SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ is a tool used by network administrators to capture packets from a network.
IANA
Layer 7 - Application
Passwords
Sniffer
2. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Ethernet
0-1023
Cisco
ISO
3. It is difficult to prosecute a computer criminal if _________ are not deployed
DAC - Discretionary Access Control
Confidentiality
Warning banners
Fixed length
4. ________ is the authoritative entity which lists port assignments
Mobile
CVE - Common Vulnerabilities and Exposures
IANA
Intrusion Detection System
5. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Payload
IDEA algorithm
Cramming
Assignment
6. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Information Security policies
product development life cycle
Layer 3 - Host to Host
Fixed length
7. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Granularity
RSA
Accountability
Authentication
8. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
CVE - Common Vulnerabilities and Exposures
Authentication
Less secure
9. Today - ______________ are almost as serious as security violations
Mobile
SET
Wild
Privacy violations
10. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Log files
Host based - network based
Off site in a climate controlled area
SLE - Single Loss Expectancy
11. ______________ is a major component of an overall risk management program.
Risk assessment
Privacy violations
Main goal of a risk management program
Cryptanalysis
12. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
0-1023
Certificate
IPSEC
13. Smart cards are a secure alternative to which weak security mechanism?
SSL
Presentation Layer - L6
CHAP
Passwords
14. A formula used in Quantitative risk analysis
C2
S/Key - OPIE
SLE - Single Loss Expectancy
Acceptance - Transfer - Mitigate
15. Contain - Recover - Review - Identify - Prepare
Fixed length
TIGER
Payload
Steps in handling incidents
16. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Passwords
Confidentiality - Availability -Integrity of data
Main goal of a risk management program
IPSEC
17. Remote Access Dial-in User Service
CVE - Common Vulnerabilities and Exposures
Verisign - Microsoft - Dell
Phreaks
RADIUS
18. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
Not very difficult to break.
Quantitative analysis
SLE - Single Loss Expectancy
19. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Steps in handling incidents
Social Engineering
Email
IDEA algorithm
20. One method that can reduce exposure to malicious code is to ___________________
involves only computer to computer transactions
Configuration Control
run applications as generic accounts with little or no privileges.
Layer 7 - Application
21. Main goals of an information security program
Information Security policies
Confidentiality - Availability -Integrity of data
A PGP Signed message
CERT - SANS - CERIAS - COAST
22. A standardized list of the most common security weaknesses and exploits is the __________.
CVE - Common Vulnerabilities and Exposures
CRACK
CHAP
Detective
23. What is the main difference between computer abuse and computer crime?
Users can gain access to any resource upon request (assuming they have proper permissions)
Less secure
Privacy violations
Intentions of the perpetrator
24. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
CHAP
Salami attack
Risk assessment
25. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
RSA
CHAP
CVE - Common Vulnerabilities and Exposures
Warning banners
26. Vulnerability x Threat = RISK is an example of the _______________.
Salami attack
Acceptance - Transfer - Mitigate
SET
Risk Equation
27. Organizations that can be a valid Certificate Authority (CA)
Password audit
To make user certificates available to others
Gathering digital evidence
Verisign - Microsoft - Dell
28. Which of the following is NOT and encryption algorithm?
Wild
Symmetric algorithm
SSL
modems
29. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Ethernet
Data Hiding
Hackers and crackers
Salami attack
30. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Unix / Linux based security tools?
Residual risk
Ethernet
RSA
31. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Ethernet
Quantitative analysis
CHAP
Steps in handling incidents
32. Allows File owners to determine access rights.
Sniffer
Phreaks
Privacy violations
Decentralized access control
33. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Assignment
Buffer Overflow
Symmetric algorithm
Fixed length
34. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Personal Firewall - IDS - host based - Antivirus
Password audit
S/Key - OPIE
Configuration Control
35. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Presentation Layer - L6
NFS
Data Classification
Virus definition downloads and system virus scans
36. They specifically target telephone networks
DAC - Discretionary Access Control
Phreaks
Sued for privacy violations
Environmental
37. Name two types of Intrusion Detection Systems
Verisign - Microsoft - Dell
Host based - network based
Confidentiality - Availability -Integrity of data
Email
38. ______________ is a Unix security scanning tool developed at Texas A&M university.
Hoaxes
TIGER
Macro
Layer 3 - Host to Host
39. ____ members of the staff need to be educated in disaster recovery procedures.
Password audit
Unix / Linux based security tools?
All
CRACK
40. These should be done on a weekly basis
Authentication
Virus definition downloads and system virus scans
Users can gain access to any resource upon request (assuming they have proper permissions)
RADIUS
41. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
Host based - network based
Logic bombs
CVE - Common Vulnerabilities and Exposures
42. Ways to deal with risk.
Information Security policies
Phreaks
Acceptance - Transfer - Mitigate
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
43. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Hackers and crackers
Prevent - Recover - Detect
DAC - Discretionary Access Control
Virus definition downloads and system virus scans
44. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Hoaxes
DAC - Discretionary Access Control
Authentication
CVE - Common Vulnerabilities and Exposures
45. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
All
Available service ports
Cisco
MAC - Mandatory Access Control
46. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Biometrics
Host based - network based
Preserve electronic evidence and protect it from any alteration
Fixed length
47. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Buffer Overflow
Cryptanalysis
Warning Banner
Less secure
48. So far - no one has been able to crack the ____________ with Brute Force.
IDEA algorithm
Preserve electronic evidence and protect it from any alteration
Biometrics
Layer 7 - Application
49. Committing computer crimes in such small doses that they almost go unnoticed.
Test virus
modems
Layer 7 - Application
Salami attack
50. Combine both boot and file virus behavior
Stealth viruses
Salami attack
Verisign - Microsoft - Dell
Multi-partite viruses
