SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Macintosh computers are _____ at risk for receiving viruses.
Also
IDEA algorithm
Depcrypting
Privacy violations
2. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Prevent - Recover - Detect
IPSEC
DSS - Digital Signature Standard
Confidentiality - Availability -Integrity of data
3. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Wild
Polymorphic
Also
Reboot or system startup
4. ______________ is a major component of an overall risk management program.
Directive
SET
Warning Banner
Risk assessment
5. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Information Security policies
Authorization
Main goal of a risk management program
SLE - Single Loss Expectancy
6. Public keys are used for encrypting messages and private keys are used for __________messages.
Data Classification
Not rigid
IANA
Depcrypting
7. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Symmetric algorithm
Quantitative analysis
DSS - Digital Signature Standard
Not rigid
8. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Cisco
CRACK
CHAP
Fixed length
9. MD5 is a ___________ algorithm
Verisign - Microsoft - Dell
One way hash
IDEA algorithm
Information
10. This free (for personal use) program is used to encrypt and decrypt emails.
Reboot or system startup
Gathering digital evidence
PGP
Man In The Middle
11. RSA is not based on a ________
Symmetric algorithm
C2
Gathering digital evidence
Mobile
12. ___________________ is responsible for creating security policies and for communicating those policies to system users.
ISO
RADIUS
Biometrics
CVE - Common Vulnerabilities and Exposures
13. ____ members of the staff need to be educated in disaster recovery procedures.
Payload
Intentions of the perpetrator
run applications as generic accounts with little or no privileges.
All
14. Today - ______________ are almost as serious as security violations
Authentication
Privacy violations
MAC - Mandatory Access Control
modems
15. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
DSS - Digital Signature Standard
Biometrics
product development life cycle
ISO
16. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
X.509
Certificate
RSA
To make user certificates available to others
17. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Payload
Residual risk
Acceptance - Transfer - Mitigate
Phreaks
18. The most secure method for storing backup tapes is?
Off site in a climate controlled area
Email
Prevent - Recover - Detect
Preserve electronic evidence and protect it from any alteration
19. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Multi-partite viruses
Separation of Duties
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Protection of data from unauthorized users
20. The ultimate goal of a computer forensics specialist is to ___________________.
Payload
Preserve electronic evidence and protect it from any alteration
Less secure
Main goal of a risk management program
21. Contain - Recover - Review - Identify - Prepare
modems
Steps in handling incidents
Passwords
Certificate
22. A true network security audit does include an audit for _____________
Environmental
run applications as generic accounts with little or no privileges.
Certificate
modems
23. Ways to deal with risk.
Residual risk
SSL
Acceptance - Transfer - Mitigate
Risk Equation
24. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Confidentiality - Availability -Integrity of data
C2
PGP
SYN Flooding
25. ______________ is a Unix security scanning tool developed at Texas A&M university.
Depcrypting
TIGER
Hoaxes
SET
26. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Ethernet
Gathering digital evidence
Stateful Inspection
Multi-partite viruses
27. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
CHAP
Salami attack
To make user certificates available to others
Protection of data from unauthorized users
28. A formula used in Quantitative risk analysis
Personal Firewall - IDS - host based - Antivirus
Multi-partite viruses
SLE - Single Loss Expectancy
TIGER
29. Cable modems are ___________than DSL connections
Less secure
Environmental
Polymorphic
0-1023
30. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Certificate
Assignment
Man In The Middle
DAC - Discretionary Access Control
31. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Test virus
Not very difficult to break.
S/Key - OPIE
Environmental
32. Countermeasures' main objectives
Prevent - Recover - Detect
Ethernet
RADIUS
Email
33. DES - Data Encryption standard has a 128 bit key and is ________
Confidentiality - Availability -Integrity of data
Man In The Middle
a good password policy
Not very difficult to break.
34. Stealth viruses live in memory while __________ are written to disk
Risk Equation
Multi-partite viruses
X.509
Logic bombs
35. Name two types of Intrusion Detection Systems
Host based - network based
Email
Off site in a climate controlled area
Social Engineering
36. Examples of One- Time Password technology
S/Key - OPIE
Detective
Directive
Intentions of the perpetrator
37. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
C2
Stateful Inspection
involves only computer to computer transactions
Not rigid
38. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
MAC - Mandatory Access Control
Available service ports
X.509
Sued for privacy violations
39. Digital Certificates use which protocol?
X.509
A PGP Signed message
CVE - Common Vulnerabilities and Exposures
One way hash
40. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
A PGP Signed message
Salami attack
Polymorphic
Mobile
41. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
SYN Flooding
Mobile
CHAP
CRACK
42. What is the main difference between computer abuse and computer crime?
Less secure
PGP
Intentions of the perpetrator
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
43. These should be done on a weekly basis
Virus definition downloads and system virus scans
ISO
A PGP Signed message
IANA
44. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Main goal of a risk management program
Confidentiality
Warning Banner
Accountability
45. The __________ is the most dangerous part of a virus program.
Off site in a climate controlled area
SET
Mobile
Payload
46. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Logic bombs
Users can gain access to any resource upon request (assuming they have proper permissions)
product development life cycle
RSA
47. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
Layer 3 - Host to Host
Intrusion Detection System
Warning Banner
48. To help managers find the correct cost balance between risks and countermeasures
All
Main goal of a risk management program
Quantitative analysis
RSA
49. Countermeasures address security concerns in this category
Passive network attack
Off site in a climate controlled area
Information
128
50. A ______________ is an electronically generated record that ties a user's ID to their public key.
0-1023
Layer 7 - Application
Certificate
Layer 3 - Host to Host
