SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ______________ is a Unix security scanning tool developed at Texas A&M university.
Not very difficult to break.
TIGER
Quantitative analysis
Layer 7 - Application
2. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
DAC - Discretionary Access Control
X.509
Intrusion Detection System
Logic bombs
3. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Buffer Overflow
SET
Passfilt.dll
Confidentiality - Availability -Integrity of data
4. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic
CVE - Common Vulnerabilities and Exposures
Prevent - Recover - Detect
Phreaks
5. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Not rigid
Reboot or system startup
Man In The Middle
One way hash
6. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Macro
Information
Multi-partite viruses
Warning Banner
7. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Authorization
Quantitative analysis
Stealth viruses
SYN Flooding
8. An attempt to break an encryption algorithm is called _____________.
run applications as generic accounts with little or no privileges.
Data Hiding
Detective
Cryptanalysis
9. DES - Data Encryption standard has a 128 bit key and is ________
Passwords
product development life cycle
Protection of data from unauthorized users
Not very difficult to break.
10. __________ is the most famous Unix password cracking tool.
Authentication
Configuration Control
CRACK
All
11. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Email
Accountability
Macro
CHAP
12. Macintosh computers are _____ at risk for receiving viruses.
Logic bombs
Also
0-1023
Multi-partite viruses
13. What is the main difference between computer abuse and computer crime?
Environmental
Intentions of the perpetrator
Passfilt.dll
Business enabler
14. An intrusion detection system is an example of what type of countermeasure?
Buffer Overflow
Personal Firewall - IDS - host based - Antivirus
Detective
Symmetric algorithm
15. ______________ is a major component of an overall risk management program.
SET
Risk assessment
Granularity
Passwords
16. Examples of One- Time Password technology
Log files
S/Key - OPIE
TIGER
SET
17. Which of the concepts best describes Availability in relation to computer resources?
Users can gain access to any resource upon request (assuming they have proper permissions)
Main goal of a risk management program
CRACK
run applications as generic accounts with little or no privileges.
18. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Sued for privacy violations
DAC - Discretionary Access Control
IDEA algorithm
ISO
19. So far - no one has been able to crack the ____________ with Brute Force.
IDEA algorithm
Quantitative analysis
Multi-partite viruses
Sued for privacy violations
20. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Intentions of the perpetrator
One way hash
SYN Flooding
Passwords
21. What security principle is based on the division of job responsibilities - designed to prevent fraud?
C2
Passwords
PGP
Separation of Duties
22. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
Hoaxes
Authorization
modems
23. Countermeasures' main objectives
Prevent - Recover - Detect
NT Audit events
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
IANA
24. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
DAC - Discretionary Access Control
Cryptanalysis
Payload
product development life cycle
25. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Stealth viruses
Log files
Main goal of a risk management program
Depcrypting
26. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Data Hiding
Reboot or system startup
PGP
27. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
RADIUS
involves only computer to computer transactions
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
To make user certificates available to others
28. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Certificate
Hoaxes
Social Engineering
29. Today - ______________ are almost as serious as security violations
MAC - Mandatory Access Control
Warning Banner
Privacy violations
RADIUS
30. Allows File owners to determine access rights.
Sniffer
Configuration Control
product development life cycle
Decentralized access control
31. A standardized list of the most common security weaknesses and exploits is the __________.
NFS
involves only computer to computer transactions
CVE - Common Vulnerabilities and Exposures
0-1023
32. A ______________ is an electronically generated record that ties a user's ID to their public key.
Email
One way hash
Stealth viruses
Certificate
33. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Host based - network based
Less secure
Granularity
a good password policy
34. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Acceptance - Transfer - Mitigate
Test virus
Cisco
Certificate
35. Which layer of the OSI model handles encryption?
Presentation Layer - L6
SLE - Single Loss Expectancy
Hackers and crackers
Prevent - Recover - Detect
36. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Main goal of a risk management program
Biometrics
Logic bombs
Layer 3 - Host to Host
37. Main goals of an information security program
Log files
Also
Email
Confidentiality - Availability -Integrity of data
38. ____ members of the staff need to be educated in disaster recovery procedures.
Reboot or system startup
Mobile
DAC - Discretionary Access Control
All
39. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
128
CVE - Common Vulnerabilities and Exposures
Ethernet
DSS - Digital Signature Standard
40. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
PGP
CVE - Common Vulnerabilities and Exposures
Password audit
involves only computer to computer transactions
41. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
SSL
CRACK
A PGP Signed message
Intentions of the perpetrator
42. This free (for personal use) program is used to encrypt and decrypt emails.
Detective
Mobile
PGP
run applications as generic accounts with little or no privileges.
43. A Security Reference Monitor relates to which DoD security standard?
Users can gain access to any resource upon request (assuming they have proper permissions)
A PGP Signed message
C2
a good password policy
44. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Wild
Residual risk
Passwords
Gathering digital evidence
45. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Unix / Linux based security tools?
Accountability
Hackers and crackers
Prevent - Recover - Detect
46. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Email
CERT - SANS - CERIAS - COAST
To make user certificates available to others
Mobile
47. ____________ is a file system that was poorly designed and has numerous security flaws.
RADIUS
128
Buffer Overflow
NFS
48. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
Risk Equation
Depcrypting
Mobile
49. _______________ supply AV engines with false information to avoid detection
Password audit
IPSEC
MAC - Mandatory Access Control
Stealth viruses
50. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
MAC - Mandatory Access Control
Mobile
NT Audit events
Intentions of the perpetrator
