIFS pop-up
D. Threshold
E. Alarm
Correct Answer: B
QUESTION 49
What is single sign-on? An authentication method:
A. that allows users to authenticate once, and then uses tokens or other credentials to manage subsequent authentication attempts
B. that stores user credentials locally, so that users need only authenticate the first time, a local machine is used
C. requiring the use of one-time passwords, so users authenticate only once, with a given set of credentials.
D. that uses smart cards, hardware tokens, and biometrics to authenticate users; also known as three-factor authentication
E. that requires users to re-authenticate for every resource accessed
Correct Answer: A
QUESTION 50
Which of the following is NOT a Business Continuity Plan (BCP) recovery strategy?
A. Delegating risk to another entity, such as an insurer
B. Manual procedures; alternative solution to technology available
C. Deferring action; action waiting until a later date
D. Reciprocal agreements with another organization
E. Doing nothing; no action taken to recover the technology
Correct Answer: A
Preparing Checkpoint 156-110 exam is not difficult now.You can prepare from Checkpoint 156-110 Certification or Checkpoint 156-110 dumps.Here we have mentioned some sample questions.You can use our Checkpoint 156-110 study material notes for test preparation. Latest Checkpoint 156-110 study material available.
