SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ______________ is a major component of an overall risk management program.
Risk assessment
0-1023
CRACK
All
2. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Hoaxes
Data Classification
SYN Flooding
X.509
3. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Salami attack
Symmetric algorithm
Information Security policies
Gathering digital evidence
4. Digital Certificates use which protocol?
Not rigid
X.509
Hoaxes
Detective
5. ____________ is a file system that was poorly designed and has numerous security flaws.
Decentralized access control
CRACK
MAC - Mandatory Access Control
NFS
6. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Detective
Buffer Overflow
Presentation Layer - L6
RADIUS
7. Which range defines 'well known ports?'
Fixed length
0-1023
Off site in a climate controlled area
modems
8. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Residual risk
Personal Firewall - IDS - host based - Antivirus
Phreaks
Information Security policies
9. A Security Reference Monitor relates to which DoD security standard?
All
Passfilt.dll
C2
Stateful Inspection
10. To help managers find the correct cost balance between risks and countermeasures
Residual risk
Authorization
Main goal of a risk management program
Phreaks
11. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
product development life cycle
Decentralized access control
Mobile
Also
12. A formula used in Quantitative risk analysis
DSS - Digital Signature Standard
128
SLE - Single Loss Expectancy
Cisco
13. DES - Data Encryption standard has a 128 bit key and is ________
Quantitative analysis
Privacy violations
Main goal of a risk management program
Not very difficult to break.
14. __________ is a tool used by network administrators to capture packets from a network.
Ethernet
Risk assessment
Sniffer
Sued for privacy violations
15. The ultimate goal of a computer forensics specialist is to ___________________.
X.509
Directive
Wild
Preserve electronic evidence and protect it from any alteration
16. RSA is not based on a ________
Symmetric algorithm
Available service ports
Less secure
Also
17. HTTP - FTP - SMTP reside at which layer of the OSI model?
SLE - Single Loss Expectancy
Password audit
Off site in a climate controlled area
Layer 7 - Application
18. Allows File owners to determine access rights.
Mobile
Social Engineering
PGP
Decentralized access control
19. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Information Security policies
Information
Polymorphic
SET
20. They specifically target telephone networks
Phreaks
Steps in handling incidents
Off site in a climate controlled area
Fixed length
21. Contain - Recover - Review - Identify - Prepare
Passwords
Host based - network based
Steps in handling incidents
Biometrics
22. The IDEA algorithm (used in PGP) is _______ bits long.
Multi-partite viruses
128
a good password policy
Fixed length
23. Macintosh computers are _____ at risk for receiving viruses.
Also
Preserve electronic evidence and protect it from any alteration
Phreaks
Not rigid
24. _______________ supply AV engines with false information to avoid detection
Stealth viruses
Layer 7 - Application
Layer 3 - Host to Host
Man In The Middle
25. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Not rigid
Off site in a climate controlled area
RSA
ISO
26. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
128
Warning Banner
S/Key - OPIE
Data Classification
27. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Wild
Passfilt.dll
Information Security policies
Unix / Linux based security tools?
28. Remote Access Dial-in User Service
Protection of data from unauthorized users
RADIUS
Email
Password audit
29. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
TIGER
Multi-partite viruses
Log files
Sued for privacy violations
30. Wiretapping is an example of a ________.
Sniffer
Macro
Confidentiality
Passive network attack
31. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Separation of Duties
product development life cycle
Environmental
IANA
32. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Buffer Overflow
Risk Equation
Hoaxes
Passwords
33. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
IDEA algorithm
Payload
Configuration Control
Granularity
34. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
run applications as generic accounts with little or no privileges.
Confidentiality
X.509
Unix / Linux based security tools?
35. __________ is the most famous Unix password cracking tool.
One way hash
CRACK
CVE - Common Vulnerabilities and Exposures
Risk Equation
36. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Data Classification
Hackers and crackers
Buffer Overflow
NFS
37. ________ is the authoritative entity which lists port assignments
C2
TIGER
IANA
Configuration Control
38. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
SET
modems
Man In The Middle
Warning banners
39. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Password audit
Steps in handling incidents
Accountability
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
40. Which of the concepts best describes Availability in relation to computer resources?
128
Data Classification
Users can gain access to any resource upon request (assuming they have proper permissions)
Environmental
41. These should be done on a weekly basis
Social Engineering
All
Virus definition downloads and system virus scans
Steps in handling incidents
42. A boot sector virus goes to work when what event takes place?
Logic bombs
Macro
Separation of Duties
Reboot or system startup
43. Data being delivered from the source to the intended receiver without being altered
Protection of data from unauthorized users
Layer 3 - Host to Host
Main goal of a risk management program
SYN Flooding
44. Which of the following is NOT and encryption algorithm?
Gathering digital evidence
SSL
Personal Firewall - IDS - host based - Antivirus
DAC - Discretionary Access Control
45. Logon and Logoff - Use of User Rights - Security Policy Change
Hoaxes
Layer 7 - Application
NT Audit events
DAC - Discretionary Access Control
46. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
Cramming
Configuration Control
Passwords
47. Ways to deal with risk.
Presentation Layer - L6
Hackers and crackers
Granularity
Acceptance - Transfer - Mitigate
48. Committing computer crimes in such small doses that they almost go unnoticed.
NT Audit events
Passfilt.dll
MAC - Mandatory Access Control
Salami attack
49. ______________ is a Unix security scanning tool developed at Texas A&M university.
modems
PGP
Wild
TIGER
50. There are 65536 _________
All
ISO
Available service ports
modems
