SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
128
Depcrypting
Cisco
2. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Sued for privacy violations
Quantitative analysis
Accountability
Hackers and crackers
3. To help managers find the correct cost balance between risks and countermeasures
CRACK
Main goal of a risk management program
Verisign - Microsoft - Dell
Sniffer
4. The IDEA algorithm (used in PGP) is _______ bits long.
128
IPSEC
Quantitative analysis
X.509
5. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Residual risk
DSS - Digital Signature Standard
Ethernet
Buffer Overflow
6. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Granularity
Information
Passfilt.dll
Data Hiding
7. The ultimate goal of a computer forensics specialist is to ___________________.
Unix / Linux based security tools?
Preserve electronic evidence and protect it from any alteration
Wild
Information
8. The most secure method for storing backup tapes is?
Off site in a climate controlled area
Main goal of a risk management program
Cryptanalysis
RSA
9. Remote Access Dial-in User Service
128
SSL
SYN Flooding
RADIUS
10. A type of virus that resides in a Word or Excel document is called a ___________ virus?
RSA
Macro
Available service ports
Email
11. A Security Reference Monitor relates to which DoD security standard?
C2
Risk Equation
Macro
involves only computer to computer transactions
12. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Granularity
Ethernet
Less secure
SYN Flooding
13. A boot sector virus goes to work when what event takes place?
Business enabler
Symmetric algorithm
Cisco
Reboot or system startup
14. The __________ is the most dangerous part of a virus program.
Environmental
Passfilt.dll
Payload
Quantitative analysis
15. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Environmental
Privacy violations
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Passwords
16. MD5 is a ___________ algorithm
Log files
One way hash
Granularity
Residual risk
17. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Not very difficult to break.
CERT - SANS - CERIAS - COAST
Users can gain access to any resource upon request (assuming they have proper permissions)
Configuration Control
18. Digital Certificates use which protocol?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
DAC - Discretionary Access Control
IDEA algorithm
X.509
19. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
IDEA algorithm
product development life cycle
To make user certificates available to others
Hackers and crackers
20. ______________ is a Unix security scanning tool developed at Texas A&M university.
Separation of Duties
TIGER
Privacy violations
Protection of data from unauthorized users
21. Combine both boot and file virus behavior
a good password policy
Multi-partite viruses
Not rigid
product development life cycle
22. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Email
Directive
involves only computer to computer transactions
run applications as generic accounts with little or no privileges.
23. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Risk assessment
Directive
IDEA algorithm
Wild
24. There are 65536 _________
Sniffer
A PGP Signed message
Acceptance - Transfer - Mitigate
Available service ports
25. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Authentication
Cisco
Buffer Overflow
Passive network attack
26. A ______________ is an electronically generated record that ties a user's ID to their public key.
Data Hiding
Host based - network based
Certificate
PGP
27. This free (for personal use) program is used to encrypt and decrypt emails.
Cryptanalysis
PGP
Confidentiality - Availability -Integrity of data
Risk assessment
28. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
IPSEC
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
SET
29. Data being delivered from the source to the intended receiver without being altered
Protection of data from unauthorized users
DAC - Discretionary Access Control
Macro
Sued for privacy violations
30. Which of the following is NOT and encryption algorithm?
Payload
Certificate
Social Engineering
SSL
31. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
NFS
Personal Firewall - IDS - host based - Antivirus
PGP
Biometrics
32. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
RSA
Acceptance - Transfer - Mitigate
Presentation Layer - L6
involves only computer to computer transactions
33. ___________________ is responsible for creating security policies and for communicating those policies to system users.
SLE - Single Loss Expectancy
Password audit
modems
ISO
34. Countermeasures address security concerns in this category
Sued for privacy violations
Reboot or system startup
Stateful Inspection
Information
35. What security principle is based on the division of job responsibilities - designed to prevent fraud?
0-1023
Available service ports
Separation of Duties
Risk Equation
36. ______________ relates to the concept of protecting data from unauthorized users.
IDEA algorithm
Confidentiality
CVE - Common Vulnerabilities and Exposures
Steps in handling incidents
37. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
modems
Gathering digital evidence
Acceptance - Transfer - Mitigate
38. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Main goal of a risk management program
SYN Flooding
Passfilt.dll
Passive network attack
39. HTTP - FTP - SMTP reside at which layer of the OSI model?
Data Hiding
Not rigid
IPSEC
Layer 7 - Application
40. Examples of One- Time Password technology
Separation of Duties
Unix / Linux based security tools?
S/Key - OPIE
Prevent - Recover - Detect
41. These should be done on a weekly basis
Layer 7 - Application
Virus definition downloads and system virus scans
SET
IDEA algorithm
42. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
C2
ISO
43. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Wild
Stateful Inspection
Data Classification
Risk Equation
44. What is the main difference between computer abuse and computer crime?
Intentions of the perpetrator
Polymorphic
NFS
Mobile
45. Stealth viruses live in memory while __________ are written to disk
Logic bombs
Virus definition downloads and system virus scans
Verisign - Microsoft - Dell
Cisco
46. Accounting - Authentication - and ____________ are the AAAs of information security.
Assignment
Authorization
Stateful Inspection
Macro
47. Macintosh computers are _____ at risk for receiving viruses.
Also
Gathering digital evidence
Test virus
Warning Banner
48. Which layer of the OSI model handles encryption?
Preserve electronic evidence and protect it from any alteration
Symmetric algorithm
Hackers and crackers
Presentation Layer - L6
49. Ways to deal with risk.
Acceptance - Transfer - Mitigate
One way hash
RADIUS
Confidentiality
50. Wiretapping is an example of a ________.
Cryptanalysis
Passive network attack
Gathering digital evidence
CHAP
