SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ is a tool used by network administrators to capture packets from a network.
Risk Equation
Off site in a climate controlled area
Separation of Duties
Sniffer
2. Vulnerability x Threat = RISK is an example of the _______________.
Warning banners
Also
Certificate
Risk Equation
3. A ______________ is an electronically generated record that ties a user's ID to their public key.
Certificate
SLE - Single Loss Expectancy
Man In The Middle
Risk Equation
4. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
0-1023
Also
MAC - Mandatory Access Control
5. Data being delivered from the source to the intended receiver without being altered
Presentation Layer - L6
Less secure
Passwords
Protection of data from unauthorized users
6. Organizations that can be a valid Certificate Authority (CA)
Intrusion Detection System
Verisign - Microsoft - Dell
Acceptance - Transfer - Mitigate
Information
7. ______________ is a major component of an overall risk management program.
Risk assessment
Virus definition downloads and system virus scans
RADIUS
NT Audit events
8. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Decentralized access control
Polymorphic
Verisign - Microsoft - Dell
9. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Separation of Duties
CVE - Common Vulnerabilities and Exposures
Granularity
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
10. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
RADIUS
SLE - Single Loss Expectancy
S/Key - OPIE
Password audit
11. One method that can reduce exposure to malicious code is to ___________________
Log files
run applications as generic accounts with little or no privileges.
IDEA algorithm
Accountability
12. Allows File owners to determine access rights.
SET
Decentralized access control
Gathering digital evidence
Risk Equation
13. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Risk assessment
Layer 3 - Host to Host
Sniffer
Acceptance - Transfer - Mitigate
14. An intrusion detection system is an example of what type of countermeasure?
Preserve electronic evidence and protect it from any alteration
Polymorphic
Detective
Macro
15. RSA is not based on a ________
Man In The Middle
Depcrypting
Phreaks
Symmetric algorithm
16. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Layer 3 - Host to Host
S/Key - OPIE
Residual risk
TIGER
17. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Polymorphic
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
involves only computer to computer transactions
Fixed length
18. These should be done on a weekly basis
Decentralized access control
CRACK
Virus definition downloads and system virus scans
Passwords
19. The ultimate goal of a computer forensics specialist is to ___________________.
Payload
Preserve electronic evidence and protect it from any alteration
Layer 7 - Application
Configuration Control
20. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
Sued for privacy violations
Prevent - Recover - Detect
Accountability
21. Stealth viruses live in memory while __________ are written to disk
CHAP
CRACK
Separation of Duties
Logic bombs
22. S/MIME was developed for the protection of what communication mechanism(s)?
Passfilt.dll
Business enabler
Salami attack
Email
23. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Information Security policies
IANA
Test virus
Assignment
24. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Not very difficult to break.
Polymorphic
Layer 7 - Application
Main goal of a risk management program
25. __________ is the most famous Unix password cracking tool.
Symmetric algorithm
Risk assessment
modems
CRACK
26. A true network security audit does include an audit for _____________
Privacy violations
128
Quantitative analysis
modems
27. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
a good password policy
Authorization
Social Engineering
Preserve electronic evidence and protect it from any alteration
28. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Main goal of a risk management program
Stateful Inspection
Data Classification
Cryptanalysis
29. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
Decentralized access control
Password audit
Less secure
30. Information security policies are a ___________________.
C2
Not very difficult to break.
Business enabler
Host based - network based
31. Countermeasures address security concerns in this category
Information
Assignment
Stealth viruses
IPSEC
32. ________ is the authoritative entity which lists port assignments
C2
IANA
One way hash
Stateful Inspection
33. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Mobile
Authentication
Privacy violations
Passfilt.dll
34. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
DAC - Discretionary Access Control
Warning banners
Reboot or system startup
Wild
35. Smart cards are a secure alternative to which weak security mechanism?
Protection of data from unauthorized users
SYN Flooding
Risk Equation
Passwords
36. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Separation of Duties
modems
Users can gain access to any resource upon request (assuming they have proper permissions)
Macro
37. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Protection of data from unauthorized users
Verisign - Microsoft - Dell
NFS
38. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
CERT - SANS - CERIAS - COAST
Unix / Linux based security tools?
CRACK
Depcrypting
39. Cable modems are ___________than DSL connections
Less secure
SET
SYN Flooding
RSA
40. Public keys are used for encrypting messages and private keys are used for __________messages.
Depcrypting
Presentation Layer - L6
Prevent - Recover - Detect
Authentication
41. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Passwords
Assignment
Social Engineering
Confidentiality
42. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Also
Protection of data from unauthorized users
Data Classification
Information
43. They specifically target telephone networks
Mobile
CERT - SANS - CERIAS - COAST
NFS
Phreaks
44. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Warning banners
Payload
MAC - Mandatory Access Control
Layer 3 - Host to Host
45. The __________ is the most dangerous part of a virus program.
Certificate
run applications as generic accounts with little or no privileges.
Risk Equation
Payload
46. Digital Certificates use which protocol?
A PGP Signed message
X.509
C2
Phreaks
47. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Data Hiding
Log files
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Less secure
48. Combine both boot and file virus behavior
Password audit
SSL
NFS
Multi-partite viruses
49. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Biometrics
Macro
CHAP
MAC - Mandatory Access Control
50. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
C2
To make user certificates available to others
Also
Accountability
