SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Companies can now be __________ just as easily as they can be sued for security compromises.
Virus definition downloads and system virus scans
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Confidentiality - Availability -Integrity of data
Sued for privacy violations
2. Accounting - Authentication - and ____________ are the AAAs of information security.
SYN Flooding
Authorization
Information
Unix / Linux based security tools?
3. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
IPSEC
a good password policy
Hoaxes
CVE - Common Vulnerabilities and Exposures
4. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Authentication
Cramming
Available service ports
Payload
5. A type of virus that resides in a Word or Excel document is called a ___________ virus?
MAC - Mandatory Access Control
Users can gain access to any resource upon request (assuming they have proper permissions)
Acceptance - Transfer - Mitigate
Macro
6. Which organization(s) are responsible for the timely distribution of information security intelligence data?
DAC - Discretionary Access Control
MAC - Mandatory Access Control
Business enabler
CERT - SANS - CERIAS - COAST
7. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
SYN Flooding
Also
Decentralized access control
8. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Hackers and crackers
SSL
S/Key - OPIE
Information Security policies
9. Name two types of Intrusion Detection Systems
One way hash
Personal Firewall - IDS - host based - Antivirus
SLE - Single Loss Expectancy
Host based - network based
10. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Layer 3 - Host to Host
Unix / Linux based security tools?
DAC - Discretionary Access Control
Decentralized access control
11. Which of the concepts best describes Availability in relation to computer resources?
Users can gain access to any resource upon request (assuming they have proper permissions)
run applications as generic accounts with little or no privileges.
Man In The Middle
Configuration Control
12. A standardized list of the most common security weaknesses and exploits is the __________.
CVE - Common Vulnerabilities and Exposures
Log files
MAC - Mandatory Access Control
Mobile
13. Which of the following is NOT and encryption algorithm?
SYN Flooding
Layer 7 - Application
Wild
SSL
14. An intrusion detection system is an example of what type of countermeasure?
IANA
IPSEC
Detective
Off site in a climate controlled area
15. Wiretapping is an example of a ________.
Passive network attack
Cryptanalysis
Quantitative analysis
128
16. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
Virus definition downloads and system virus scans
Assignment
Decentralized access control
17. These should be done on a weekly basis
Sniffer
Hackers and crackers
Host based - network based
Virus definition downloads and system virus scans
18. Remote Access Dial-in User Service
Authorization
CHAP
One way hash
RADIUS
19. Countermeasures' main objectives
Fixed length
Authentication
DSS - Digital Signature Standard
Prevent - Recover - Detect
20. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
A PGP Signed message
Phreaks
Password audit
Test virus
21. HTTP - FTP - SMTP reside at which layer of the OSI model?
Not rigid
Accountability
Layer 7 - Application
Data Hiding
22. __________ is the most famous Unix password cracking tool.
CRACK
Warning banners
SSL
MAC - Mandatory Access Control
23. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Decentralized access control
Hackers and crackers
NFS
Data Classification
24. The most secure method for storing backup tapes is?
IDEA algorithm
MAC - Mandatory Access Control
Residual risk
Off site in a climate controlled area
25. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Environmental
Virus definition downloads and system virus scans
CRACK
CHAP
26. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Intrusion Detection System
C2
NT Audit events
involves only computer to computer transactions
27. They specifically target telephone networks
modems
Phreaks
All
Confidentiality - Availability -Integrity of data
28. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Certificate
Data Classification
128
To make user certificates available to others
29. Committing computer crimes in such small doses that they almost go unnoticed.
Information
Biometrics
Preserve electronic evidence and protect it from any alteration
Salami attack
30. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Payload
NFS
Log files
Password audit
31. Macintosh computers are _____ at risk for receiving viruses.
SYN Flooding
Also
Salami attack
X.509
32. Public keys are used for encrypting messages and private keys are used for __________messages.
Multi-partite viruses
Cryptanalysis
Depcrypting
Presentation Layer - L6
33. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Stealth viruses
DAC - Discretionary Access Control
CERT - SANS - CERIAS - COAST
Data Hiding
34. Which layer of the OSI model handles encryption?
Presentation Layer - L6
Depcrypting
Macro
Password audit
35. __________ is a tool used by network administrators to capture packets from a network.
Layer 3 - Host to Host
SET
Sniffer
modems
36. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
IANA
MAC - Mandatory Access Control
0-1023
Verisign - Microsoft - Dell
37. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Warning Banner
Configuration Control
CERT - SANS - CERIAS - COAST
38. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
A PGP Signed message
One way hash
Gathering digital evidence
Reboot or system startup
39. There are 5 classes of IP addresses available - but only 3 classes are in common use today
A PGP Signed message
SLE - Single Loss Expectancy
Phreaks
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
40. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Mobile
Stateful Inspection
product development life cycle
CVE - Common Vulnerabilities and Exposures
41. Ways to deal with risk.
Acceptance - Transfer - Mitigate
PGP
Main goal of a risk management program
Symmetric algorithm
42. It is difficult to prosecute a computer criminal if _________ are not deployed
Intrusion Detection System
Sniffer
Warning banners
C2
43. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Biometrics
IDEA algorithm
Gathering digital evidence
Sued for privacy violations
44. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Available service ports
To make user certificates available to others
Also
Hackers and crackers
45. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Test virus
CHAP
Stealth viruses
Password audit
46. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Risk assessment
Separation of Duties
RSA
CRACK
47. A one way hash converts a string of random length into a _______________ encrypted string.
Fixed length
Confidentiality - Availability -Integrity of data
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
IANA
48. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Salami attack
SLE - Single Loss Expectancy
Residual risk
DSS - Digital Signature Standard
49. RSA is not based on a ________
Symmetric algorithm
Unix / Linux based security tools?
Information
Granularity
50. To help managers find the correct cost balance between risks and countermeasures
Stealth viruses
Main goal of a risk management program
Salami attack
DSS - Digital Signature Standard