SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Polymorphic
Salami attack
Log files
Phreaks
2. Information security policies are a ___________________.
Business enabler
CERT - SANS - CERIAS - COAST
Personal Firewall - IDS - host based - Antivirus
Accountability
3. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Hiding
Warning banners
Layer 3 - Host to Host
Data Classification
4. Cable modems are ___________than DSL connections
Less secure
Protection of data from unauthorized users
Cramming
CHAP
5. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Depcrypting
IPSEC
Also
To make user certificates available to others
6. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Intrusion Detection System
Cramming
Protection of data from unauthorized users
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
7. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
CRACK
Cisco
To make user certificates available to others
8. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Man In The Middle
To make user certificates available to others
IPSEC
Environmental
9. ____ members of the staff need to be educated in disaster recovery procedures.
All
Privacy violations
Detective
Not very difficult to break.
10. Wiretapping is an example of a ________.
Warning Banner
X.509
SLE - Single Loss Expectancy
Passive network attack
11. An attempt to break an encryption algorithm is called _____________.
Cryptanalysis
Cisco
Phreaks
Fixed length
12. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
product development life cycle
Multi-partite viruses
Social Engineering
Macro
13. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
IPSEC
Configuration Control
Layer 7 - Application
Cryptanalysis
14. Organizations that can be a valid Certificate Authority (CA)
Passwords
Layer 7 - Application
Verisign - Microsoft - Dell
Password audit
15. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
MAC - Mandatory Access Control
Salami attack
RSA
16. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Intentions of the perpetrator
Passfilt.dll
involves only computer to computer transactions
Data Classification
17. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Quantitative analysis
Assignment
SYN Flooding
Presentation Layer - L6
18. MD5 is a ___________ algorithm
run applications as generic accounts with little or no privileges.
Residual risk
One way hash
Password audit
19. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
Users can gain access to any resource upon request (assuming they have proper permissions)
Cramming
Cryptanalysis
20. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Configuration Control
Buffer Overflow
Biometrics
DSS - Digital Signature Standard
21. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Assignment
Information Security policies
CERT - SANS - CERIAS - COAST
Users can gain access to any resource upon request (assuming they have proper permissions)
22. Which range defines 'well known ports?'
0-1023
Privacy violations
Host based - network based
product development life cycle
23. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
IDEA algorithm
ISO
Cisco
RSA
24. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
C2
Environmental
Sued for privacy violations
RSA
25. So far - no one has been able to crack the ____________ with Brute Force.
IDEA algorithm
Virus definition downloads and system virus scans
Confidentiality - Availability -Integrity of data
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
26. They specifically target telephone networks
Off site in a climate controlled area
SET
Phreaks
Fixed length
27. This free (for personal use) program is used to encrypt and decrypt emails.
Gathering digital evidence
a good password policy
PGP
Hoaxes
28. Companies can now be __________ just as easily as they can be sued for security compromises.
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Payload
To make user certificates available to others
Sued for privacy violations
29. A formula used in Quantitative risk analysis
IPSEC
SLE - Single Loss Expectancy
Ethernet
involves only computer to computer transactions
30. ________ is the authoritative entity which lists port assignments
IDEA algorithm
Presentation Layer - L6
S/Key - OPIE
IANA
31. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
0-1023
Unix / Linux based security tools?
Multi-partite viruses
run applications as generic accounts with little or no privileges.
32. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Hoaxes
Stealth viruses
Buffer Overflow
Assignment
33. There are 65536 _________
Multi-partite viruses
Available service ports
Personal Firewall - IDS - host based - Antivirus
Residual risk
34. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Gathering digital evidence
All
Hackers and crackers
Verisign - Microsoft - Dell
35. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Protection of data from unauthorized users
Confidentiality - Availability -Integrity of data
Quantitative analysis
Email
36. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
CHAP
NT Audit events
Hoaxes
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
37. A standardized list of the most common security weaknesses and exploits is the __________.
All
DSS - Digital Signature Standard
CVE - Common Vulnerabilities and Exposures
To make user certificates available to others
38. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Residual risk
Multi-partite viruses
Passfilt.dll
All
39. Which of the concepts best describes Availability in relation to computer resources?
Symmetric algorithm
TIGER
One way hash
Users can gain access to any resource upon request (assuming they have proper permissions)
40. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Main goal of a risk management program
Password audit
Fixed length
A PGP Signed message
41. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
Granularity
SET
Information Security policies
42. A Security Reference Monitor relates to which DoD security standard?
IDEA algorithm
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
C2
Available service ports
43. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
SSL
IANA
a good password policy
Detective
44. Ways to deal with risk.
Acceptance - Transfer - Mitigate
a good password policy
Man In The Middle
Confidentiality
45. What is the main difference between computer abuse and computer crime?
Warning Banner
Hackers and crackers
Intentions of the perpetrator
SYN Flooding
46. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Wild
Less secure
Data Classification
X.509
47. The most secure method for storing backup tapes is?
Also
Off site in a climate controlled area
Authentication
A PGP Signed message
48. The __________ is the most dangerous part of a virus program.
Payload
Multi-partite viruses
Confidentiality - Availability -Integrity of data
Authentication
49. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Granularity
CVE - Common Vulnerabilities and Exposures
Password audit
Separation of Duties
50. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
X.509
Intrusion Detection System
Buffer Overflow
Sniffer
