SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
CHAP
Ethernet
Passfilt.dll
Social Engineering
2. To help managers find the correct cost balance between risks and countermeasures
MAC - Mandatory Access Control
Main goal of a risk management program
Layer 3 - Host to Host
A PGP Signed message
3. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Data Hiding
Assignment
involves only computer to computer transactions
ISO
4. Main goals of an information security program
Hackers and crackers
Confidentiality - Availability -Integrity of data
Configuration Control
Information Security policies
5. A formula used in Quantitative risk analysis
SLE - Single Loss Expectancy
Residual risk
SET
Reboot or system startup
6. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Phreaks
Assignment
Steps in handling incidents
SET
7. Wiretapping is an example of a ________.
modems
Decentralized access control
Passive network attack
Cisco
8. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
Acceptance - Transfer - Mitigate
Fixed length
Payload
9. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
involves only computer to computer transactions
product development life cycle
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Gathering digital evidence
10. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Prevent - Recover - Detect
Unix / Linux based security tools?
Buffer Overflow
Configuration Control
11. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Hackers and crackers
Wild
Warning Banner
Authorization
12. Companies can now be __________ just as easily as they can be sued for security compromises.
Presentation Layer - L6
Sued for privacy violations
Hoaxes
RADIUS
13. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Multi-partite viruses
Wild
Test virus
Passfilt.dll
14. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Intrusion Detection System
NFS
Fixed length
RSA
15. Allows File owners to determine access rights.
Stealth viruses
Decentralized access control
Presentation Layer - L6
Man In The Middle
16. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
MAC - Mandatory Access Control
Stateful Inspection
128
Presentation Layer - L6
17. Committing computer crimes in such small doses that they almost go unnoticed.
Salami attack
All
involves only computer to computer transactions
Confidentiality - Availability -Integrity of data
18. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
TIGER
DSS - Digital Signature Standard
Not rigid
PGP
19. Ways to deal with risk.
Directive
Stealth viruses
SYN Flooding
Acceptance - Transfer - Mitigate
20. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Passive network attack
Cramming
involves only computer to computer transactions
Authentication
21. ______________ is a major component of an overall risk management program.
DSS - Digital Signature Standard
Cisco
Risk assessment
Confidentiality - Availability -Integrity of data
22. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Depcrypting
DAC - Discretionary Access Control
Stateful Inspection
Directive
23. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
Directive
ISO
Also
24. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Reboot or system startup
S/Key - OPIE
Macro
DSS - Digital Signature Standard
25. Combine both boot and file virus behavior
product development life cycle
Privacy violations
Multi-partite viruses
Personal Firewall - IDS - host based - Antivirus
26. MD5 is a ___________ algorithm
RSA
CVE - Common Vulnerabilities and Exposures
One way hash
Gathering digital evidence
27. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Mobile
Man In The Middle
Log files
DSS - Digital Signature Standard
28. This free (for personal use) program is used to encrypt and decrypt emails.
Privacy violations
PGP
IANA
SSL
29. Name two types of Intrusion Detection Systems
Host based - network based
SSL
Layer 3 - Host to Host
Granularity
30. ____ members of the staff need to be educated in disaster recovery procedures.
IDEA algorithm
Not rigid
All
Hackers and crackers
31. Accounting - Authentication - and ____________ are the AAAs of information security.
Risk assessment
Confidentiality - Availability -Integrity of data
Hackers and crackers
Authorization
32. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Information Security policies
0-1023
Layer 7 - Application
Reboot or system startup
33. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Confidentiality - Availability -Integrity of data
Accountability
Test virus
Log files
34. A boot sector virus goes to work when what event takes place?
run applications as generic accounts with little or no privileges.
IDEA algorithm
Reboot or system startup
Macro
35. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Authentication
Separation of Duties
Directive
Intentions of the perpetrator
36. So far - no one has been able to crack the ____________ with Brute Force.
RADIUS
CHAP
IDEA algorithm
SSL
37. __________ is a tool used by network administrators to capture packets from a network.
Email
Sniffer
X.509
SSL
38. Data being delivered from the source to the intended receiver without being altered
Protection of data from unauthorized users
All
RADIUS
Business enabler
39. There are 65536 _________
SLE - Single Loss Expectancy
Available service ports
Information
Assignment
40. __________ is the most famous Unix password cracking tool.
CRACK
Prevent - Recover - Detect
Privacy violations
Depcrypting
41. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
IANA
Ethernet
Verisign - Microsoft - Dell
RSA
42. Which range defines 'well known ports?'
Sniffer
Not very difficult to break.
0-1023
Also
43. Today - ______________ are almost as serious as security violations
Privacy violations
CRACK
DAC - Discretionary Access Control
Passive network attack
44. The ultimate goal of a computer forensics specialist is to ___________________.
Confidentiality
Man In The Middle
Preserve electronic evidence and protect it from any alteration
RSA
45. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Information Security policies
Symmetric algorithm
Intentions of the perpetrator
Assignment
46. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Layer 3 - Host to Host
DSS - Digital Signature Standard
Cryptanalysis
Buffer Overflow
47. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Payload
Personal Firewall - IDS - host based - Antivirus
Biometrics
Passwords
48. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Virus definition downloads and system virus scans
RADIUS
Sued for privacy violations
Environmental
49. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
involves only computer to computer transactions
Certificate
a good password policy
PGP
50. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Layer 7 - Application
Email
Log files
SYN Flooding