SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Sniffer
RSA
Wild
Polymorphic
2. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
One way hash
RSA
Test virus
Not rigid
3. Ways to deal with risk.
Acceptance - Transfer - Mitigate
X.509
Confidentiality - Availability -Integrity of data
Social Engineering
4. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Authorization
Environmental
modems
Cisco
5. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
MAC - Mandatory Access Control
Assignment
Mobile
Host based - network based
6. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Directive
NT Audit events
MAC - Mandatory Access Control
Data Classification
7. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Intrusion Detection System
Cryptanalysis
Biometrics
Data Hiding
8. Companies can now be __________ just as easily as they can be sued for security compromises.
Sued for privacy violations
All
Passfilt.dll
Passive network attack
9. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Log files
NFS
Less secure
Passfilt.dll
10. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Not very difficult to break.
Certificate
Layer 3 - Host to Host
Decentralized access control
11. ____ members of the staff need to be educated in disaster recovery procedures.
SET
All
Also
Information
12. Name two types of Intrusion Detection Systems
DAC - Discretionary Access Control
Not rigid
Host based - network based
Stateful Inspection
13. ____________ is a file system that was poorly designed and has numerous security flaws.
run applications as generic accounts with little or no privileges.
NFS
SYN Flooding
Verisign - Microsoft - Dell
14. Which of the following is NOT and encryption algorithm?
Authorization
SSL
Passfilt.dll
Detective
15. There are 65536 _________
Available service ports
Hoaxes
RADIUS
A PGP Signed message
16. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Gathering digital evidence
Directive
Risk assessment
Man In The Middle
17. Today - ______________ are almost as serious as security violations
Test virus
Data Classification
Privacy violations
PGP
18. Countermeasures' main objectives
Steps in handling incidents
Business enabler
Prevent - Recover - Detect
RADIUS
19. Vulnerability x Threat = RISK is an example of the _______________.
Business enabler
Virus definition downloads and system virus scans
Risk Equation
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
20. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Passwords
Intentions of the perpetrator
SYN Flooding
Log files
21. S/MIME was developed for the protection of what communication mechanism(s)?
Layer 3 - Host to Host
Intentions of the perpetrator
Email
Test virus
22. Combine both boot and file virus behavior
Multi-partite viruses
X.509
Acceptance - Transfer - Mitigate
Hackers and crackers
23. Main goals of an information security program
Configuration Control
SLE - Single Loss Expectancy
Main goal of a risk management program
Confidentiality - Availability -Integrity of data
24. Logon and Logoff - Use of User Rights - Security Policy Change
Layer 7 - Application
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Information Security policies
NT Audit events
25. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
X.509
Detective
Unix / Linux based security tools?
Business enabler
26. The __________ is the most dangerous part of a virus program.
Payload
Sniffer
Information
Risk assessment
27. Which of the concepts best describes Availability in relation to computer resources?
ISO
Users can gain access to any resource upon request (assuming they have proper permissions)
Main goal of a risk management program
Cisco
28. Which layer of the OSI model handles encryption?
Cramming
IDEA algorithm
IANA
Presentation Layer - L6
29. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
RADIUS
Personal Firewall - IDS - host based - Antivirus
Residual risk
Not rigid
30. An attempt to break an encryption algorithm is called _____________.
NFS
Assignment
Cryptanalysis
Polymorphic
31. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Residual risk
Wild
Cryptanalysis
Passive network attack
32. ___________________ is responsible for creating security policies and for communicating those policies to system users.
X.509
ISO
CRACK
Cryptanalysis
33. Information security policies are a ___________________.
Symmetric algorithm
Business enabler
run applications as generic accounts with little or no privileges.
C2
34. Wiretapping is an example of a ________.
Risk assessment
Passive network attack
Biometrics
NFS
35. __________ is a tool used by network administrators to capture packets from a network.
Unix / Linux based security tools?
C2
Polymorphic
Sniffer
36. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
MAC - Mandatory Access Control
SET
CVE - Common Vulnerabilities and Exposures
Personal Firewall - IDS - host based - Antivirus
37. They specifically target telephone networks
run applications as generic accounts with little or no privileges.
Phreaks
Buffer Overflow
product development life cycle
38. Digital Certificates use which protocol?
X.509
Warning banners
Stateful Inspection
NT Audit events
39. Cable modems are ___________than DSL connections
TIGER
Less secure
Host based - network based
Hoaxes
40. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
Cryptanalysis
Password audit
Granularity
41. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Sued for privacy violations
Warning Banner
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Detective
42. Which range defines 'well known ports?'
Salami attack
0-1023
Warning banners
Data Hiding
43. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Information Security policies
product development life cycle
Host based - network based
Business enabler
44. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Phreaks
Not very difficult to break.
CERT - SANS - CERIAS - COAST
Available service ports
45. A ______________ is an electronically generated record that ties a user's ID to their public key.
Risk Equation
Quantitative analysis
Certificate
Multi-partite viruses
46. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Sniffer
IPSEC
Not very difficult to break.
To make user certificates available to others
47. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Environmental
Stealth viruses
Cryptanalysis
Authentication
48. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Social Engineering
Users can gain access to any resource upon request (assuming they have proper permissions)
Wild
Polymorphic
49. Allows File owners to determine access rights.
Decentralized access control
SET
Prevent - Recover - Detect
Man In The Middle
50. The IDEA algorithm (used in PGP) is _______ bits long.
128
Confidentiality - Availability -Integrity of data
Environmental
To make user certificates available to others