SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Stealth viruses
Privacy violations
Data Classification
Granularity
2. Identifying specific attempts to penetrate systems is the function of the _______________.
Acceptance - Transfer - Mitigate
Intrusion Detection System
Information Security policies
RADIUS
3. A true network security audit does include an audit for _____________
modems
Buffer Overflow
Salami attack
Steps in handling incidents
4. __________ is the most famous Unix password cracking tool.
Assignment
CRACK
Quantitative analysis
Accountability
5. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Information
Hoaxes
C2
involves only computer to computer transactions
6. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Wild
Data Classification
Stealth viruses
PGP
7. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Confidentiality - Availability -Integrity of data
Polymorphic
Macro
Directive
8. Logon and Logoff - Use of User Rights - Security Policy Change
NT Audit events
Presentation Layer - L6
Steps in handling incidents
Sniffer
9. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
Detective
Logic bombs
Certificate
10. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
A PGP Signed message
Salami attack
Depcrypting
11. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Warning banners
Social Engineering
SYN Flooding
Preserve electronic evidence and protect it from any alteration
12. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Risk assessment
CERT - SANS - CERIAS - COAST
Hoaxes
involves only computer to computer transactions
13. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Passfilt.dll
Unix / Linux based security tools?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
product development life cycle
14. MD5 is a ___________ algorithm
Unix / Linux based security tools?
Man In The Middle
CERT - SANS - CERIAS - COAST
One way hash
15. These should be done on a weekly basis
Decentralized access control
Buffer Overflow
Virus definition downloads and system virus scans
Symmetric algorithm
16. Public keys are used for encrypting messages and private keys are used for __________messages.
PGP
Residual risk
Depcrypting
SLE - Single Loss Expectancy
17. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Passwords
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Business enabler
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
18. RSA is not based on a ________
Symmetric algorithm
Test virus
Passive network attack
CRACK
19. So far - no one has been able to crack the ____________ with Brute Force.
Authentication
IDEA algorithm
Protection of data from unauthorized users
Sued for privacy violations
20. Smart cards are a secure alternative to which weak security mechanism?
Passwords
CERT - SANS - CERIAS - COAST
Preserve electronic evidence and protect it from any alteration
RADIUS
21. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Passwords
Layer 7 - Application
Gathering digital evidence
CVE - Common Vulnerabilities and Exposures
22. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Warning banners
Intentions of the perpetrator
Gathering digital evidence
ISO
23. Wiretapping is an example of a ________.
Verisign - Microsoft - Dell
SET
involves only computer to computer transactions
Passive network attack
24. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Multi-partite viruses
RSA
Password audit
Assignment
25. The ability to adjust access control to the exact amount of permission necessary is called ______________.
CRACK
Granularity
Residual risk
ISO
26. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
CVE - Common Vulnerabilities and Exposures
Less secure
X.509
SET
27. The most secure method for storing backup tapes is?
Not rigid
Off site in a climate controlled area
Host based - network based
Depcrypting
28. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Presentation Layer - L6
Symmetric algorithm
Warning banners
MAC - Mandatory Access Control
29. A ______________ is an electronically generated record that ties a user's ID to their public key.
a good password policy
Less secure
Certificate
Quantitative analysis
30. Companies can now be __________ just as easily as they can be sued for security compromises.
Wild
Password audit
ISO
Sued for privacy violations
31. ______________ is a Unix security scanning tool developed at Texas A&M university.
Privacy violations
TIGER
Unix / Linux based security tools?
Polymorphic
32. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
PGP
Salami attack
Risk assessment
33. An attempt to break an encryption algorithm is called _____________.
Mobile
involves only computer to computer transactions
Cryptanalysis
Passfilt.dll
34. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Test virus
modems
SET
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
35. A formula used in Quantitative risk analysis
SLE - Single Loss Expectancy
Not very difficult to break.
Verisign - Microsoft - Dell
SSL
36. This free (for personal use) program is used to encrypt and decrypt emails.
Confidentiality - Availability -Integrity of data
PGP
SYN Flooding
Cisco
37. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
a good password policy
Configuration Control
CERT - SANS - CERIAS - COAST
38. The ability to identify and audit a user and his / her actions is known as ____________.
Accountability
RADIUS
Passfilt.dll
Email
39. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
CVE - Common Vulnerabilities and Exposures
Biometrics
a good password policy
40. Examples of One- Time Password technology
TIGER
Passwords
Directive
S/Key - OPIE
41. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Buffer Overflow
Intrusion Detection System
128
To make user certificates available to others
42. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Environmental
NT Audit events
DAC - Discretionary Access Control
Not rigid
43. Which of the following is NOT and encryption algorithm?
PGP
Presentation Layer - L6
Test virus
SSL
44. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Main goal of a risk management program
CERT - SANS - CERIAS - COAST
To make user certificates available to others
SET
45. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Host based - network based
Cryptanalysis
Macro
Hackers and crackers
46. ________ is the authoritative entity which lists port assignments
IANA
Hoaxes
DSS - Digital Signature Standard
Information
47. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Confidentiality
DSS - Digital Signature Standard
One way hash
RADIUS
48. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
product development life cycle
CHAP
Assignment
Granularity
49. A Security Reference Monitor relates to which DoD security standard?
Cramming
Separation of Duties
Less secure
C2
50. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
PGP
Information Security policies
Residual risk
DSS - Digital Signature Standard