SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The __________ is the most dangerous part of a virus program.
Data Classification
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Available service ports
Payload
2. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Verisign - Microsoft - Dell
CERT - SANS - CERIAS - COAST
Authentication
IDEA algorithm
3. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
IPSEC
Risk assessment
product development life cycle
SSL
4. A one way hash converts a string of random length into a _______________ encrypted string.
Passfilt.dll
Fixed length
Certificate
Macro
5. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
Protection of data from unauthorized users
Accountability
Layer 3 - Host to Host
6. MD5 is a ___________ algorithm
Cisco
Configuration Control
One way hash
Personal Firewall - IDS - host based - Antivirus
7. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Cryptanalysis
Polymorphic
Detective
IPSEC
8. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Gathering digital evidence
Separation of Duties
product development life cycle
9. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Quantitative analysis
Buffer Overflow
Cryptanalysis
RSA
10. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Gathering digital evidence
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Data Hiding
Directive
11. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Cisco
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
CHAP
IDEA algorithm
12. Which range defines 'well known ports?'
SLE - Single Loss Expectancy
Environmental
0-1023
All
13. Examples of One- Time Password technology
S/Key - OPIE
Available service ports
Main goal of a risk management program
Steps in handling incidents
14. Logon and Logoff - Use of User Rights - Security Policy Change
Off site in a climate controlled area
RADIUS
NT Audit events
Available service ports
15. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Sued for privacy violations
128
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Social Engineering
16. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Authentication
Layer 7 - Application
Reboot or system startup
Host based - network based
17. DES - Data Encryption standard has a 128 bit key and is ________
0-1023
RADIUS
SSL
Not very difficult to break.
18. Cable modems are ___________than DSL connections
A PGP Signed message
Less secure
Business enabler
To make user certificates available to others
19. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
Hackers and crackers
To make user certificates available to others
DSS - Digital Signature Standard
20. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Passwords
Directive
X.509
Confidentiality
21. IKE - Internet Key Exchange is often used in conjunction with what security standard?
IPSEC
Not rigid
CVE - Common Vulnerabilities and Exposures
Risk assessment
22. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Hackers and crackers
Authentication
Macro
Quantitative analysis
23. What is the main difference between computer abuse and computer crime?
Environmental
Intentions of the perpetrator
One way hash
Accountability
24. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Multi-partite viruses
run applications as generic accounts with little or no privileges.
Stateful Inspection
Also
25. The ultimate goal of a computer forensics specialist is to ___________________.
128
Log files
SLE - Single Loss Expectancy
Preserve electronic evidence and protect it from any alteration
26. Stealth viruses live in memory while __________ are written to disk
0-1023
Logic bombs
Granularity
Wild
27. ____________ is a file system that was poorly designed and has numerous security flaws.
Users can gain access to any resource upon request (assuming they have proper permissions)
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Verisign - Microsoft - Dell
NFS
28. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
product development life cycle
Environmental
Confidentiality
Unix / Linux based security tools?
29. Combine both boot and file virus behavior
Acceptance - Transfer - Mitigate
Multi-partite viruses
product development life cycle
Steps in handling incidents
30. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
CRACK
DAC - Discretionary Access Control
Not rigid
Data Classification
31. Which layer of the OSI model handles encryption?
Verisign - Microsoft - Dell
Payload
Presentation Layer - L6
Prevent - Recover - Detect
32. _______________ supply AV engines with false information to avoid detection
Also
Stealth viruses
product development life cycle
Configuration Control
33. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Available service ports
ISO
X.509
Off site in a climate controlled area
34. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
SLE - Single Loss Expectancy
A PGP Signed message
Protection of data from unauthorized users
Not rigid
35. To help managers find the correct cost balance between risks and countermeasures
Stealth viruses
Risk Equation
Main goal of a risk management program
Not very difficult to break.
36. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
Layer 3 - Host to Host
IANA
Residual risk
37. RSA is not based on a ________
Cryptanalysis
Information Security policies
Symmetric algorithm
Passwords
38. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Environmental
To make user certificates available to others
Passfilt.dll
Authentication
39. There are 65536 _________
Ethernet
Available service ports
Warning banners
Environmental
40. An intrusion detection system is an example of what type of countermeasure?
CERT - SANS - CERIAS - COAST
Detective
Payload
RSA
41. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Not very difficult to break.
One way hash
IPSEC
Granularity
42. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Information Security policies
Certificate
MAC - Mandatory Access Control
Sued for privacy violations
43. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Intentions of the perpetrator
Mobile
Host based - network based
IDEA algorithm
44. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Authorization
Warning banners
Password audit
Man In The Middle
45. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Steps in handling incidents
Virus definition downloads and system virus scans
Not rigid
Biometrics
46. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Verisign - Microsoft - Dell
Residual risk
Hoaxes
Accountability
47. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Personal Firewall - IDS - host based - Antivirus
CHAP
DAC - Discretionary Access Control
CRACK
48. A true network security audit does include an audit for _____________
Macro
modems
product development life cycle
Cryptanalysis
49. A formula used in Quantitative risk analysis
Configuration Control
Email
SLE - Single Loss Expectancy
Layer 3 - Host to Host
50. Countermeasures address security concerns in this category
Information
Cramming
Polymorphic
NT Audit events
