SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
DAC - Discretionary Access Control
Not very difficult to break.
SET
2. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
C2
128
All
3. A standardized list of the most common security weaknesses and exploits is the __________.
Multi-partite viruses
Quantitative analysis
RADIUS
CVE - Common Vulnerabilities and Exposures
4. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
ISO
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
CHAP
Prevent - Recover - Detect
5. Smart cards are a secure alternative to which weak security mechanism?
Passwords
Reboot or system startup
Acceptance - Transfer - Mitigate
Ethernet
6. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Risk assessment
Cisco
TIGER
SET
7. Allows File owners to determine access rights.
Data Hiding
Decentralized access control
All
Hoaxes
8. A one way hash converts a string of random length into a _______________ encrypted string.
Passfilt.dll
Fixed length
Password audit
A PGP Signed message
9. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
SYN Flooding
Layer 3 - Host to Host
modems
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
10. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Also
CRACK
ISO
Logic bombs
11. ______________ is a Unix security scanning tool developed at Texas A&M university.
Granularity
Presentation Layer - L6
TIGER
DAC - Discretionary Access Control
12. These should be done on a weekly basis
Authentication
IDEA algorithm
Cramming
Virus definition downloads and system virus scans
13. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Preserve electronic evidence and protect it from any alteration
128
Business enabler
Layer 3 - Host to Host
14. DES - Data Encryption standard has a 128 bit key and is ________
Main goal of a risk management program
Not very difficult to break.
Reboot or system startup
Authentication
15. One method that can reduce exposure to malicious code is to ___________________
Personal Firewall - IDS - host based - Antivirus
run applications as generic accounts with little or no privileges.
Man In The Middle
Password audit
16. Remote Access Dial-in User Service
RADIUS
Password audit
Warning Banner
Certificate
17. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Warning banners
SET
128
18. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Hoaxes
Granularity
Wild
modems
19. Today - ______________ are almost as serious as security violations
Privacy violations
SLE - Single Loss Expectancy
Not rigid
Phreaks
20. An intrusion detection system is an example of what type of countermeasure?
Detective
Intentions of the perpetrator
128
Man In The Middle
21. A Security Reference Monitor relates to which DoD security standard?
Decentralized access control
Reboot or system startup
Information
C2
22. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
Test virus
Data Hiding
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
23. To help managers find the correct cost balance between risks and countermeasures
Main goal of a risk management program
modems
Data Hiding
MAC - Mandatory Access Control
24. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
MAC - Mandatory Access Control
Personal Firewall - IDS - host based - Antivirus
CERT - SANS - CERIAS - COAST
Password audit
25. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Certificate
Business enabler
MAC - Mandatory Access Control
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
26. They specifically target telephone networks
Phreaks
Buffer Overflow
IANA
Quantitative analysis
27. Data being delivered from the source to the intended receiver without being altered
Users can gain access to any resource upon request (assuming they have proper permissions)
Protection of data from unauthorized users
Personal Firewall - IDS - host based - Antivirus
SSL
28. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Data Hiding
Stateful Inspection
RADIUS
Hackers and crackers
29. Combine both boot and file virus behavior
ISO
Biometrics
Multi-partite viruses
Warning banners
30. Committing computer crimes in such small doses that they almost go unnoticed.
Polymorphic
Salami attack
Verisign - Microsoft - Dell
Confidentiality
31. _______________ supply AV engines with false information to avoid detection
Passwords
Stealth viruses
Payload
run applications as generic accounts with little or no privileges.
32. Vulnerability x Threat = RISK is an example of the _______________.
Risk Equation
Gathering digital evidence
Main goal of a risk management program
Log files
33. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
product development life cycle
Multi-partite viruses
Sniffer
34. What is the main difference between computer abuse and computer crime?
S/Key - OPIE
Cryptanalysis
PGP
Intentions of the perpetrator
35. Information security policies are a ___________________.
Business enabler
Multi-partite viruses
Accountability
Decentralized access control
36. Which of the concepts best describes Availability in relation to computer resources?
Residual risk
Available service ports
Users can gain access to any resource upon request (assuming they have proper permissions)
ISO
37. Ways to deal with risk.
Passfilt.dll
Acceptance - Transfer - Mitigate
128
Log files
38. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Polymorphic
X.509
Information Security policies
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
39. The ultimate goal of a computer forensics specialist is to ___________________.
Preserve electronic evidence and protect it from any alteration
Depcrypting
Test virus
Main goal of a risk management program
40. IKE - Internet Key Exchange is often used in conjunction with what security standard?
IDEA algorithm
Mobile
A PGP Signed message
IPSEC
41. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
A PGP Signed message
Unix / Linux based security tools?
CRACK
Confidentiality
42. __________ is the most famous Unix password cracking tool.
CRACK
SYN Flooding
Detective
RSA
43. Cable modems are ___________than DSL connections
Social Engineering
Stealth viruses
Less secure
Warning banners
44. HTTP - FTP - SMTP reside at which layer of the OSI model?
Data Hiding
Cryptanalysis
Polymorphic
Layer 7 - Application
45. Which of the following is NOT and encryption algorithm?
SSL
Separation of Duties
Certificate
Wild
46. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
All
X.509
One way hash
Ethernet
47. Countermeasures' main objectives
CERT - SANS - CERIAS - COAST
Passfilt.dll
Prevent - Recover - Detect
MAC - Mandatory Access Control
48. ____________ is a file system that was poorly designed and has numerous security flaws.
involves only computer to computer transactions
NFS
RSA
C2
49. An attempt to break an encryption algorithm is called _____________.
Cryptanalysis
Macro
Information Security policies
Wild
50. Macintosh computers are _____ at risk for receiving viruses.
Also
SSL
Personal Firewall - IDS - host based - Antivirus
product development life cycle
