SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Certificate
Residual risk
Layer 7 - Application
Main goal of a risk management program
2. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
Residual risk
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Depcrypting
3. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Main goal of a risk management program
Stateful Inspection
Cramming
4. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Granularity
CHAP
S/Key - OPIE
Confidentiality
5. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
DAC - Discretionary Access Control
Intentions of the perpetrator
NFS
Assignment
6. It is difficult to prosecute a computer criminal if _________ are not deployed
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
IANA
Acceptance - Transfer - Mitigate
Warning banners
7. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Configuration Control
Mobile
Warning Banner
All
8. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Mobile
SET
Personal Firewall - IDS - host based - Antivirus
0-1023
9. A true network security audit does include an audit for _____________
modems
Layer 3 - Host to Host
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Confidentiality - Availability -Integrity of data
10. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
Less secure
Stealth viruses
Ethernet
11. What is the main difference between computer abuse and computer crime?
Steps in handling incidents
Intentions of the perpetrator
Available service ports
Warning banners
12. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Cryptanalysis
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Multi-partite viruses
IDEA algorithm
13. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Intrusion Detection System
Hackers and crackers
Polymorphic
Layer 3 - Host to Host
14. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Not rigid
Test virus
Warning Banner
Protection of data from unauthorized users
15. One method that can reduce exposure to malicious code is to ___________________
CVE - Common Vulnerabilities and Exposures
Information
run applications as generic accounts with little or no privileges.
Buffer Overflow
16. The __________ is the most dangerous part of a virus program.
Gathering digital evidence
PGP
Certificate
Payload
17. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
SLE - Single Loss Expectancy
Authentication
Stateful Inspection
Man In The Middle
18. Data being delivered from the source to the intended receiver without being altered
Layer 3 - Host to Host
Detective
Protection of data from unauthorized users
SET
19. Wiretapping is an example of a ________.
Acceptance - Transfer - Mitigate
Macro
Detective
Passive network attack
20. What security principle is based on the division of job responsibilities - designed to prevent fraud?
IDEA algorithm
128
Separation of Duties
Layer 7 - Application
21. A formula used in Quantitative risk analysis
Gathering digital evidence
Hoaxes
Residual risk
SLE - Single Loss Expectancy
22. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
S/Key - OPIE
To make user certificates available to others
involves only computer to computer transactions
DSS - Digital Signature Standard
23. ______________ relates to the concept of protecting data from unauthorized users.
Granularity
Separation of Duties
Passwords
Confidentiality
24. ________ is the authoritative entity which lists port assignments
Presentation Layer - L6
IANA
Warning Banner
Information
25. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Off site in a climate controlled area
ISO
Wild
26. Remote Access Dial-in User Service
Ethernet
All
product development life cycle
RADIUS
27. Countermeasures address security concerns in this category
CVE - Common Vulnerabilities and Exposures
Main goal of a risk management program
Information
Accountability
28. The ultimate goal of a computer forensics specialist is to ___________________.
Preserve electronic evidence and protect it from any alteration
Mobile
Business enabler
Intentions of the perpetrator
29. Logon and Logoff - Use of User Rights - Security Policy Change
IPSEC
Layer 7 - Application
NT Audit events
RSA
30. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
Logic bombs
Intrusion Detection System
SLE - Single Loss Expectancy
31. Combine both boot and file virus behavior
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Data Classification
Multi-partite viruses
To make user certificates available to others
32. HTTP - FTP - SMTP reside at which layer of the OSI model?
To make user certificates available to others
Payload
Prevent - Recover - Detect
Layer 7 - Application
33. ____ members of the staff need to be educated in disaster recovery procedures.
Steps in handling incidents
SLE - Single Loss Expectancy
All
IDEA algorithm
34. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Data Hiding
Macro
Configuration Control
Granularity
35. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
MAC - Mandatory Access Control
run applications as generic accounts with little or no privileges.
Warning banners
Sued for privacy violations
36. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
SLE - Single Loss Expectancy
SSL
A PGP Signed message
Accountability
37. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Man In The Middle
S/Key - OPIE
X.509
Social Engineering
38. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
Biometrics
Business enabler
Fixed length
39. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Hackers and crackers
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Test virus
Granularity
40. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Logic bombs
Stateful Inspection
Acceptance - Transfer - Mitigate
Passfilt.dll
41. Vulnerability x Threat = RISK is an example of the _______________.
Risk Equation
Accountability
IANA
Wild
42. An attempt to break an encryption algorithm is called _____________.
Passfilt.dll
Detective
Intrusion Detection System
Cryptanalysis
43. Public keys are used for encrypting messages and private keys are used for __________messages.
Depcrypting
Data Classification
TIGER
NFS
44. This free (for personal use) program is used to encrypt and decrypt emails.
Logic bombs
PGP
A PGP Signed message
Phreaks
45. __________ is the most famous Unix password cracking tool.
Sued for privacy violations
Off site in a climate controlled area
Quantitative analysis
CRACK
46. A ______________ is an electronically generated record that ties a user's ID to their public key.
Certificate
Residual risk
Warning banners
All
47. ____________ is a file system that was poorly designed and has numerous security flaws.
128
Email
Configuration Control
NFS
48. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Prevent - Recover - Detect
Passwords
Less secure
Macro
49. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Virus definition downloads and system virus scans
Residual risk
To make user certificates available to others
run applications as generic accounts with little or no privileges.
50. Cable modems are ___________than DSL connections
Logic bombs
DSS - Digital Signature Standard
Less secure
Business enabler