SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Preserve electronic evidence and protect it from any alteration
Personal Firewall - IDS - host based - Antivirus
C2
PGP
2. Countermeasures address security concerns in this category
NFS
Information
Authentication
TIGER
3. S/MIME was developed for the protection of what communication mechanism(s)?
ISO
Intrusion Detection System
Email
Payload
4. ________ is the authoritative entity which lists port assignments
Logic bombs
Depcrypting
Off site in a climate controlled area
IANA
5. Smart cards are a secure alternative to which weak security mechanism?
Passwords
Verisign - Microsoft - Dell
Protection of data from unauthorized users
SET
6. __________ is the most famous Unix password cracking tool.
X.509
CRACK
Cryptanalysis
RADIUS
7. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Acceptance - Transfer - Mitigate
Layer 3 - Host to Host
Sniffer
IPSEC
8. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Man In The Middle
To make user certificates available to others
TIGER
Passwords
9. ___________________ is responsible for creating security policies and for communicating those policies to system users.
ISO
Passwords
C2
Layer 7 - Application
10. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Multi-partite viruses
modems
One way hash
Quantitative analysis
11. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
involves only computer to computer transactions
Stealth viruses
SYN Flooding
Information Security policies
12. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Verisign - Microsoft - Dell
SET
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Separation of Duties
13. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Fixed length
Biometrics
Accountability
Environmental
14. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
CRACK
Configuration Control
Risk Equation
15. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Passwords
Multi-partite viruses
Ethernet
involves only computer to computer transactions
16. Companies can now be __________ just as easily as they can be sued for security compromises.
Sued for privacy violations
128
Authentication
Acceptance - Transfer - Mitigate
17. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
Stateful Inspection
Privacy violations
Intentions of the perpetrator
18. A true network security audit does include an audit for _____________
modems
Hackers and crackers
Authorization
Configuration Control
19. Name two types of Intrusion Detection Systems
Host based - network based
Less secure
PGP
TIGER
20. Remote Access Dial-in User Service
Risk assessment
Data Classification
S/Key - OPIE
RADIUS
21. What is the main difference between computer abuse and computer crime?
Intentions of the perpetrator
CVE - Common Vulnerabilities and Exposures
128
Information
22. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Risk Equation
Reboot or system startup
Confidentiality - Availability -Integrity of data
Warning Banner
23. An intrusion detection system is an example of what type of countermeasure?
Detective
RSA
Off site in a climate controlled area
Logic bombs
24. _______________ supply AV engines with false information to avoid detection
SLE - Single Loss Expectancy
Intentions of the perpetrator
Stealth viruses
Intrusion Detection System
25. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Email
X.509
Unix / Linux based security tools?
Environmental
26. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Risk assessment
Privacy violations
Intrusion Detection System
Social Engineering
27. There are 65536 _________
X.509
SET
Polymorphic
Available service ports
28. To help managers find the correct cost balance between risks and countermeasures
Authorization
modems
Intentions of the perpetrator
Main goal of a risk management program
29. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
IPSEC
Depcrypting
MAC - Mandatory Access Control
Data Classification
30. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Accountability
Residual risk
ISO
Sued for privacy violations
31. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
A PGP Signed message
Virus definition downloads and system virus scans
Information
RADIUS
32. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Not very difficult to break.
Granularity
Warning banners
DSS - Digital Signature Standard
33. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Data Classification
Verisign - Microsoft - Dell
Presentation Layer - L6
Authentication
34. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Unix / Linux based security tools?
Stateful Inspection
Polymorphic
product development life cycle
35. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Warning banners
SET
Information Security policies
Quantitative analysis
36. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Stateful Inspection
Passwords
Payload
Acceptance - Transfer - Mitigate
37. DES - Data Encryption standard has a 128 bit key and is ________
Unix / Linux based security tools?
Not very difficult to break.
Authorization
TIGER
38. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Steps in handling incidents
Configuration Control
Also
Certificate
39. ____________ is a file system that was poorly designed and has numerous security flaws.
Privacy violations
One way hash
Certificate
NFS
40. Logon and Logoff - Use of User Rights - Security Policy Change
Passwords
NT Audit events
Intentions of the perpetrator
Presentation Layer - L6
41. HTTP - FTP - SMTP reside at which layer of the OSI model?
Layer 7 - Application
Passive network attack
Data Hiding
Not very difficult to break.
42. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Buffer Overflow
IPSEC
Depcrypting
SSL
43. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Less secure
Sniffer
Warning banners
DAC - Discretionary Access Control
44. Cable modems are ___________than DSL connections
DSS - Digital Signature Standard
RADIUS
Less secure
Separation of Duties
45. Vulnerability x Threat = RISK is an example of the _______________.
RSA
Preserve electronic evidence and protect it from any alteration
Risk Equation
Main goal of a risk management program
46. Macintosh computers are _____ at risk for receiving viruses.
Hackers and crackers
C2
Also
Risk Equation
47. These should be done on a weekly basis
Virus definition downloads and system virus scans
Protection of data from unauthorized users
Biometrics
Macro
48. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Unix / Linux based security tools?
Log files
Wild
Separation of Duties
49. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
IDEA algorithm
CRACK
One way hash
Password audit
50. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Certificate
SET
Also
Cramming