SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Digital Certificates use which protocol?
X.509
Cisco
Less secure
SET
2. A true network security audit does include an audit for _____________
CRACK
C2
RSA
modems
3. Which of the concepts best describes Availability in relation to computer resources?
Users can gain access to any resource upon request (assuming they have proper permissions)
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Residual risk
IPSEC
4. The IDEA algorithm (used in PGP) is _______ bits long.
Information Security policies
128
All
Unix / Linux based security tools?
5. Main goals of an information security program
Passwords
Confidentiality - Availability -Integrity of data
Less secure
Host based - network based
6. Which range defines 'well known ports?'
Hackers and crackers
0-1023
Prevent - Recover - Detect
PGP
7. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
IPSEC
CRACK
Environmental
Cryptanalysis
8. Identifying specific attempts to penetrate systems is the function of the _______________.
Fixed length
Password audit
Intrusion Detection System
IDEA algorithm
9. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Not very difficult to break.
Granularity
SSL
Logic bombs
10. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Residual risk
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
One way hash
Multi-partite viruses
11. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
C2
Passfilt.dll
128
Not very difficult to break.
12. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Data Classification
Social Engineering
Test virus
Not very difficult to break.
13. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Data Classification
modems
CHAP
Quantitative analysis
14. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
S/Key - OPIE
Passfilt.dll
Stealth viruses
Residual risk
15. So far - no one has been able to crack the ____________ with Brute Force.
Passwords
Log files
IDEA algorithm
C2
16. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
A PGP Signed message
Warning banners
Data Hiding
Environmental
17. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Hackers and crackers
CHAP
All
18. To help managers find the correct cost balance between risks and countermeasures
Quantitative analysis
Fixed length
Main goal of a risk management program
Depcrypting
19. Data being delivered from the source to the intended receiver without being altered
TIGER
Acceptance - Transfer - Mitigate
Protection of data from unauthorized users
modems
20. __________ is the most famous Unix password cracking tool.
Configuration Control
NT Audit events
All
CRACK
21. Name two types of Intrusion Detection Systems
Host based - network based
To make user certificates available to others
Cryptanalysis
Separation of Duties
22. MD5 is a ___________ algorithm
One way hash
X.509
Data Hiding
Buffer Overflow
23. ________ is the authoritative entity which lists port assignments
IANA
Business enabler
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Cryptanalysis
24. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Depcrypting
Separation of Duties
Assignment
Log files
25. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Passwords
Wild
Buffer Overflow
Available service ports
26. A boot sector virus goes to work when what event takes place?
Reboot or system startup
modems
Mobile
Polymorphic
27. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Accountability
Intentions of the perpetrator
Test virus
28. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
C2
Email
Personal Firewall - IDS - host based - Antivirus
DAC - Discretionary Access Control
29. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Configuration Control
C2
DSS - Digital Signature Standard
Salami attack
30. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
CHAP
Assignment
Confidentiality
Multi-partite viruses
31. It is difficult to prosecute a computer criminal if _________ are not deployed
Intentions of the perpetrator
RSA
Warning banners
Protection of data from unauthorized users
32. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Authorization
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Acceptance - Transfer - Mitigate
33. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Risk assessment
Main goal of a risk management program
Password audit
Email
34. Which layer of the OSI model handles encryption?
Logic bombs
Prevent - Recover - Detect
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Presentation Layer - L6
35. DES - Data Encryption standard has a 128 bit key and is ________
Not very difficult to break.
IDEA algorithm
Decentralized access control
Presentation Layer - L6
36. Examples of One- Time Password technology
CVE - Common Vulnerabilities and Exposures
X.509
S/Key - OPIE
Hoaxes
37. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Detective
Decentralized access control
Gathering digital evidence
NFS
38. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Wild
Preserve electronic evidence and protect it from any alteration
Not very difficult to break.
39. Which organization(s) are responsible for the timely distribution of information security intelligence data?
TIGER
Privacy violations
CERT - SANS - CERIAS - COAST
RADIUS
40. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
product development life cycle
Separation of Duties
Available service ports
Intrusion Detection System
41. Combine both boot and file virus behavior
a good password policy
Privacy violations
Risk assessment
Multi-partite viruses
42. The most secure method for storing backup tapes is?
Off site in a climate controlled area
Virus definition downloads and system virus scans
Log files
To make user certificates available to others
43. A formula used in Quantitative risk analysis
ISO
Multi-partite viruses
SSL
SLE - Single Loss Expectancy
44. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Information Security policies
Steps in handling incidents
Data Classification
Less secure
45. A ______________ is an electronically generated record that ties a user's ID to their public key.
Certificate
involves only computer to computer transactions
RSA
SET
46. ______________ relates to the concept of protecting data from unauthorized users.
Personal Firewall - IDS - host based - Antivirus
product development life cycle
CVE - Common Vulnerabilities and Exposures
Confidentiality
47. ______________ is a Unix security scanning tool developed at Texas A&M university.
Logic bombs
DAC - Discretionary Access Control
Protection of data from unauthorized users
TIGER
48. ____________ is a file system that was poorly designed and has numerous security flaws.
Risk assessment
Sued for privacy violations
Depcrypting
NFS
49. Companies can now be __________ just as easily as they can be sued for security compromises.
Protection of data from unauthorized users
Intrusion Detection System
RSA
Sued for privacy violations
50. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Business enabler
Main goal of a risk management program
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
run applications as generic accounts with little or no privileges.
