SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Confidentiality - Availability -Integrity of data
Gathering digital evidence
Authentication
Warning Banner
2. A one way hash converts a string of random length into a _______________ encrypted string.
Confidentiality
Fixed length
Quantitative analysis
Detective
3. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Layer 7 - Application
Biometrics
Salami attack
a good password policy
4. Today - ______________ are almost as serious as security violations
Cisco
Privacy violations
Cryptanalysis
Host based - network based
5. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Intrusion Detection System
A PGP Signed message
Logic bombs
Ethernet
6. Name two types of Intrusion Detection Systems
Host based - network based
Personal Firewall - IDS - host based - Antivirus
Business enabler
Verisign - Microsoft - Dell
7. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SET
Passfilt.dll
Gathering digital evidence
run applications as generic accounts with little or no privileges.
8. So far - no one has been able to crack the ____________ with Brute Force.
Warning banners
IDEA algorithm
Risk assessment
Man In The Middle
9. S/MIME was developed for the protection of what communication mechanism(s)?
Hackers and crackers
Wild
Email
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
10. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Not rigid
Directive
Password audit
CERT - SANS - CERIAS - COAST
11. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Steps in handling incidents
Off site in a climate controlled area
Sued for privacy violations
Macro
12. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
0-1023
Ethernet
Less secure
Warning Banner
13. Stealth viruses live in memory while __________ are written to disk
Warning Banner
Acceptance - Transfer - Mitigate
Hackers and crackers
Logic bombs
14. A Security Reference Monitor relates to which DoD security standard?
Stateful Inspection
Log files
C2
Decentralized access control
15. __________ is the most famous Unix password cracking tool.
Unix / Linux based security tools?
RSA
CRACK
Information Security policies
16. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Passwords
Sniffer
Intentions of the perpetrator
17. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
SYN Flooding
Hoaxes
To make user certificates available to others
Passfilt.dll
18. It is difficult to prosecute a computer criminal if _________ are not deployed
Stealth viruses
Steps in handling incidents
Wild
Warning banners
19. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
RADIUS
DSS - Digital Signature Standard
SSL
0-1023
20. A formula used in Quantitative risk analysis
Hoaxes
SLE - Single Loss Expectancy
Phreaks
a good password policy
21. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
SSL
Polymorphic
SLE - Single Loss Expectancy
Configuration Control
22. Cable modems are ___________than DSL connections
Log files
Main goal of a risk management program
Social Engineering
Less secure
23. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
involves only computer to computer transactions
Off site in a climate controlled area
Confidentiality - Availability -Integrity of data
Phreaks
24. HTTP - FTP - SMTP reside at which layer of the OSI model?
Multi-partite viruses
a good password policy
Email
Layer 7 - Application
25. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
MAC - Mandatory Access Control
IANA
modems
Confidentiality
26. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic
TIGER
Acceptance - Transfer - Mitigate
Host based - network based
27. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
involves only computer to computer transactions
Buffer Overflow
Authorization
Intentions of the perpetrator
28. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
SET
a good password policy
Unix / Linux based security tools?
Information
29. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
Cisco
Information Security policies
Phreaks
30. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Personal Firewall - IDS - host based - Antivirus
Certificate
product development life cycle
Stateful Inspection
31. The ability to identify and audit a user and his / her actions is known as ____________.
Accountability
Users can gain access to any resource upon request (assuming they have proper permissions)
SET
Preserve electronic evidence and protect it from any alteration
32. Which layer of the OSI model handles encryption?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Acceptance - Transfer - Mitigate
Presentation Layer - L6
Available service ports
33. A ______________ is an electronically generated record that ties a user's ID to their public key.
DAC - Discretionary Access Control
Certificate
Passfilt.dll
Presentation Layer - L6
34. Countermeasures address security concerns in this category
Information
Man In The Middle
Risk assessment
Separation of Duties
35. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
To make user certificates available to others
Wild
Hoaxes
Detective
36. RSA is not based on a ________
Symmetric algorithm
Password audit
Prevent - Recover - Detect
Directive
37. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Presentation Layer - L6
Sued for privacy violations
Environmental
Social Engineering
38. The IDEA algorithm (used in PGP) is _______ bits long.
CERT - SANS - CERIAS - COAST
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
128
Protection of data from unauthorized users
39. A boot sector virus goes to work when what event takes place?
Reboot or system startup
Confidentiality
Environmental
Fixed length
40. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Risk Equation
Password audit
SSL
Protection of data from unauthorized users
41. ___________________ is responsible for creating security policies and for communicating those policies to system users.
ISO
Social Engineering
Fixed length
Test virus
42. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Environmental
Macro
Quantitative analysis
Sued for privacy violations
43. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
RADIUS
Personal Firewall - IDS - host based - Antivirus
Assignment
Gathering digital evidence
44. What is the main difference between computer abuse and computer crime?
Intentions of the perpetrator
Cryptanalysis
Data Classification
Log files
45. The __________ is the most dangerous part of a virus program.
Mobile
Wild
Payload
Test virus
46. ______________ relates to the concept of protecting data from unauthorized users.
Users can gain access to any resource upon request (assuming they have proper permissions)
a good password policy
Protection of data from unauthorized users
Confidentiality
47. Main goals of an information security program
Confidentiality - Availability -Integrity of data
Virus definition downloads and system virus scans
Accountability
Host based - network based
48. Logon and Logoff - Use of User Rights - Security Policy Change
Password audit
Wild
CERT - SANS - CERIAS - COAST
NT Audit events
49. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Not rigid
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Intrusion Detection System
Payload
50. Wiretapping is an example of a ________.
Available service ports
Intentions of the perpetrator
0-1023
Passive network attack
