SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Wild
Mobile
Ethernet
Host based - network based
2. There are 5 classes of IP addresses available - but only 3 classes are in common use today
CERT - SANS - CERIAS - COAST
Macro
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Multi-partite viruses
3. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Intentions of the perpetrator
Configuration Control
DAC - Discretionary Access Control
128
4. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
involves only computer to computer transactions
Sniffer
Mobile
Risk Equation
5. There are 65536 _________
CHAP
Phreaks
IPSEC
Available service ports
6. ______________ is a major component of an overall risk management program.
SYN Flooding
Cisco
Risk assessment
Hackers and crackers
7. Remote Access Dial-in User Service
Users can gain access to any resource upon request (assuming they have proper permissions)
Email
Password audit
RADIUS
8. Public keys are used for encrypting messages and private keys are used for __________messages.
Depcrypting
Authorization
NFS
product development life cycle
9. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Users can gain access to any resource upon request (assuming they have proper permissions)
CHAP
Sued for privacy violations
Warning Banner
10. ______________ relates to the concept of protecting data from unauthorized users.
Authorization
Users can gain access to any resource upon request (assuming they have proper permissions)
Confidentiality
Layer 7 - Application
11. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Intrusion Detection System
Confidentiality
Warning banners
Assignment
12. An attempt to break an encryption algorithm is called _____________.
Stealth viruses
IDEA algorithm
Off site in a climate controlled area
Cryptanalysis
13. __________ is a tool used by network administrators to capture packets from a network.
128
Quantitative analysis
Sniffer
RADIUS
14. Contain - Recover - Review - Identify - Prepare
Presentation Layer - L6
Steps in handling incidents
modems
Layer 3 - Host to Host
15. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
A PGP Signed message
Payload
Hackers and crackers
Logic bombs
16. A Security Reference Monitor relates to which DoD security standard?
C2
0-1023
Gathering digital evidence
SLE - Single Loss Expectancy
17. Countermeasures address security concerns in this category
a good password policy
Certificate
Assignment
Information
18. Ways to deal with risk.
S/Key - OPIE
Assignment
Acceptance - Transfer - Mitigate
TIGER
19. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Passfilt.dll
Reboot or system startup
Layer 7 - Application
SSL
20. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Off site in a climate controlled area
Personal Firewall - IDS - host based - Antivirus
TIGER
Social Engineering
21. What security principle is based on the division of job responsibilities - designed to prevent fraud?
IANA
Separation of Duties
Passwords
Data Classification
22. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Configuration Control
Salami attack
RSA
Man In The Middle
23. A boot sector virus goes to work when what event takes place?
Depcrypting
IDEA algorithm
Reboot or system startup
0-1023
24. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Gathering digital evidence
Accountability
Warning Banner
Authentication
25. _______________ supply AV engines with false information to avoid detection
Passive network attack
Warning Banner
Steps in handling incidents
Stealth viruses
26. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Prevent - Recover - Detect
IANA
CHAP
To make user certificates available to others
27. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Decentralized access control
Layer 3 - Host to Host
Assignment
Risk assessment
28. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Preserve electronic evidence and protect it from any alteration
a good password policy
Cramming
Warning Banner
29. What is the main difference between computer abuse and computer crime?
Protection of data from unauthorized users
Depcrypting
Payload
Intentions of the perpetrator
30. Main goals of an information security program
CRACK
Email
Decentralized access control
Confidentiality - Availability -Integrity of data
31. Logon and Logoff - Use of User Rights - Security Policy Change
product development life cycle
Sniffer
NT Audit events
Personal Firewall - IDS - host based - Antivirus
32. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SYN Flooding
SLE - Single Loss Expectancy
Available service ports
SET
33. Data being delivered from the source to the intended receiver without being altered
Configuration Control
Host based - network based
Protection of data from unauthorized users
Main goal of a risk management program
34. HTTP - FTP - SMTP reside at which layer of the OSI model?
Not very difficult to break.
involves only computer to computer transactions
Business enabler
Layer 7 - Application
35. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Business enabler
Privacy violations
CHAP
Password audit
36. A formula used in Quantitative risk analysis
Hoaxes
SLE - Single Loss Expectancy
Intentions of the perpetrator
Quantitative analysis
37. A standardized list of the most common security weaknesses and exploits is the __________.
Risk Equation
CVE - Common Vulnerabilities and Exposures
run applications as generic accounts with little or no privileges.
DSS - Digital Signature Standard
38. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Man In The Middle
Sued for privacy violations
MAC - Mandatory Access Control
Less secure
39. Organizations that can be a valid Certificate Authority (CA)
MAC - Mandatory Access Control
Detective
Also
Verisign - Microsoft - Dell
40. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Polymorphic
Granularity
Personal Firewall - IDS - host based - Antivirus
involves only computer to computer transactions
41. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
CVE - Common Vulnerabilities and Exposures
Not rigid
Quantitative analysis
IANA
42. These should be done on a weekly basis
PGP
Virus definition downloads and system virus scans
Passfilt.dll
Intrusion Detection System
43. The ability to identify and audit a user and his / her actions is known as ____________.
involves only computer to computer transactions
ISO
a good password policy
Accountability
44. Digital Certificates use which protocol?
Ethernet
Hoaxes
X.509
Information
45. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
RADIUS
Certificate
Reboot or system startup
product development life cycle
46. Companies can now be __________ just as easily as they can be sued for security compromises.
Preserve electronic evidence and protect it from any alteration
Passfilt.dll
Authorization
Sued for privacy violations
47. The ultimate goal of a computer forensics specialist is to ___________________.
CRACK
Not rigid
Preserve electronic evidence and protect it from any alteration
CVE - Common Vulnerabilities and Exposures
48. Which of the following is NOT and encryption algorithm?
Social Engineering
SSL
Logic bombs
Prevent - Recover - Detect
49. They specifically target telephone networks
Business enabler
Confidentiality - Availability -Integrity of data
Phreaks
A PGP Signed message
50. A ______________ is an electronically generated record that ties a user's ID to their public key.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Information
MAC - Mandatory Access Control
Certificate
