SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. So far - no one has been able to crack the ____________ with Brute Force.
128
SSL
Buffer Overflow
IDEA algorithm
2. Public keys are used for encrypting messages and private keys are used for __________messages.
Confidentiality - Availability -Integrity of data
Sniffer
Depcrypting
Virus definition downloads and system virus scans
3. What is the main difference between computer abuse and computer crime?
Man In The Middle
Separation of Duties
Log files
Intentions of the perpetrator
4. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Authentication
Intrusion Detection System
Confidentiality - Availability -Integrity of data
5. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Biometrics
involves only computer to computer transactions
DSS - Digital Signature Standard
Quantitative analysis
6. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
IDEA algorithm
DSS - Digital Signature Standard
Accountability
Authorization
7. The IDEA algorithm (used in PGP) is _______ bits long.
RSA
128
Protection of data from unauthorized users
Acceptance - Transfer - Mitigate
8. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
Sniffer
Unix / Linux based security tools?
CHAP
9. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
CERT - SANS - CERIAS - COAST
A PGP Signed message
Confidentiality
10. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
One way hash
0-1023
a good password policy
Wild
11. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Accountability
To make user certificates available to others
Preserve electronic evidence and protect it from any alteration
12. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Main goal of a risk management program
Intentions of the perpetrator
IPSEC
Phreaks
13. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Business enabler
Virus definition downloads and system virus scans
Macro
14. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Fixed length
Stateful Inspection
Intentions of the perpetrator
Less secure
15. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Unix / Linux based security tools?
Stealth viruses
Layer 3 - Host to Host
Payload
16. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
Wild
Prevent - Recover - Detect
A PGP Signed message
17. Stealth viruses live in memory while __________ are written to disk
Layer 7 - Application
Preserve electronic evidence and protect it from any alteration
Logic bombs
To make user certificates available to others
18. These should be done on a weekly basis
Cryptanalysis
involves only computer to computer transactions
Virus definition downloads and system virus scans
Fixed length
19. To help managers find the correct cost balance between risks and countermeasures
Presentation Layer - L6
One way hash
Prevent - Recover - Detect
Main goal of a risk management program
20. Logon and Logoff - Use of User Rights - Security Policy Change
Confidentiality - Availability -Integrity of data
CERT - SANS - CERIAS - COAST
Man In The Middle
NT Audit events
21. There are 65536 _________
Intrusion Detection System
Risk Equation
Available service ports
Cramming
22. Combine both boot and file virus behavior
Warning Banner
Multi-partite viruses
Symmetric algorithm
Business enabler
23. ____________ is a file system that was poorly designed and has numerous security flaws.
Confidentiality
S/Key - OPIE
Salami attack
NFS
24. One method that can reduce exposure to malicious code is to ___________________
Biometrics
run applications as generic accounts with little or no privileges.
A PGP Signed message
Cramming
25. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Logic bombs
Layer 3 - Host to Host
Quantitative analysis
Off site in a climate controlled area
26. _______________ supply AV engines with false information to avoid detection
Stealth viruses
SLE - Single Loss Expectancy
X.509
Log files
27. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
A PGP Signed message
Residual risk
Not very difficult to break.
Warning Banner
28. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Log files
Data Classification
PGP
IANA
29. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
Phreaks
Layer 3 - Host to Host
Business enabler
30. A one way hash converts a string of random length into a _______________ encrypted string.
Fixed length
Not very difficult to break.
Payload
DAC - Discretionary Access Control
31. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
A PGP Signed message
Privacy violations
Data Classification
Hoaxes
32. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Authorization
Mobile
Quantitative analysis
Available service ports
33. A Security Reference Monitor relates to which DoD security standard?
C2
Payload
SLE - Single Loss Expectancy
Passwords
34. The __________ is the most dangerous part of a virus program.
Man In The Middle
Payload
Available service ports
IDEA algorithm
35. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
IPSEC
SSL
C2
Ethernet
36. Vulnerability x Threat = RISK is an example of the _______________.
Decentralized access control
Risk Equation
Log files
CRACK
37. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
To make user certificates available to others
Test virus
Virus definition downloads and system virus scans
MAC - Mandatory Access Control
38. ______________ is a Unix security scanning tool developed at Texas A&M university.
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Quantitative analysis
TIGER
0-1023
39. ___________________ is responsible for creating security policies and for communicating those policies to system users.
PGP
CERT - SANS - CERIAS - COAST
Logic bombs
ISO
40. Allows File owners to determine access rights.
Decentralized access control
Unix / Linux based security tools?
Privacy violations
PGP
41. An intrusion detection system is an example of what type of countermeasure?
Verisign - Microsoft - Dell
Presentation Layer - L6
Directive
Detective
42. Ways to deal with risk.
Ethernet
Verisign - Microsoft - Dell
Biometrics
Acceptance - Transfer - Mitigate
43. Digital Certificates use which protocol?
CVE - Common Vulnerabilities and Exposures
Host based - network based
X.509
128
44. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
involves only computer to computer transactions
CVE - Common Vulnerabilities and Exposures
Man In The Middle
45. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Decentralized access control
PGP
Warning Banner
SYN Flooding
46. Main goals of an information security program
IDEA algorithm
SET
Confidentiality - Availability -Integrity of data
MAC - Mandatory Access Control
47. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
Detective
Prevent - Recover - Detect
ISO
48. MD5 is a ___________ algorithm
Man In The Middle
Available service ports
One way hash
a good password policy
49. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
A PGP Signed message
a good password policy
CHAP
Password audit
50. ______________ is a major component of an overall risk management program.
CRACK
Risk assessment
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Steps in handling incidents
