SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ is the most famous Unix password cracking tool.
A PGP Signed message
Log files
CRACK
DSS - Digital Signature Standard
2. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
All
Risk assessment
Buffer Overflow
Personal Firewall - IDS - host based - Antivirus
3. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Intrusion Detection System
involves only computer to computer transactions
Residual risk
a good password policy
4. Ways to deal with risk.
Configuration Control
CHAP
Acceptance - Transfer - Mitigate
CERT - SANS - CERIAS - COAST
5. ____________ is a file system that was poorly designed and has numerous security flaws.
Man In The Middle
Not rigid
NFS
128
6. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Detective
Confidentiality - Availability -Integrity of data
product development life cycle
128
7. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
A PGP Signed message
Quantitative analysis
Not very difficult to break.
Cisco
8. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
To make user certificates available to others
Intrusion Detection System
Ethernet
Gathering digital evidence
9. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Acceptance - Transfer - Mitigate
PGP
Data Classification
Unix / Linux based security tools?
10. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Decentralized access control
DAC - Discretionary Access Control
S/Key - OPIE
11. Today - ______________ are almost as serious as security violations
Privacy violations
RADIUS
Reboot or system startup
Logic bombs
12. __________ is a tool used by network administrators to capture packets from a network.
Depcrypting
Confidentiality - Availability -Integrity of data
Residual risk
Sniffer
13. DES - Data Encryption standard has a 128 bit key and is ________
Not very difficult to break.
Logic bombs
Not rigid
Virus definition downloads and system virus scans
14. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Residual risk
Log files
Biometrics
SYN Flooding
15. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Environmental
Configuration Control
SLE - Single Loss Expectancy
Depcrypting
16. A ______________ is an electronically generated record that ties a user's ID to their public key.
S/Key - OPIE
Certificate
Quantitative analysis
Data Classification
17. Committing computer crimes in such small doses that they almost go unnoticed.
Salami attack
Passfilt.dll
Payload
MAC - Mandatory Access Control
18. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Data Hiding
Confidentiality - Availability -Integrity of data
Available service ports
Intrusion Detection System
19. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Macro
Layer 7 - Application
Cramming
S/Key - OPIE
20. Which of the following is NOT and encryption algorithm?
Confidentiality
run applications as generic accounts with little or no privileges.
SSL
Detective
21. They specifically target telephone networks
Intrusion Detection System
Confidentiality - Availability -Integrity of data
Cryptanalysis
Phreaks
22. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Granularity
Buffer Overflow
IPSEC
Mobile
23. Wiretapping is an example of a ________.
Certificate
NT Audit events
Wild
Passive network attack
24. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Directive
run applications as generic accounts with little or no privileges.
IDEA algorithm
Authentication
25. The ultimate goal of a computer forensics specialist is to ___________________.
ISO
To make user certificates available to others
Multi-partite viruses
Preserve electronic evidence and protect it from any alteration
26. The most secure method for storing backup tapes is?
TIGER
Off site in a climate controlled area
Data Classification
SYN Flooding
27. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Separation of Duties
Privacy violations
SYN Flooding
CHAP
28. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Residual risk
Layer 7 - Application
Multi-partite viruses
Not very difficult to break.
29. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
0-1023
run applications as generic accounts with little or no privileges.
Gathering digital evidence
30. The ability to identify and audit a user and his / her actions is known as ____________.
Users can gain access to any resource upon request (assuming they have proper permissions)
Accountability
MAC - Mandatory Access Control
SSL
31. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Not rigid
Macro
TIGER
SYN Flooding
32. _______________ supply AV engines with false information to avoid detection
run applications as generic accounts with little or no privileges.
0-1023
Stealth viruses
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
33. Public keys are used for encrypting messages and private keys are used for __________messages.
IPSEC
Preserve electronic evidence and protect it from any alteration
Depcrypting
SYN Flooding
34. Which layer of the OSI model handles encryption?
involves only computer to computer transactions
IDEA algorithm
Presentation Layer - L6
Reboot or system startup
35. Information security policies are a ___________________.
Acceptance - Transfer - Mitigate
Passive network attack
Business enabler
Multi-partite viruses
36. MD5 is a ___________ algorithm
Acceptance - Transfer - Mitigate
To make user certificates available to others
One way hash
Logic bombs
37. An attempt to break an encryption algorithm is called _____________.
Cryptanalysis
Logic bombs
RSA
Layer 7 - Application
38. Vulnerability x Threat = RISK is an example of the _______________.
Not rigid
Environmental
Authentication
Risk Equation
39. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
Macro
Email
Users can gain access to any resource upon request (assuming they have proper permissions)
40. These should be done on a weekly basis
DAC - Discretionary Access Control
Off site in a climate controlled area
Risk Equation
Virus definition downloads and system virus scans
41. So far - no one has been able to crack the ____________ with Brute Force.
Acceptance - Transfer - Mitigate
Hoaxes
IDEA algorithm
Payload
42. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
DAC - Discretionary Access Control
Multi-partite viruses
Wild
Social Engineering
43. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Privacy violations
Social Engineering
Residual risk
44. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Warning banners
IPSEC
Symmetric algorithm
Quantitative analysis
45. Name two types of Intrusion Detection Systems
Accountability
RADIUS
Host based - network based
Symmetric algorithm
46. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Gathering digital evidence
Mobile
CRACK
Intentions of the perpetrator
47. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
SET
Log files
Symmetric algorithm
Host based - network based
48. ___________________ is responsible for creating security policies and for communicating those policies to system users.
TIGER
Off site in a climate controlled area
ISO
Available service ports
49. Which organization(s) are responsible for the timely distribution of information security intelligence data?
C2
CERT - SANS - CERIAS - COAST
Biometrics
Reboot or system startup
50. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Verisign - Microsoft - Dell
SET
Salami attack
Quantitative analysis