156-110 Check Point Certified Security Principles Associate (CCSPA) Questions and Answers

Create a survey for managers, to see if participants practice behaviors presented during training.

Provide feedback forms for employees to rate instruction and training material, immediately after training has ended.

Include auditors before and after the training. This checks to see if the number of security-related incidents is reduced, because of the training.

Give incentives to employees who attend security-awareness training. Perform spot-checks, to see if incentives are displayed.

Test employees on security concepts several months after training has ended.

Identification

Authentication

Authorization

Validation

Biometrics

Single sign-on

Decentralized access control

Hybrid access control

Layered access control

Mandatory access control

Real-world examples

Exaggeration

Ranked threats

Quantified risks

Temperate manner

Private data must remain internal to an organization.

Data must be consistent between ROBO sites and headquarters.

Users must be educated about appropriate security policies.

Improvised solutions must provide the level of protection required.

Data must remain available to all remote offices.

Network firewall

Security administrator

Domain controller

Certificate Authority

Hash function

Extrapolate results from a limited subset.

Eliminate the testing phase of change control.

Request additional hardware and software.

Refuse to implement change requests.

Deploy directly to the production environment.

Authentication

Secure key-exchange mechanisms

Public Web site access

Data-integrity checking

Sneaker net

significantly reduce the chance information will be modified by unauthorized entities.

only be used to protect data in transit. Encryption provides no protection to stored data.

allow private information to be sent over public networks, in relative safety.

significantly reduce the chance information will be viewed by unauthorized entities.

prevent information from being destroyed by malicious entities, while in transit.

Covert channel

Integrity axiom

Simple rule violation

Inferred fact

Aggregated data set

Information asset owners

Business-unit owners

Audit-control groups

Information custodians

Functional users

Hire an investigation agency to run background checks.

Verify all dates of previous employment.

Question candidates, using polygraphs.

Contact personal and professional references.

Run criminal-background checks.