SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
SLE - Single Loss Expectancy
DAC - Discretionary Access Control
Logic bombs
2. Public keys are used for encrypting messages and private keys are used for __________messages.
Depcrypting
DAC - Discretionary Access Control
Residual risk
Certificate
3. These should be done on a weekly basis
Virus definition downloads and system virus scans
One way hash
Risk assessment
involves only computer to computer transactions
4. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Hackers and crackers
involves only computer to computer transactions
Stateful Inspection
Certificate
5. A boot sector virus goes to work when what event takes place?
a good password policy
Reboot or system startup
Acceptance - Transfer - Mitigate
Sniffer
6. A standardized list of the most common security weaknesses and exploits is the __________.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Buffer Overflow
CVE - Common Vulnerabilities and Exposures
Authorization
7. _______________ supply AV engines with false information to avoid detection
Environmental
Virus definition downloads and system virus scans
Stealth viruses
To make user certificates available to others
8. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
X.509
Stateful Inspection
Wild
Payload
9. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Logic bombs
RADIUS
Cryptanalysis
Hoaxes
10. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Protection of data from unauthorized users
SYN Flooding
Directive
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
11. One method that can reduce exposure to malicious code is to ___________________
Protection of data from unauthorized users
run applications as generic accounts with little or no privileges.
Social Engineering
Data Hiding
12. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Residual risk
SYN Flooding
modems
Not very difficult to break.
13. Which of the concepts best describes Availability in relation to computer resources?
Gathering digital evidence
SYN Flooding
Users can gain access to any resource upon request (assuming they have proper permissions)
Configuration Control
14. Allows File owners to determine access rights.
Decentralized access control
Configuration Control
MAC - Mandatory Access Control
Detective
15. It is difficult to prosecute a computer criminal if _________ are not deployed
Buffer Overflow
RSA
Warning banners
Directive
16. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Information Security policies
Virus definition downloads and system virus scans
involves only computer to computer transactions
Host based - network based
17. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
CVE - Common Vulnerabilities and Exposures
MAC - Mandatory Access Control
Passfilt.dll
Stateful Inspection
18. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
Unix / Linux based security tools?
Less secure
MAC - Mandatory Access Control
19. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Quantitative analysis
Warning Banner
Stealth viruses
Unix / Linux based security tools?
20. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Confidentiality - Availability -Integrity of data
NT Audit events
Assignment
To make user certificates available to others
21. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Symmetric algorithm
Quantitative analysis
Mobile
Also
22. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
ISO
Warning Banner
CERT - SANS - CERIAS - COAST
product development life cycle
23. ______________ is a Unix security scanning tool developed at Texas A&M university.
CRACK
Off site in a climate controlled area
a good password policy
TIGER
24. A ______________ is an electronically generated record that ties a user's ID to their public key.
0-1023
Fixed length
128
Certificate
25. Examples of One- Time Password technology
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
ISO
Detective
S/Key - OPIE
26. ________ is the authoritative entity which lists port assignments
IANA
Gathering digital evidence
Decentralized access control
DSS - Digital Signature Standard
27. This free (for personal use) program is used to encrypt and decrypt emails.
Gathering digital evidence
PGP
Depcrypting
Also
28. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
modems
Passive network attack
Configuration Control
ISO
29. A one way hash converts a string of random length into a _______________ encrypted string.
Fixed length
Stateful Inspection
Quantitative analysis
Steps in handling incidents
30. Which range defines 'well known ports?'
Verisign - Microsoft - Dell
CRACK
0-1023
involves only computer to computer transactions
31. Companies can now be __________ just as easily as they can be sued for security compromises.
Hackers and crackers
Intrusion Detection System
Warning banners
Sued for privacy violations
32. The ability to identify and audit a user and his / her actions is known as ____________.
Business enabler
DAC - Discretionary Access Control
Authorization
Accountability
33. Wiretapping is an example of a ________.
Main goal of a risk management program
Risk assessment
Passive network attack
X.509
34. A formula used in Quantitative risk analysis
Separation of Duties
CRACK
SLE - Single Loss Expectancy
Symmetric algorithm
35. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Log files
Passfilt.dll
Configuration Control
CRACK
36. Accounting - Authentication - and ____________ are the AAAs of information security.
Intrusion Detection System
Authorization
Granularity
Users can gain access to any resource upon request (assuming they have proper permissions)
37. Macintosh computers are _____ at risk for receiving viruses.
Also
128
Warning banners
Personal Firewall - IDS - host based - Antivirus
38. Which layer of the OSI model handles encryption?
Main goal of a risk management program
Unix / Linux based security tools?
Presentation Layer - L6
SYN Flooding
39. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Macro
Unix / Linux based security tools?
Verisign - Microsoft - Dell
S/Key - OPIE
40. Name two types of Intrusion Detection Systems
Host based - network based
SLE - Single Loss Expectancy
Personal Firewall - IDS - host based - Antivirus
Stealth viruses
41. HTTP - FTP - SMTP reside at which layer of the OSI model?
ISO
Layer 7 - Application
Sued for privacy violations
Decentralized access control
42. Ways to deal with risk.
Host based - network based
S/Key - OPIE
Acceptance - Transfer - Mitigate
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
43. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Man In The Middle
Layer 7 - Application
Logic bombs
Wild
44. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Acceptance - Transfer - Mitigate
Also
CERT - SANS - CERIAS - COAST
Assignment
45. A type of virus that resides in a Word or Excel document is called a ___________ virus?
A PGP Signed message
Accountability
Layer 7 - Application
Macro
46. IKE - Internet Key Exchange is often used in conjunction with what security standard?
product development life cycle
Off site in a climate controlled area
IPSEC
Payload
47. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Presentation Layer - L6
Residual risk
S/Key - OPIE
Hoaxes
48. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Warning Banner
Log files
Accountability
DSS - Digital Signature Standard
49. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
CHAP
Authorization
Biometrics
Test virus
50. An intrusion detection system is an example of what type of countermeasure?
Layer 3 - Host to Host
Multi-partite viruses
Detective
Sued for privacy violations
