SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Separation of Duties
Payload
Ethernet
A PGP Signed message
2. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Residual risk
DAC - Discretionary Access Control
Macro
Ethernet
3. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
DSS - Digital Signature Standard
Passfilt.dll
Business enabler
Passwords
4. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Password audit
CVE - Common Vulnerabilities and Exposures
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
5. So far - no one has been able to crack the ____________ with Brute Force.
IDEA algorithm
Passwords
CVE - Common Vulnerabilities and Exposures
Certificate
6. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
To make user certificates available to others
SSL
Passfilt.dll
Biometrics
7. __________ is a tool used by network administrators to capture packets from a network.
Test virus
Confidentiality - Availability -Integrity of data
Authorization
Sniffer
8. An intrusion detection system is an example of what type of countermeasure?
Wild
Separation of Duties
Warning banners
Detective
9. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Intentions of the perpetrator
Not rigid
Assignment
Not very difficult to break.
10. Examples of One- Time Password technology
modems
Ethernet
S/Key - OPIE
Symmetric algorithm
11. Layer 4 of the OSI model corresponds to which layer of the DoD model?
SET
Ethernet
Layer 7 - Application
Layer 3 - Host to Host
12. It is difficult to prosecute a computer criminal if _________ are not deployed
Sniffer
CHAP
PGP
Warning banners
13. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Reboot or system startup
A PGP Signed message
Sniffer
Off site in a climate controlled area
14. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Password audit
Ethernet
ISO
Preserve electronic evidence and protect it from any alteration
15. ______________ is a major component of an overall risk management program.
Risk Equation
Risk assessment
Personal Firewall - IDS - host based - Antivirus
Biometrics
16. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
SSL
Personal Firewall - IDS - host based - Antivirus
Less secure
CRACK
17. This free (for personal use) program is used to encrypt and decrypt emails.
Cramming
Sniffer
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
PGP
18. The ultimate goal of a computer forensics specialist is to ___________________.
Cryptanalysis
Information Security policies
Preserve electronic evidence and protect it from any alteration
Certificate
19. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Risk Equation
SET
MAC - Mandatory Access Control
Warning Banner
20. Today - ______________ are almost as serious as security violations
Privacy violations
Email
A PGP Signed message
To make user certificates available to others
21. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Reboot or system startup
Biometrics
SYN Flooding
Wild
22. Which of the following is NOT and encryption algorithm?
SET
Warning banners
SSL
CHAP
23. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Main goal of a risk management program
Polymorphic
Sued for privacy violations
Host based - network based
24. Name two types of Intrusion Detection Systems
Mobile
Password audit
Host based - network based
Personal Firewall - IDS - host based - Antivirus
25. ____________ is a file system that was poorly designed and has numerous security flaws.
Directive
NFS
Warning banners
Symmetric algorithm
26. Which range defines 'well known ports?'
Cramming
0-1023
Polymorphic
Unix / Linux based security tools?
27. A Security Reference Monitor relates to which DoD security standard?
Business enabler
Certificate
Fixed length
C2
28. To help managers find the correct cost balance between risks and countermeasures
Man In The Middle
Not very difficult to break.
Cisco
Main goal of a risk management program
29. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
involves only computer to computer transactions
Unix / Linux based security tools?
CERT - SANS - CERIAS - COAST
Passive network attack
30. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
involves only computer to computer transactions
Off site in a climate controlled area
Granularity
Stateful Inspection
31. A ______________ is an electronically generated record that ties a user's ID to their public key.
Intrusion Detection System
Configuration Control
Certificate
run applications as generic accounts with little or no privileges.
32. Identifying specific attempts to penetrate systems is the function of the _______________.
Log files
Stealth viruses
Intrusion Detection System
Acceptance - Transfer - Mitigate
33. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Cramming
Information Security policies
128
Users can gain access to any resource upon request (assuming they have proper permissions)
34. ____ members of the staff need to be educated in disaster recovery procedures.
Information Security policies
All
To make user certificates available to others
DSS - Digital Signature Standard
35. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Users can gain access to any resource upon request (assuming they have proper permissions)
Not rigid
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Prevent - Recover - Detect
36. The ability to identify and audit a user and his / her actions is known as ____________.
Accountability
Business enabler
Prevent - Recover - Detect
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
37. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Depcrypting
product development life cycle
Unix / Linux based security tools?
Main goal of a risk management program
38. Companies can now be __________ just as easily as they can be sued for security compromises.
Stealth viruses
Sued for privacy violations
Protection of data from unauthorized users
Data Classification
39. One method that can reduce exposure to malicious code is to ___________________
Phreaks
run applications as generic accounts with little or no privileges.
Authorization
ISO
40. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Hoaxes
PGP
a good password policy
Information Security policies
41. MD5 is a ___________ algorithm
IPSEC
Hackers and crackers
One way hash
Macro
42. __________ is the most famous Unix password cracking tool.
Authentication
CRACK
Presentation Layer - L6
RADIUS
43. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Granularity
Steps in handling incidents
Mobile
Hoaxes
44. Vulnerability x Threat = RISK is an example of the _______________.
Separation of Duties
Granularity
Risk Equation
Passive network attack
45. Contain - Recover - Review - Identify - Prepare
Logic bombs
Sued for privacy violations
Steps in handling incidents
Preserve electronic evidence and protect it from any alteration
46. These should be done on a weekly basis
RSA
Virus definition downloads and system virus scans
Email
Protection of data from unauthorized users
47. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Warning banners
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Also
CERT - SANS - CERIAS - COAST
48. ________ is the authoritative entity which lists port assignments
IANA
Separation of Duties
a good password policy
CHAP
49. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
0-1023
SYN Flooding
Cisco
MAC - Mandatory Access Control
50. DES - Data Encryption standard has a 128 bit key and is ________
Biometrics
Multi-partite viruses
SYN Flooding
Not very difficult to break.
