SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
C2
Layer 7 - Application
Prevent - Recover - Detect
2. _______________ supply AV engines with false information to avoid detection
Warning banners
Sniffer
Directive
Stealth viruses
3. Examples of One- Time Password technology
Decentralized access control
S/Key - OPIE
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Symmetric algorithm
4. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Authorization
Biometrics
Unix / Linux based security tools?
Password audit
5. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Acceptance - Transfer - Mitigate
Users can gain access to any resource upon request (assuming they have proper permissions)
0-1023
6. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Multi-partite viruses
RSA
Business enabler
Unix / Linux based security tools?
7. To help managers find the correct cost balance between risks and countermeasures
Main goal of a risk management program
Risk Equation
NT Audit events
Decentralized access control
8. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
CHAP
Ethernet
Also
Not very difficult to break.
9. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
Multi-partite viruses
Information
Quantitative analysis
10. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
Configuration Control
run applications as generic accounts with little or no privileges.
Decentralized access control
11. Companies can now be __________ just as easily as they can be sued for security compromises.
CRACK
Sued for privacy violations
Not very difficult to break.
Unix / Linux based security tools?
12. HTTP - FTP - SMTP reside at which layer of the OSI model?
RADIUS
product development life cycle
SLE - Single Loss Expectancy
Layer 7 - Application
13. ______________ relates to the concept of protecting data from unauthorized users.
Intrusion Detection System
DAC - Discretionary Access Control
Information Security policies
Confidentiality
14. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Host based - network based
DAC - Discretionary Access Control
Layer 3 - Host to Host
Passwords
15. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
DAC - Discretionary Access Control
Preserve electronic evidence and protect it from any alteration
Buffer Overflow
Business enabler
16. DES - Data Encryption standard has a 128 bit key and is ________
Not very difficult to break.
Virus definition downloads and system virus scans
Hoaxes
Polymorphic
17. The ultimate goal of a computer forensics specialist is to ___________________.
Preserve electronic evidence and protect it from any alteration
modems
Warning banners
S/Key - OPIE
18. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Granularity
Polymorphic
Warning banners
MAC - Mandatory Access Control
19. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
Intentions of the perpetrator
Macro
Polymorphic
20. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Ethernet
Social Engineering
Residual risk
Risk assessment
21. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Intrusion Detection System
Authorization
Warning Banner
Data Classification
22. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
All
SET
Password audit
Unix / Linux based security tools?
23. __________ is a tool used by network administrators to capture packets from a network.
Sniffer
Environmental
Certificate
DAC - Discretionary Access Control
24. The ability to identify and audit a user and his / her actions is known as ____________.
TIGER
ISO
Certificate
Accountability
25. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
0-1023
Configuration Control
Mobile
MAC - Mandatory Access Control
26. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Stateful Inspection
Layer 3 - Host to Host
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Configuration Control
27. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Symmetric algorithm
Not rigid
Virus definition downloads and system virus scans
Authorization
28. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Fixed length
Logic bombs
Social Engineering
IPSEC
29. There are 65536 _________
IDEA algorithm
Available service ports
Passfilt.dll
All
30. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Intrusion Detection System
Log files
CERT - SANS - CERIAS - COAST
Information
31. Logon and Logoff - Use of User Rights - Security Policy Change
NT Audit events
Separation of Duties
Unix / Linux based security tools?
Environmental
32. The __________ is the most dangerous part of a virus program.
Users can gain access to any resource upon request (assuming they have proper permissions)
Authentication
Assignment
Payload
33. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Virus definition downloads and system virus scans
Assignment
Privacy violations
Salami attack
34. An attempt to break an encryption algorithm is called _____________.
Cryptanalysis
IANA
Email
Verisign - Microsoft - Dell
35. Today - ______________ are almost as serious as security violations
Privacy violations
Email
Information
a good password policy
36. Combine both boot and file virus behavior
Accountability
Cisco
Ethernet
Multi-partite viruses
37. A Security Reference Monitor relates to which DoD security standard?
Protection of data from unauthorized users
C2
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Prevent - Recover - Detect
38. Public keys are used for encrypting messages and private keys are used for __________messages.
Phreaks
Preserve electronic evidence and protect it from any alteration
Salami attack
Depcrypting
39. Which of the following is NOT and encryption algorithm?
SYN Flooding
IANA
SSL
Hoaxes
40. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Email
Ethernet
Mobile
Information Security policies
41. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Less secure
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Data Classification
Test virus
42. This free (for personal use) program is used to encrypt and decrypt emails.
Virus definition downloads and system virus scans
PGP
Decentralized access control
Stateful Inspection
43. They specifically target telephone networks
Biometrics
Phreaks
TIGER
CRACK
44. RSA is not based on a ________
Symmetric algorithm
Configuration Control
Not very difficult to break.
Confidentiality
45. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Social Engineering
involves only computer to computer transactions
SYN Flooding
Passfilt.dll
46. Countermeasures address security concerns in this category
Data Hiding
Intentions of the perpetrator
Social Engineering
Information
47. ______________ is a Unix security scanning tool developed at Texas A&M university.
Intrusion Detection System
SSL
Salami attack
TIGER
48. Main goals of an information security program
Main goal of a risk management program
SYN Flooding
Privacy violations
Confidentiality - Availability -Integrity of data
49. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Available service ports
Passfilt.dll
Information
CERT - SANS - CERIAS - COAST
50. Cable modems are ___________than DSL connections
Less secure
Symmetric algorithm
Personal Firewall - IDS - host based - Antivirus
Password audit
