SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Assignment
Separation of Duties
Hackers and crackers
product development life cycle
2. Remote Access Dial-in User Service
RADIUS
IANA
Layer 7 - Application
Separation of Duties
3. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
involves only computer to computer transactions
Warning Banner
Sniffer
Steps in handling incidents
4. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Warning banners
NFS
Mobile
Depcrypting
5. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
CRACK
SET
Cramming
Information Security policies
6. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
CHAP
IPSEC
Layer 3 - Host to Host
Password audit
7. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Fixed length
Buffer Overflow
Available service ports
Biometrics
8. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Hoaxes
a good password policy
ISO
Email
9. Contain - Recover - Review - Identify - Prepare
run applications as generic accounts with little or no privileges.
Password audit
Steps in handling incidents
PGP
10. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Password audit
Salami attack
a good password policy
Host based - network based
11. Which of the concepts best describes Availability in relation to computer resources?
IDEA algorithm
Available service ports
Acceptance - Transfer - Mitigate
Users can gain access to any resource upon request (assuming they have proper permissions)
12. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Prevent - Recover - Detect
Steps in handling incidents
Macro
To make user certificates available to others
13. Name two types of Intrusion Detection Systems
Business enabler
SYN Flooding
Granularity
Host based - network based
14. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Man In The Middle
RADIUS
CERT - SANS - CERIAS - COAST
IPSEC
15. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
CHAP
Authentication
Passfilt.dll
IANA
16. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Cramming
Test virus
Decentralized access control
DAC - Discretionary Access Control
17. Logon and Logoff - Use of User Rights - Security Policy Change
NT Audit events
Users can gain access to any resource upon request (assuming they have proper permissions)
Sued for privacy violations
RADIUS
18. Ways to deal with risk.
Wild
Cryptanalysis
Acceptance - Transfer - Mitigate
Cisco
19. _______________ supply AV engines with false information to avoid detection
Stealth viruses
IDEA algorithm
Passwords
Accountability
20. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Business enabler
IANA
Host based - network based
RSA
21. Macintosh computers are _____ at risk for receiving viruses.
Warning banners
All
Also
Privacy violations
22. Which layer of the OSI model handles encryption?
Environmental
Presentation Layer - L6
Main goal of a risk management program
Test virus
23. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Sniffer
Unix / Linux based security tools?
Layer 3 - Host to Host
DAC - Discretionary Access Control
24. Information security policies are a ___________________.
Intrusion Detection System
Information
Business enabler
Off site in a climate controlled area
25. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
ISO
Warning banners
Authentication
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
26. The most secure method for storing backup tapes is?
Payload
Buffer Overflow
ISO
Off site in a climate controlled area
27. __________ is the most famous Unix password cracking tool.
CRACK
PGP
Passwords
C2
28. A Security Reference Monitor relates to which DoD security standard?
Hackers and crackers
PGP
DSS - Digital Signature Standard
C2
29. One method that can reduce exposure to malicious code is to ___________________
Business enabler
run applications as generic accounts with little or no privileges.
Verisign - Microsoft - Dell
Wild
30. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
CERT - SANS - CERIAS - COAST
Configuration Control
Log files
31. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
To make user certificates available to others
Stateful Inspection
Off site in a climate controlled area
Hoaxes
32. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
IPSEC
To make user certificates available to others
Ethernet
Accountability
33. Today - ______________ are almost as serious as security violations
Data Classification
Email
Privacy violations
Passfilt.dll
34. Companies can now be __________ just as easily as they can be sued for security compromises.
Sued for privacy violations
Risk Equation
Protection of data from unauthorized users
Information
35. HTTP - FTP - SMTP reside at which layer of the OSI model?
Layer 7 - Application
128
Passfilt.dll
Risk assessment
36. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Information
Not rigid
ISO
Passive network attack
37. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Authorization
NFS
MAC - Mandatory Access Control
SSL
38. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Residual risk
Assignment
Information
ISO
39. This free (for personal use) program is used to encrypt and decrypt emails.
Certificate
PGP
DAC - Discretionary Access Control
Passfilt.dll
40. An attempt to break an encryption algorithm is called _____________.
RADIUS
Cryptanalysis
Reboot or system startup
Mobile
41. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Stateful Inspection
Information
involves only computer to computer transactions
IANA
42. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Data Hiding
Less secure
Cramming
Passwords
43. To help managers find the correct cost balance between risks and countermeasures
Privacy violations
Main goal of a risk management program
Environmental
Multi-partite viruses
44. A boot sector virus goes to work when what event takes place?
Reboot or system startup
One way hash
Polymorphic
X.509
45. ______________ is a Unix security scanning tool developed at Texas A&M university.
Granularity
TIGER
Quantitative analysis
Authentication
46. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Social Engineering
All
CHAP
Granularity
47. A ______________ is an electronically generated record that ties a user's ID to their public key.
Certificate
Not rigid
Virus definition downloads and system virus scans
Information Security policies
48. Organizations that can be a valid Certificate Authority (CA)
Stealth viruses
Also
Verisign - Microsoft - Dell
Layer 3 - Host to Host
49. The __________ is the most dangerous part of a virus program.
PGP
Payload
Hoaxes
CERT - SANS - CERIAS - COAST
50. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Intentions of the perpetrator
One way hash
Assignment
Business enabler
