SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ is a tool used by network administrators to capture packets from a network.
Social Engineering
Presentation Layer - L6
Sniffer
MAC - Mandatory Access Control
2. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Salami attack
To make user certificates available to others
Business enabler
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
3. The IDEA algorithm (used in PGP) is _______ bits long.
128
Wild
SLE - Single Loss Expectancy
Available service ports
4. An attempt to break an encryption algorithm is called _____________.
RSA
Phreaks
Cryptanalysis
SYN Flooding
5. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Environmental
TIGER
involves only computer to computer transactions
RADIUS
6. Countermeasures' main objectives
Biometrics
Prevent - Recover - Detect
Quantitative analysis
Wild
7. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Information Security policies
Less secure
A PGP Signed message
Cisco
8. Logon and Logoff - Use of User Rights - Security Policy Change
NT Audit events
product development life cycle
S/Key - OPIE
Personal Firewall - IDS - host based - Antivirus
9. Main goals of an information security program
Password audit
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Confidentiality - Availability -Integrity of data
Decentralized access control
10. ______________ relates to the concept of protecting data from unauthorized users.
Layer 7 - Application
Ethernet
Intentions of the perpetrator
Confidentiality
11. ______________ is a major component of an overall risk management program.
A PGP Signed message
Certificate
Sniffer
Risk assessment
12. Ways to deal with risk.
Detective
Authentication
Virus definition downloads and system virus scans
Acceptance - Transfer - Mitigate
13. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
CERT - SANS - CERIAS - COAST
PGP
Passwords
Residual risk
14. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
Biometrics
Mobile
Email
15. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Certificate
Ethernet
Prevent - Recover - Detect
Authorization
16. A one way hash converts a string of random length into a _______________ encrypted string.
Fixed length
Presentation Layer - L6
Man In The Middle
PGP
17. Which layer of the OSI model handles encryption?
SLE - Single Loss Expectancy
Macro
CRACK
Presentation Layer - L6
18. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Steps in handling incidents
Data Hiding
Protection of data from unauthorized users
Personal Firewall - IDS - host based - Antivirus
19. DES - Data Encryption standard has a 128 bit key and is ________
Accountability
Not very difficult to break.
Certificate
Logic bombs
20. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Intentions of the perpetrator
Log files
Payload
Prevent - Recover - Detect
21. Digital Certificates use which protocol?
X.509
Users can gain access to any resource upon request (assuming they have proper permissions)
Hackers and crackers
DSS - Digital Signature Standard
22. ________ is the authoritative entity which lists port assignments
Intrusion Detection System
Available service ports
IANA
CERT - SANS - CERIAS - COAST
23. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
IANA
Symmetric algorithm
Not very difficult to break.
24. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Quantitative analysis
CERT - SANS - CERIAS - COAST
Password audit
SSL
25. Examples of One- Time Password technology
S/Key - OPIE
Cisco
Wild
SLE - Single Loss Expectancy
26. A true network security audit does include an audit for _____________
Confidentiality - Availability -Integrity of data
Log files
modems
run applications as generic accounts with little or no privileges.
27. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Granularity
Virus definition downloads and system virus scans
Also
MAC - Mandatory Access Control
28. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Less secure
Buffer Overflow
Environmental
Multi-partite viruses
29. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Virus definition downloads and system virus scans
product development life cycle
Intentions of the perpetrator
Warning Banner
30. Allows File owners to determine access rights.
SET
Macro
Detective
Decentralized access control
31. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Sniffer
Available service ports
SYN Flooding
involves only computer to computer transactions
32. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
Assignment
Host based - network based
modems
33. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Not rigid
All
Biometrics
Intrusion Detection System
34. S/MIME was developed for the protection of what communication mechanism(s)?
0-1023
Sniffer
Email
Passwords
35. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Salami attack
All
Layer 3 - Host to Host
36. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
Decentralized access control
Granularity
SSL
37. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Wild
Information Security policies
Main goal of a risk management program
38. ______________ is a Unix security scanning tool developed at Texas A&M university.
CVE - Common Vulnerabilities and Exposures
Warning Banner
Macro
TIGER
39. ____ members of the staff need to be educated in disaster recovery procedures.
Separation of Duties
Accountability
All
SSL
40. Countermeasures address security concerns in this category
PGP
Unix / Linux based security tools?
Information
IDEA algorithm
41. A Security Reference Monitor relates to which DoD security standard?
C2
CERT - SANS - CERIAS - COAST
Hackers and crackers
Information
42. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
C2
CVE - Common Vulnerabilities and Exposures
Authentication
43. Data being delivered from the source to the intended receiver without being altered
Email
Passfilt.dll
Business enabler
Protection of data from unauthorized users
44. A boot sector virus goes to work when what event takes place?
RADIUS
Hackers and crackers
Test virus
Reboot or system startup
45. __________ is the most famous Unix password cracking tool.
Detective
Virus definition downloads and system virus scans
CRACK
Information Security policies
46. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Polymorphic
Granularity
Steps in handling incidents
Accountability
47. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Information
Business enabler
Directive
Sued for privacy violations
48. Macintosh computers are _____ at risk for receiving viruses.
PGP
Also
Buffer Overflow
involves only computer to computer transactions
49. Today - ______________ are almost as serious as security violations
Ethernet
Also
Privacy violations
Data Hiding
50. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Stealth viruses
Business enabler
Risk Equation
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers