SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Information security policies are a ___________________.
Residual risk
Not rigid
involves only computer to computer transactions
Business enabler
2. This free (for personal use) program is used to encrypt and decrypt emails.
Detective
Sniffer
PGP
Log files
3. Which of the concepts best describes Availability in relation to computer resources?
Log files
Users can gain access to any resource upon request (assuming they have proper permissions)
involves only computer to computer transactions
Unix / Linux based security tools?
4. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Biometrics
A PGP Signed message
Fixed length
Residual risk
5. One method that can reduce exposure to malicious code is to ___________________
Buffer Overflow
Risk Equation
Business enabler
run applications as generic accounts with little or no privileges.
6. Main goals of an information security program
Protection of data from unauthorized users
Users can gain access to any resource upon request (assuming they have proper permissions)
C2
Confidentiality - Availability -Integrity of data
7. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Intentions of the perpetrator
Email
Macro
NFS
8. HTTP - FTP - SMTP reside at which layer of the OSI model?
DAC - Discretionary Access Control
Layer 7 - Application
S/Key - OPIE
Information Security policies
9. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Layer 7 - Application
Passfilt.dll
Log files
Email
10. They specifically target telephone networks
Phreaks
Information Security policies
Prevent - Recover - Detect
run applications as generic accounts with little or no privileges.
11. These should be done on a weekly basis
Salami attack
Hoaxes
Polymorphic
Virus definition downloads and system virus scans
12. A one way hash converts a string of random length into a _______________ encrypted string.
Not rigid
Detective
Fixed length
CHAP
13. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
modems
Cisco
Macro
Passive network attack
14. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Quantitative analysis
Depcrypting
Residual risk
RADIUS
15. Companies can now be __________ just as easily as they can be sued for security compromises.
Users can gain access to any resource upon request (assuming they have proper permissions)
Sued for privacy violations
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Virus definition downloads and system virus scans
16. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
All
SLE - Single Loss Expectancy
Email
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
17. The __________ is the most dangerous part of a virus program.
Stateful Inspection
Payload
IDEA algorithm
Test virus
18. A true network security audit does include an audit for _____________
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
modems
PGP
Assignment
19. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Virus definition downloads and system virus scans
IANA
Configuration Control
Password audit
20. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
Directive
Polymorphic
Test virus
21. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
run applications as generic accounts with little or no privileges.
Social Engineering
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Hoaxes
22. S/MIME was developed for the protection of what communication mechanism(s)?
One way hash
Certificate
Email
Password audit
23. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
NT Audit events
Directive
Sniffer
SET
24. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Configuration Control
Layer 7 - Application
involves only computer to computer transactions
SSL
25. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
A PGP Signed message
Layer 3 - Host to Host
Man In The Middle
Buffer Overflow
26. A boot sector virus goes to work when what event takes place?
Quantitative analysis
Warning Banner
Decentralized access control
Reboot or system startup
27. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Cryptanalysis
Intentions of the perpetrator
Macro
Unix / Linux based security tools?
28. Today - ______________ are almost as serious as security violations
Privacy violations
0-1023
NFS
NT Audit events
29. The IDEA algorithm (used in PGP) is _______ bits long.
Reboot or system startup
Depcrypting
128
RADIUS
30. Countermeasures' main objectives
CHAP
Prevent - Recover - Detect
Risk assessment
Available service ports
31. Cable modems are ___________than DSL connections
Less secure
Passwords
Salami attack
Warning Banner
32. ____ members of the staff need to be educated in disaster recovery procedures.
All
Less secure
Mobile
Acceptance - Transfer - Mitigate
33. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Steps in handling incidents
Intentions of the perpetrator
Biometrics
Stealth viruses
34. __________ is the most famous Unix password cracking tool.
Depcrypting
Phreaks
C2
CRACK
35. Logon and Logoff - Use of User Rights - Security Policy Change
CRACK
Virus definition downloads and system virus scans
Not rigid
NT Audit events
36. It is difficult to prosecute a computer criminal if _________ are not deployed
IDEA algorithm
Warning banners
Passwords
Acceptance - Transfer - Mitigate
37. Identifying specific attempts to penetrate systems is the function of the _______________.
RADIUS
Intrusion Detection System
Hoaxes
Authorization
38. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Protection of data from unauthorized users
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Confidentiality - Availability -Integrity of data
Presentation Layer - L6
39. Committing computer crimes in such small doses that they almost go unnoticed.
C2
Granularity
Payload
Salami attack
40. Remote Access Dial-in User Service
0-1023
Separation of Duties
Stateful Inspection
RADIUS
41. ______________ is a major component of an overall risk management program.
Test virus
Not rigid
Risk assessment
Assignment
42. Combine both boot and file virus behavior
Risk Equation
128
Multi-partite viruses
Log files
43. RSA is not based on a ________
Symmetric algorithm
CRACK
Biometrics
Detective
44. Public keys are used for encrypting messages and private keys are used for __________messages.
To make user certificates available to others
involves only computer to computer transactions
CVE - Common Vulnerabilities and Exposures
Depcrypting
45. MD5 is a ___________ algorithm
Cisco
Steps in handling incidents
One way hash
Quantitative analysis
46. A Security Reference Monitor relates to which DoD security standard?
Available service ports
C2
Not rigid
Cryptanalysis
47. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
product development life cycle
DSS - Digital Signature Standard
Social Engineering
SET
48. A standardized list of the most common security weaknesses and exploits is the __________.
CVE - Common Vulnerabilities and Exposures
Virus definition downloads and system virus scans
Multi-partite viruses
S/Key - OPIE
49. An attempt to break an encryption algorithm is called _____________.
Sued for privacy violations
Mobile
Cryptanalysis
RADIUS
50. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
C2
Ethernet
RSA
Data Classification