SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
One way hash
Data Classification
Not rigid
Passfilt.dll
2. The __________ is the most dangerous part of a virus program.
Privacy violations
Payload
Symmetric algorithm
NT Audit events
3. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Detective
Macro
DSS - Digital Signature Standard
Certificate
4. These should be done on a weekly basis
Virus definition downloads and system virus scans
Cryptanalysis
Acceptance - Transfer - Mitigate
CVE - Common Vulnerabilities and Exposures
5. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Gathering digital evidence
involves only computer to computer transactions
modems
6. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
Off site in a climate controlled area
RADIUS
Users can gain access to any resource upon request (assuming they have proper permissions)
7. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
Personal Firewall - IDS - host based - Antivirus
SYN Flooding
Protection of data from unauthorized users
8. A true network security audit does include an audit for _____________
Data Hiding
Passwords
CERT - SANS - CERIAS - COAST
modems
9. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Accountability
Depcrypting
One way hash
Cramming
10. Name two types of Intrusion Detection Systems
Steps in handling incidents
Cramming
One way hash
Host based - network based
11. The most secure method for storing backup tapes is?
Off site in a climate controlled area
Intentions of the perpetrator
Virus definition downloads and system virus scans
Wild
12. Allows File owners to determine access rights.
Confidentiality - Availability -Integrity of data
Multi-partite viruses
Decentralized access control
TIGER
13. ________ is the authoritative entity which lists port assignments
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Detective
IANA
A PGP Signed message
14. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SET
Cisco
Directive
SSL
15. Organizations that can be a valid Certificate Authority (CA)
a good password policy
Risk assessment
Biometrics
Verisign - Microsoft - Dell
16. They specifically target telephone networks
Phreaks
Residual risk
128
Less secure
17. _______________ supply AV engines with false information to avoid detection
NFS
Stealth viruses
Cisco
Protection of data from unauthorized users
18. DES - Data Encryption standard has a 128 bit key and is ________
Layer 7 - Application
Not very difficult to break.
Personal Firewall - IDS - host based - Antivirus
Confidentiality
19. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Hoaxes
Passfilt.dll
IPSEC
X.509
20. Which layer of the OSI model handles encryption?
Steps in handling incidents
Presentation Layer - L6
To make user certificates available to others
Decentralized access control
21. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Less secure
Email
a good password policy
MAC - Mandatory Access Control
22. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Data Classification
Test virus
Passwords
Assignment
23. Countermeasures' main objectives
Confidentiality
Prevent - Recover - Detect
CVE - Common Vulnerabilities and Exposures
Protection of data from unauthorized users
24. Vulnerability x Threat = RISK is an example of the _______________.
All
Depcrypting
Risk Equation
Sued for privacy violations
25. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Passwords
Personal Firewall - IDS - host based - Antivirus
Detective
Cryptanalysis
26. The ability to identify and audit a user and his / her actions is known as ____________.
Accountability
TIGER
NT Audit events
Host based - network based
27. Examples of One- Time Password technology
Presentation Layer - L6
S/Key - OPIE
Test virus
Cramming
28. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
S/Key - OPIE
Passwords
Risk assessment
Information Security policies
29. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Biometrics
Unix / Linux based security tools?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
0-1023
30. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Layer 3 - Host to Host
Data Hiding
Stealth viruses
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
31. It is difficult to prosecute a computer criminal if _________ are not deployed
IDEA algorithm
Hackers and crackers
Log files
Warning banners
32. Macintosh computers are _____ at risk for receiving viruses.
One way hash
Also
Personal Firewall - IDS - host based - Antivirus
Unix / Linux based security tools?
33. A Security Reference Monitor relates to which DoD security standard?
C2
SSL
RSA
Intentions of the perpetrator
34. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Environmental
Hoaxes
Passwords
Layer 3 - Host to Host
35. ______________ is a major component of an overall risk management program.
Risk assessment
Decentralized access control
CERT - SANS - CERIAS - COAST
Preserve electronic evidence and protect it from any alteration
36. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Email
Users can gain access to any resource upon request (assuming they have proper permissions)
Wild
Quantitative analysis
37. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Stateful Inspection
Buffer Overflow
Acceptance - Transfer - Mitigate
Data Classification
38. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Layer 7 - Application
128
ISO
To make user certificates available to others
39. Companies can now be __________ just as easily as they can be sued for security compromises.
Detective
Sued for privacy violations
IDEA algorithm
Multi-partite viruses
40. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Off site in a climate controlled area
Configuration Control
Payload
41. Stealth viruses live in memory while __________ are written to disk
Logic bombs
Privacy violations
Business enabler
product development life cycle
42. There are 65536 _________
Available service ports
Decentralized access control
Acceptance - Transfer - Mitigate
Warning Banner
43. Identifying specific attempts to penetrate systems is the function of the _______________.
IPSEC
Intrusion Detection System
Information Security policies
Sued for privacy violations
44. A ______________ is an electronically generated record that ties a user's ID to their public key.
Data Classification
Certificate
Biometrics
Accountability
45. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Preserve electronic evidence and protect it from any alteration
Salami attack
Data Hiding
Cryptanalysis
46. Accounting - Authentication - and ____________ are the AAAs of information security.
Log files
Granularity
Authorization
Passive network attack
47. __________ is the most famous Unix password cracking tool.
modems
CRACK
IDEA algorithm
Polymorphic
48. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Assignment
Data Hiding
Authorization
One way hash
49. Countermeasures address security concerns in this category
Information
PGP
Layer 3 - Host to Host
Residual risk
50. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Not very difficult to break.
Ethernet
Main goal of a risk management program
Not rigid