SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Separation of Duties
MAC - Mandatory Access Control
Cryptanalysis
Ethernet
2. One method that can reduce exposure to malicious code is to ___________________
Logic bombs
Buffer Overflow
run applications as generic accounts with little or no privileges.
Risk Equation
3. ___________________ is responsible for creating security policies and for communicating those policies to system users.
128
ISO
Wild
Log files
4. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Hackers and crackers
Presentation Layer - L6
Polymorphic
Buffer Overflow
5. ________ is the authoritative entity which lists port assignments
Reboot or system startup
All
Buffer Overflow
IANA
6. The IDEA algorithm (used in PGP) is _______ bits long.
IPSEC
Polymorphic
128
All
7. DES - Data Encryption standard has a 128 bit key and is ________
Not very difficult to break.
X.509
NT Audit events
Business enabler
8. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Passfilt.dll
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Social Engineering
SSL
9. Which of the following is NOT and encryption algorithm?
SSL
Passwords
RSA
modems
10. ______________ is a Unix security scanning tool developed at Texas A&M university.
Residual risk
Confidentiality - Availability -Integrity of data
TIGER
Available service ports
11. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Data Hiding
involves only computer to computer transactions
Multi-partite viruses
Gathering digital evidence
12. Cable modems are ___________than DSL connections
Less secure
SSL
Cryptanalysis
Virus definition downloads and system virus scans
13. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Multi-partite viruses
Passfilt.dll
Granularity
Cramming
14. To help managers find the correct cost balance between risks and countermeasures
Verisign - Microsoft - Dell
Separation of Duties
Main goal of a risk management program
SET
15. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Separation of Duties
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Stateful Inspection
Risk Equation
16. S/MIME was developed for the protection of what communication mechanism(s)?
Separation of Duties
Passfilt.dll
Information
Email
17. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Ethernet
IANA
RSA
Layer 3 - Host to Host
18. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Sued for privacy violations
Test virus
Decentralized access control
Cramming
19. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Reboot or system startup
Buffer Overflow
Environmental
RADIUS
20. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
CHAP
CERT - SANS - CERIAS - COAST
Intrusion Detection System
Log files
21. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
Virus definition downloads and system virus scans
Passive network attack
Passwords
22. Information security policies are a ___________________.
Prevent - Recover - Detect
Business enabler
modems
A PGP Signed message
23. Countermeasures' main objectives
Detective
Prevent - Recover - Detect
SET
Intrusion Detection System
24. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
SSL
Prevent - Recover - Detect
NT Audit events
Cramming
25. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Available service ports
Sued for privacy violations
product development life cycle
Data Hiding
26. Which organization(s) are responsible for the timely distribution of information security intelligence data?
MAC - Mandatory Access Control
CERT - SANS - CERIAS - COAST
Salami attack
Hoaxes
27. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Granularity
Wild
Payload
Personal Firewall - IDS - host based - Antivirus
28. A one way hash converts a string of random length into a _______________ encrypted string.
Fixed length
Environmental
IPSEC
DSS - Digital Signature Standard
29. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
Hoaxes
Email
CRACK
30. RSA is not based on a ________
Main goal of a risk management program
Symmetric algorithm
SLE - Single Loss Expectancy
Configuration Control
31. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Symmetric algorithm
Layer 3 - Host to Host
DSS - Digital Signature Standard
32. Macintosh computers are _____ at risk for receiving viruses.
Acceptance - Transfer - Mitigate
Also
involves only computer to computer transactions
SSL
33. There are 65536 _________
Confidentiality
Granularity
Available service ports
Warning Banner
34. A ______________ is an electronically generated record that ties a user's ID to their public key.
IPSEC
Certificate
Wild
product development life cycle
35. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Data Classification
Personal Firewall - IDS - host based - Antivirus
Mobile
Email
36. An attempt to break an encryption algorithm is called _____________.
IPSEC
Verisign - Microsoft - Dell
Cryptanalysis
X.509
37. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
PGP
To make user certificates available to others
Main goal of a risk management program
Social Engineering
38. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Off site in a climate controlled area
ISO
involves only computer to computer transactions
CERT - SANS - CERIAS - COAST
39. Data being delivered from the source to the intended receiver without being altered
Protection of data from unauthorized users
Ethernet
Symmetric algorithm
Sniffer
40. What is the main difference between computer abuse and computer crime?
Data Hiding
Intentions of the perpetrator
Steps in handling incidents
Information
41. A Security Reference Monitor relates to which DoD security standard?
Prevent - Recover - Detect
Host based - network based
Confidentiality - Availability -Integrity of data
C2
42. HTTP - FTP - SMTP reside at which layer of the OSI model?
Authorization
SYN Flooding
Layer 7 - Application
Hoaxes
43. Countermeasures address security concerns in this category
Information
Multi-partite viruses
Passwords
0-1023
44. Combine both boot and file virus behavior
RADIUS
X.509
Multi-partite viruses
Decentralized access control
45. __________ is the most famous Unix password cracking tool.
NT Audit events
Configuration Control
Sued for privacy violations
CRACK
46. Accounting - Authentication - and ____________ are the AAAs of information security.
Passfilt.dll
Password audit
Authorization
SSL
47. A standardized list of the most common security weaknesses and exploits is the __________.
Available service ports
CVE - Common Vulnerabilities and Exposures
Steps in handling incidents
Reboot or system startup
48. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Steps in handling incidents
Reboot or system startup
X.509
49. The ability to identify and audit a user and his / her actions is known as ____________.
Intentions of the perpetrator
Passive network attack
Accountability
Protection of data from unauthorized users
50. They specifically target telephone networks
Layer 7 - Application
SYN Flooding
Verisign - Microsoft - Dell
Phreaks
