SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Allows File owners to determine access rights.
Decentralized access control
Verisign - Microsoft - Dell
Phreaks
DAC - Discretionary Access Control
2. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Users can gain access to any resource upon request (assuming they have proper permissions)
DSS - Digital Signature Standard
Virus definition downloads and system virus scans
Man In The Middle
3. ______________ is a Unix security scanning tool developed at Texas A&M university.
Stateful Inspection
TIGER
modems
Intentions of the perpetrator
4. Main goals of an information security program
Authorization
Data Hiding
Configuration Control
Confidentiality - Availability -Integrity of data
5. Ways to deal with risk.
Acceptance - Transfer - Mitigate
Business enabler
Less secure
Data Hiding
6. Logon and Logoff - Use of User Rights - Security Policy Change
Off site in a climate controlled area
Stealth viruses
NT Audit events
Intentions of the perpetrator
7. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Less secure
Cisco
Wild
Fixed length
8. This free (for personal use) program is used to encrypt and decrypt emails.
Less secure
PGP
RADIUS
Warning banners
9. Macintosh computers are _____ at risk for receiving viruses.
Stateful Inspection
Also
Users can gain access to any resource upon request (assuming they have proper permissions)
0-1023
10. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
Information Security policies
Prevent - Recover - Detect
SLE - Single Loss Expectancy
11. Remote Access Dial-in User Service
RADIUS
ISO
One way hash
Business enabler
12. ________ is the authoritative entity which lists port assignments
NT Audit events
Mobile
IANA
Stateful Inspection
13. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Gathering digital evidence
RSA
Stealth viruses
Information Security policies
14. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Data Hiding
Ethernet
Hackers and crackers
Man In The Middle
15. The IDEA algorithm (used in PGP) is _______ bits long.
Unix / Linux based security tools?
Intrusion Detection System
128
PGP
16. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
DAC - Discretionary Access Control
Prevent - Recover - Detect
Steps in handling incidents
Residual risk
17. Which of the concepts best describes Availability in relation to computer resources?
Multi-partite viruses
Users can gain access to any resource upon request (assuming they have proper permissions)
Ethernet
Confidentiality
18. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Protection of data from unauthorized users
DSS - Digital Signature Standard
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
SYN Flooding
19. ______________ is a major component of an overall risk management program.
Risk assessment
Hackers and crackers
Main goal of a risk management program
Hoaxes
20. Companies can now be __________ just as easily as they can be sued for security compromises.
Sued for privacy violations
Passive network attack
Off site in a climate controlled area
DSS - Digital Signature Standard
21. What is the main difference between computer abuse and computer crime?
Residual risk
IPSEC
DSS - Digital Signature Standard
Intentions of the perpetrator
22. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
SLE - Single Loss Expectancy
Virus definition downloads and system virus scans
0-1023
Social Engineering
23. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Accountability
Macro
Mobile
Hoaxes
24. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Passfilt.dll
Business enabler
Logic bombs
Mobile
25. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Wild
CHAP
run applications as generic accounts with little or no privileges.
Not rigid
26. Public keys are used for encrypting messages and private keys are used for __________messages.
Email
NT Audit events
Depcrypting
Warning banners
27. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Prevent - Recover - Detect
Environmental
Virus definition downloads and system virus scans
Users can gain access to any resource upon request (assuming they have proper permissions)
28. An intrusion detection system is an example of what type of countermeasure?
Privacy violations
SLE - Single Loss Expectancy
Detective
S/Key - OPIE
29. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Users can gain access to any resource upon request (assuming they have proper permissions)
X.509
Layer 3 - Host to Host
Environmental
30. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Confidentiality
Also
Hackers and crackers
Protection of data from unauthorized users
31. ______________ relates to the concept of protecting data from unauthorized users.
MAC - Mandatory Access Control
Information Security policies
Off site in a climate controlled area
Confidentiality
32. Which range defines 'well known ports?'
TIGER
Residual risk
0-1023
Available service ports
33. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic
Directive
Detective
Buffer Overflow
34. Committing computer crimes in such small doses that they almost go unnoticed.
CHAP
Detective
Password audit
Salami attack
35. DES - Data Encryption standard has a 128 bit key and is ________
Virus definition downloads and system virus scans
Not very difficult to break.
Gathering digital evidence
Configuration Control
36. To help managers find the correct cost balance between risks and countermeasures
Authorization
Main goal of a risk management program
Assignment
Stealth viruses
37. _______________ supply AV engines with false information to avoid detection
Not very difficult to break.
S/Key - OPIE
Residual risk
Stealth viruses
38. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
a good password policy
Reboot or system startup
Payload
39. A true network security audit does include an audit for _____________
Multi-partite viruses
modems
Payload
Layer 7 - Application
40. The ability to identify and audit a user and his / her actions is known as ____________.
Users can gain access to any resource upon request (assuming they have proper permissions)
IDEA algorithm
Data Hiding
Accountability
41. ____ members of the staff need to be educated in disaster recovery procedures.
Passive network attack
All
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Privacy violations
42. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Wild
Passwords
Data Hiding
ISO
43. Which of the following is NOT and encryption algorithm?
NFS
Less secure
SSL
Cryptanalysis
44. Information security policies are a ___________________.
SET
Ethernet
Symmetric algorithm
Business enabler
45. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Available service ports
Acceptance - Transfer - Mitigate
CRACK
46. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Presentation Layer - L6
MAC - Mandatory Access Control
Also
CHAP
47. Countermeasures address security concerns in this category
Social Engineering
Information
Business enabler
SLE - Single Loss Expectancy
48. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
Biometrics
Directive
IANA
49. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
X.509
Log files
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Stateful Inspection
50. A one way hash converts a string of random length into a _______________ encrypted string.
Information Security policies
Gathering digital evidence
Fixed length
All