SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Smart cards are a secure alternative to which weak security mechanism?
Biometrics
Passwords
Environmental
Salami attack
2. A formula used in Quantitative risk analysis
SLE - Single Loss Expectancy
Cryptanalysis
Accountability
Depcrypting
3. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Logic bombs
Directive
Unix / Linux based security tools?
Hackers and crackers
4. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
Not very difficult to break.
Payload
Certificate
5. Today - ______________ are almost as serious as security violations
Mobile
Privacy violations
Authentication
Ethernet
6. An intrusion detection system is an example of what type of countermeasure?
Cramming
Passfilt.dll
Biometrics
Detective
7. ___________________ is responsible for creating security policies and for communicating those policies to system users.
ISO
Multi-partite viruses
X.509
All
8. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
128
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Symmetric algorithm
0-1023
9. So far - no one has been able to crack the ____________ with Brute Force.
Sniffer
Not rigid
IDEA algorithm
Also
10. A Security Reference Monitor relates to which DoD security standard?
C2
Logic bombs
Email
Environmental
11. What is the main difference between computer abuse and computer crime?
ISO
Social Engineering
Intentions of the perpetrator
DAC - Discretionary Access Control
12. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
Passive network attack
Authentication
Decentralized access control
13. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Fixed length
Sniffer
DAC - Discretionary Access Control
Also
14. The ability to identify and audit a user and his / her actions is known as ____________.
Protection of data from unauthorized users
Users can gain access to any resource upon request (assuming they have proper permissions)
Cisco
Accountability
15. A ______________ is an electronically generated record that ties a user's ID to their public key.
Accountability
Fixed length
Certificate
IPSEC
16. Data being delivered from the source to the intended receiver without being altered
Risk Equation
Protection of data from unauthorized users
run applications as generic accounts with little or no privileges.
Depcrypting
17. Companies can now be __________ just as easily as they can be sued for security compromises.
Sued for privacy violations
Off site in a climate controlled area
Layer 3 - Host to Host
Risk Equation
18. Macintosh computers are _____ at risk for receiving viruses.
Risk Equation
S/Key - OPIE
Also
RSA
19. ______________ relates to the concept of protecting data from unauthorized users.
IDEA algorithm
Confidentiality
Payload
S/Key - OPIE
20. Public keys are used for encrypting messages and private keys are used for __________messages.
DSS - Digital Signature Standard
Cisco
SET
Depcrypting
21. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Sniffer
Prevent - Recover - Detect
Warning Banner
Cisco
22. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Mobile
Risk assessment
0-1023
Separation of Duties
23. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic
Steps in handling incidents
DAC - Discretionary Access Control
Unix / Linux based security tools?
24. Logon and Logoff - Use of User Rights - Security Policy Change
Intentions of the perpetrator
Payload
Privacy violations
NT Audit events
25. Information security policies are a ___________________.
Macro
Business enabler
Passive network attack
IDEA algorithm
26. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Salami attack
Layer 7 - Application
CHAP
27. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
Risk Equation
CRACK
Presentation Layer - L6
28. The __________ is the most dangerous part of a virus program.
CHAP
C2
Payload
TIGER
29. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Risk Equation
S/Key - OPIE
RSA
Not very difficult to break.
30. Allows File owners to determine access rights.
Main goal of a risk management program
Decentralized access control
Man In The Middle
Verisign - Microsoft - Dell
31. There are 65536 _________
Warning banners
Available service ports
Data Classification
Prevent - Recover - Detect
32. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Granularity
Also
Sued for privacy violations
IANA
33. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
PGP
Intentions of the perpetrator
Sniffer
Unix / Linux based security tools?
34. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Preserve electronic evidence and protect it from any alteration
Biometrics
Unix / Linux based security tools?
Users can gain access to any resource upon request (assuming they have proper permissions)
35. RSA is not based on a ________
Data Classification
Buffer Overflow
Information
Symmetric algorithm
36. MD5 is a ___________ algorithm
X.509
128
Quantitative analysis
One way hash
37. Ways to deal with risk.
IPSEC
Buffer Overflow
Acceptance - Transfer - Mitigate
Symmetric algorithm
38. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
Depcrypting
Email
C2
39. It is difficult to prosecute a computer criminal if _________ are not deployed
0-1023
Biometrics
Warning banners
NFS
40. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Data Classification
Layer 7 - Application
Phreaks
CERT - SANS - CERIAS - COAST
41. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Warning Banner
Stateful Inspection
Passfilt.dll
modems
42. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Biometrics
Authentication
Virus definition downloads and system virus scans
CHAP
43. Countermeasures' main objectives
Virus definition downloads and system virus scans
Man In The Middle
Prevent - Recover - Detect
Presentation Layer - L6
44. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
MAC - Mandatory Access Control
Authentication
To make user certificates available to others
involves only computer to computer transactions
45. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Information Security policies
Payload
Certificate
All
46. ______________ is a Unix security scanning tool developed at Texas A&M university.
Social Engineering
TIGER
Sued for privacy violations
Acceptance - Transfer - Mitigate
47. Contain - Recover - Review - Identify - Prepare
Off site in a climate controlled area
Separation of Duties
Main goal of a risk management program
Steps in handling incidents
48. An attempt to break an encryption algorithm is called _____________.
Cryptanalysis
PGP
Verisign - Microsoft - Dell
Information
49. Name two types of Intrusion Detection Systems
a good password policy
Host based - network based
Buffer Overflow
CVE - Common Vulnerabilities and Exposures
50. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Verisign - Microsoft - Dell
TIGER
Stateful Inspection
X.509
