SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Ethernet
MAC - Mandatory Access Control
Also
IPSEC
2. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
SLE - Single Loss Expectancy
SSL
IANA
a good password policy
3. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Verisign - Microsoft - Dell
Acceptance - Transfer - Mitigate
Quantitative analysis
All
4. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
CERT - SANS - CERIAS - COAST
Mobile
Separation of Duties
IPSEC
5. One method that can reduce exposure to malicious code is to ___________________
Information
run applications as generic accounts with little or no privileges.
Salami attack
MAC - Mandatory Access Control
6. Which of the following is NOT and encryption algorithm?
ISO
SSL
Configuration Control
Directive
7. ___________________ is responsible for creating security policies and for communicating those policies to system users.
ISO
Phreaks
CVE - Common Vulnerabilities and Exposures
Prevent - Recover - Detect
8. The most secure method for storing backup tapes is?
a good password policy
Accountability
Off site in a climate controlled area
IANA
9. The __________ is the most dangerous part of a virus program.
Test virus
Payload
CERT - SANS - CERIAS - COAST
Decentralized access control
10. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Decentralized access control
Unix / Linux based security tools?
NFS
modems
11. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
SLE - Single Loss Expectancy
Stateful Inspection
Preserve electronic evidence and protect it from any alteration
Passive network attack
12. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
Unix / Linux based security tools?
Authorization
Warning banners
13. Combine both boot and file virus behavior
Multi-partite viruses
Warning Banner
Acceptance - Transfer - Mitigate
Hackers and crackers
14. Cable modems are ___________than DSL connections
Privacy violations
Less secure
0-1023
involves only computer to computer transactions
15. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
Risk Equation
Wild
IDEA algorithm
16. Companies can now be __________ just as easily as they can be sued for security compromises.
Passive network attack
Email
Sued for privacy violations
One way hash
17. Accounting - Authentication - and ____________ are the AAAs of information security.
Log files
Wild
Detective
Authorization
18. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Wild
Sued for privacy violations
Layer 3 - Host to Host
Separation of Duties
19. An intrusion detection system is an example of what type of countermeasure?
Cramming
Data Hiding
Detective
Off site in a climate controlled area
20. RSA is not based on a ________
Stateful Inspection
Symmetric algorithm
Mobile
Verisign - Microsoft - Dell
21. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
One way hash
CRACK
involves only computer to computer transactions
Man In The Middle
22. The ultimate goal of a computer forensics specialist is to ___________________.
Stealth viruses
Preserve electronic evidence and protect it from any alteration
Off site in a climate controlled area
Reboot or system startup
23. Allows File owners to determine access rights.
C2
Decentralized access control
Accountability
Authorization
24. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Risk Equation
Confidentiality - Availability -Integrity of data
DAC - Discretionary Access Control
25. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Certificate
Man In The Middle
ISO
Directive
26. Vulnerability x Threat = RISK is an example of the _______________.
Presentation Layer - L6
Accountability
Risk Equation
Cryptanalysis
27. What is the main difference between computer abuse and computer crime?
Intentions of the perpetrator
Stateful Inspection
involves only computer to computer transactions
a good password policy
28. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Confidentiality
Configuration Control
TIGER
A PGP Signed message
29. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
RSA
Logic bombs
Man In The Middle
30. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Available service ports
128
Sued for privacy violations
Biometrics
31. Ways to deal with risk.
Information
Intentions of the perpetrator
Authentication
Acceptance - Transfer - Mitigate
32. These should be done on a weekly basis
Hackers and crackers
Stateful Inspection
Virus definition downloads and system virus scans
Data Hiding
33. To help managers find the correct cost balance between risks and countermeasures
SSL
Main goal of a risk management program
Personal Firewall - IDS - host based - Antivirus
Reboot or system startup
34. Smart cards are a secure alternative to which weak security mechanism?
MAC - Mandatory Access Control
Passwords
Configuration Control
Information
35. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Wild
Cryptanalysis
Reboot or system startup
Assignment
36. This free (for personal use) program is used to encrypt and decrypt emails.
SYN Flooding
RADIUS
PGP
Passive network attack
37. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Passive network attack
run applications as generic accounts with little or no privileges.
Configuration Control
CHAP
38. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
IANA
Man In The Middle
CRACK
39. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Gathering digital evidence
a good password policy
Protection of data from unauthorized users
IDEA algorithm
40. The ability to identify and audit a user and his / her actions is known as ____________.
IDEA algorithm
Accountability
product development life cycle
a good password policy
41. ________ is the authoritative entity which lists port assignments
IANA
Privacy violations
Layer 3 - Host to Host
Configuration Control
42. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Payload
involves only computer to computer transactions
Not rigid
Also
43. Public keys are used for encrypting messages and private keys are used for __________messages.
Not very difficult to break.
run applications as generic accounts with little or no privileges.
Log files
Depcrypting
44. __________ is a tool used by network administrators to capture packets from a network.
Host based - network based
Sniffer
Password audit
Authorization
45. They specifically target telephone networks
Man In The Middle
Cryptanalysis
Phreaks
Hackers and crackers
46. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Main goal of a risk management program
Wild
DAC - Discretionary Access Control
Reboot or system startup
47. Which layer of the OSI model handles encryption?
DSS - Digital Signature Standard
Presentation Layer - L6
Log files
Salami attack
48. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
RADIUS
run applications as generic accounts with little or no privileges.
Cisco
Presentation Layer - L6
49. Identifying specific attempts to penetrate systems is the function of the _______________.
Salami attack
Intrusion Detection System
Gathering digital evidence
Environmental
50. A standardized list of the most common security weaknesses and exploits is the __________.
Residual risk
CVE - Common Vulnerabilities and Exposures
Polymorphic
Accountability
