SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Ethernet
Intentions of the perpetrator
Host based - network based
CERT - SANS - CERIAS - COAST
2. Which of the following is NOT and encryption algorithm?
IDEA algorithm
Residual risk
Stateful Inspection
SSL
3. ____ members of the staff need to be educated in disaster recovery procedures.
0-1023
All
S/Key - OPIE
MAC - Mandatory Access Control
4. Which of the concepts best describes Availability in relation to computer resources?
S/Key - OPIE
Users can gain access to any resource upon request (assuming they have proper permissions)
Gathering digital evidence
PGP
5. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Mobile
DAC - Discretionary Access Control
Configuration Control
X.509
6. A true network security audit does include an audit for _____________
modems
Quantitative analysis
Passwords
SSL
7. Countermeasures address security concerns in this category
Information
MAC - Mandatory Access Control
Authentication
Not very difficult to break.
8. This free (for personal use) program is used to encrypt and decrypt emails.
PGP
Authorization
Social Engineering
product development life cycle
9. Contain - Recover - Review - Identify - Prepare
Assignment
Steps in handling incidents
Certificate
NT Audit events
10. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Log files
All
SET
Quantitative analysis
11. __________ is the most famous Unix password cracking tool.
RADIUS
Granularity
product development life cycle
CRACK
12. Smart cards are a secure alternative to which weak security mechanism?
SSL
Layer 7 - Application
Off site in a climate controlled area
Passwords
13. Name two types of Intrusion Detection Systems
involves only computer to computer transactions
Accountability
Off site in a climate controlled area
Host based - network based
14. Combine both boot and file virus behavior
PGP
Social Engineering
Multi-partite viruses
Authentication
15. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Unix / Linux based security tools?
Salami attack
All
MAC - Mandatory Access Control
16. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Information
Available service ports
SLE - Single Loss Expectancy
Stateful Inspection
17. Vulnerability x Threat = RISK is an example of the _______________.
Gathering digital evidence
Host based - network based
Phreaks
Risk Equation
18. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Residual risk
Not rigid
Stateful Inspection
Off site in a climate controlled area
19. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Test virus
Cisco
Password audit
Environmental
20. ______________ is a major component of an overall risk management program.
involves only computer to computer transactions
Risk assessment
S/Key - OPIE
Also
21. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Sniffer
Authentication
Cramming
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
22. An attempt to break an encryption algorithm is called _____________.
Cryptanalysis
Stealth viruses
Certificate
Phreaks
23. An intrusion detection system is an example of what type of countermeasure?
Detective
Logic bombs
Polymorphic
Stateful Inspection
24. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
SET
Mobile
Multi-partite viruses
Cramming
25. The __________ is the most dangerous part of a virus program.
Email
Stateful Inspection
Payload
modems
26. The ultimate goal of a computer forensics specialist is to ___________________.
Acceptance - Transfer - Mitigate
Preserve electronic evidence and protect it from any alteration
Passwords
Email
27. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
IANA
Not rigid
All
Macro
28. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Layer 3 - Host to Host
DAC - Discretionary Access Control
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
modems
29. A boot sector virus goes to work when what event takes place?
Confidentiality
Reboot or system startup
Macro
RSA
30. So far - no one has been able to crack the ____________ with Brute Force.
Information Security policies
Gathering digital evidence
IDEA algorithm
DAC - Discretionary Access Control
31. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Not rigid
Granularity
Sued for privacy violations
Personal Firewall - IDS - host based - Antivirus
32. A formula used in Quantitative risk analysis
RADIUS
Passive network attack
Salami attack
SLE - Single Loss Expectancy
33. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Hackers and crackers
Acceptance - Transfer - Mitigate
Confidentiality
Hoaxes
34. A standardized list of the most common security weaknesses and exploits is the __________.
Fixed length
CVE - Common Vulnerabilities and Exposures
S/Key - OPIE
Hackers and crackers
35. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Wild
CRACK
CHAP
SYN Flooding
36. Which layer of the OSI model handles encryption?
Payload
Environmental
Presentation Layer - L6
Not rigid
37. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Available service ports
TIGER
Passfilt.dll
Directive
38. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Warning Banner
Host based - network based
Stealth viruses
39. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Less secure
Salami attack
Layer 7 - Application
40. __________ is a tool used by network administrators to capture packets from a network.
Password audit
CRACK
Sniffer
Macro
41. S/MIME was developed for the protection of what communication mechanism(s)?
Email
RSA
Off site in a climate controlled area
0-1023
42. These should be done on a weekly basis
Passive network attack
Passwords
CHAP
Virus definition downloads and system virus scans
43. Macintosh computers are _____ at risk for receiving viruses.
NT Audit events
Warning Banner
Risk Equation
Also
44. Logon and Logoff - Use of User Rights - Security Policy Change
NT Audit events
Residual risk
CHAP
Configuration Control
45. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
SLE - Single Loss Expectancy
Payload
DSS - Digital Signature Standard
Less secure
46. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Assignment
Reboot or system startup
Sued for privacy violations
Acceptance - Transfer - Mitigate
47. To help managers find the correct cost balance between risks and countermeasures
Main goal of a risk management program
Unix / Linux based security tools?
CERT - SANS - CERIAS - COAST
Not rigid
48. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Stateful Inspection
Gathering digital evidence
Wild
a good password policy
49. What is the main difference between computer abuse and computer crime?
Intentions of the perpetrator
Granularity
S/Key - OPIE
X.509
50. Information security policies are a ___________________.
Cryptanalysis
Presentation Layer - L6
Quantitative analysis
Business enabler
