SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attempt to break an encryption algorithm is called _____________.
Stealth viruses
product development life cycle
Cryptanalysis
SET
2. Digital Certificates use which protocol?
CHAP
X.509
Environmental
Accountability
3. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
CRACK
Directive
Risk Equation
Social Engineering
4. Which range defines 'well known ports?'
Information Security policies
128
0-1023
Quantitative analysis
5. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
All
Hackers and crackers
Fixed length
Cramming
6. These should be done on a weekly basis
Information
Virus definition downloads and system virus scans
Verisign - Microsoft - Dell
Log files
7. The most secure method for storing backup tapes is?
Email
Warning Banner
Off site in a climate controlled area
IPSEC
8. Data being delivered from the source to the intended receiver without being altered
DAC - Discretionary Access Control
Verisign - Microsoft - Dell
MAC - Mandatory Access Control
Protection of data from unauthorized users
9. Information security policies are a ___________________.
Business enabler
Available service ports
Configuration Control
Log files
10. Wiretapping is an example of a ________.
Sued for privacy violations
Passive network attack
product development life cycle
Depcrypting
11. ______________ is a major component of an overall risk management program.
Not very difficult to break.
Risk assessment
Email
run applications as generic accounts with little or no privileges.
12. Organizations that can be a valid Certificate Authority (CA)
Stateful Inspection
Verisign - Microsoft - Dell
MAC - Mandatory Access Control
0-1023
13. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
CVE - Common Vulnerabilities and Exposures
Directive
Hoaxes
Man In The Middle
14. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
SYN Flooding
Data Hiding
Hoaxes
Test virus
15. Countermeasures address security concerns in this category
SET
X.509
Information
Quantitative analysis
16. _______________ supply AV engines with false information to avoid detection
Symmetric algorithm
Stealth viruses
Macro
Personal Firewall - IDS - host based - Antivirus
17. One method that can reduce exposure to malicious code is to ___________________
Layer 7 - Application
run applications as generic accounts with little or no privileges.
Off site in a climate controlled area
PGP
18. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
C2
Environmental
Authentication
Warning Banner
19. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Quantitative analysis
Less secure
product development life cycle
NT Audit events
20. A formula used in Quantitative risk analysis
Authentication
Preserve electronic evidence and protect it from any alteration
Social Engineering
SLE - Single Loss Expectancy
21. So far - no one has been able to crack the ____________ with Brute Force.
Buffer Overflow
Payload
IDEA algorithm
Data Hiding
22. The ultimate goal of a computer forensics specialist is to ___________________.
CRACK
Stateful Inspection
Configuration Control
Preserve electronic evidence and protect it from any alteration
23. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Sniffer
Stealth viruses
Biometrics
Prevent - Recover - Detect
24. Combine both boot and file virus behavior
Not very difficult to break.
Multi-partite viruses
Detective
CRACK
25. Vulnerability x Threat = RISK is an example of the _______________.
Risk Equation
Verisign - Microsoft - Dell
Hoaxes
Sniffer
26. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Configuration Control
Wild
Granularity
Certificate
27. This free (for personal use) program is used to encrypt and decrypt emails.
Information
PGP
CVE - Common Vulnerabilities and Exposures
Stealth viruses
28. Logon and Logoff - Use of User Rights - Security Policy Change
CVE - Common Vulnerabilities and Exposures
NT Audit events
Man In The Middle
PGP
29. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Buffer Overflow
Cryptanalysis
Intrusion Detection System
All
30. Today - ______________ are almost as serious as security violations
Privacy violations
Also
Steps in handling incidents
TIGER
31. Examples of One- Time Password technology
S/Key - OPIE
Passfilt.dll
Separation of Duties
Cryptanalysis
32. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Verisign - Microsoft - Dell
Information
Assignment
Virus definition downloads and system virus scans
33. Contain - Recover - Review - Identify - Prepare
Privacy violations
Steps in handling incidents
Intentions of the perpetrator
Buffer Overflow
34. There are 5 classes of IP addresses available - but only 3 classes are in common use today
0-1023
Verisign - Microsoft - Dell
Password audit
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
35. Ways to deal with risk.
Data Hiding
Acceptance - Transfer - Mitigate
IPSEC
Warning banners
36. They specifically target telephone networks
TIGER
Phreaks
Information
Accountability
37. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Information Security policies
Host based - network based
Main goal of a risk management program
involves only computer to computer transactions
38. Cable modems are ___________than DSL connections
Stealth viruses
Less secure
Phreaks
Passwords
39. Identifying specific attempts to penetrate systems is the function of the _______________.
Password audit
Intrusion Detection System
Man In The Middle
CHAP
40. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Detective
Stateful Inspection
CHAP
ISO
41. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Certificate
Cramming
Accountability
Passive network attack
42. Main goals of an information security program
Residual risk
Assignment
Layer 3 - Host to Host
Confidentiality - Availability -Integrity of data
43. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Preserve electronic evidence and protect it from any alteration
CERT - SANS - CERIAS - COAST
Wild
NT Audit events
44. A one way hash converts a string of random length into a _______________ encrypted string.
NT Audit events
Fixed length
Man In The Middle
DAC - Discretionary Access Control
45. The ability to identify and audit a user and his / her actions is known as ____________.
Cramming
NFS
All
Accountability
46. ____ members of the staff need to be educated in disaster recovery procedures.
ISO
All
Biometrics
SSL
47. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Layer 3 - Host to Host
Not rigid
Depcrypting
Protection of data from unauthorized users
48. A standardized list of the most common security weaknesses and exploits is the __________.
CVE - Common Vulnerabilities and Exposures
Sniffer
Prevent - Recover - Detect
Passwords
49. What is the main difference between computer abuse and computer crime?
DSS - Digital Signature Standard
Data Classification
Intentions of the perpetrator
involves only computer to computer transactions
50. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Not rigid
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Hackers and crackers
involves only computer to computer transactions