SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Logic bombs
Reboot or system startup
Personal Firewall - IDS - host based - Antivirus
Wild
2. Ways to deal with risk.
Stateful Inspection
Acceptance - Transfer - Mitigate
X.509
Available service ports
3. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Logic bombs
involves only computer to computer transactions
Salami attack
Data Classification
4. A boot sector virus goes to work when what event takes place?
Reboot or system startup
Symmetric algorithm
Decentralized access control
Directive
5. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
modems
C2
Data Classification
Personal Firewall - IDS - host based - Antivirus
6. Name two types of Intrusion Detection Systems
Buffer Overflow
Host based - network based
Decentralized access control
NFS
7. A standardized list of the most common security weaknesses and exploits is the __________.
Authorization
CVE - Common Vulnerabilities and Exposures
Cramming
run applications as generic accounts with little or no privileges.
8. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Less secure
RSA
Granularity
CERT - SANS - CERIAS - COAST
9. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Stateful Inspection
Email
DAC - Discretionary Access Control
RSA
10. ____ members of the staff need to be educated in disaster recovery procedures.
Intentions of the perpetrator
All
Not rigid
X.509
11. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Authorization
Virus definition downloads and system virus scans
Information
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
12. Which of the concepts best describes Availability in relation to computer resources?
ISO
IDEA algorithm
Users can gain access to any resource upon request (assuming they have proper permissions)
Also
13. Cable modems are ___________than DSL connections
Less secure
Sniffer
Not rigid
Protection of data from unauthorized users
14. RSA is not based on a ________
Quantitative analysis
a good password policy
Symmetric algorithm
Steps in handling incidents
15. Organizations that can be a valid Certificate Authority (CA)
Granularity
Verisign - Microsoft - Dell
Accountability
Logic bombs
16. This free (for personal use) program is used to encrypt and decrypt emails.
Intrusion Detection System
SYN Flooding
128
PGP
17. A Security Reference Monitor relates to which DoD security standard?
C2
Presentation Layer - L6
Risk Equation
Intentions of the perpetrator
18. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
To make user certificates available to others
Reboot or system startup
Fixed length
Business enabler
19. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Email
Man In The Middle
Unix / Linux based security tools?
Directive
20. DES - Data Encryption standard has a 128 bit key and is ________
Presentation Layer - L6
SYN Flooding
run applications as generic accounts with little or no privileges.
Not very difficult to break.
21. A formula used in Quantitative risk analysis
CERT - SANS - CERIAS - COAST
Wild
Depcrypting
SLE - Single Loss Expectancy
22. There are 65536 _________
Reboot or system startup
Cisco
Acceptance - Transfer - Mitigate
Available service ports
23. __________ is the most famous Unix password cracking tool.
Social Engineering
CRACK
involves only computer to computer transactions
Host based - network based
24. ______________ relates to the concept of protecting data from unauthorized users.
Detective
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Payload
Confidentiality
25. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Residual risk
PGP
Environmental
Granularity
26. Which of the following is NOT and encryption algorithm?
PGP
Test virus
Business enabler
SSL
27. Stealth viruses live in memory while __________ are written to disk
MAC - Mandatory Access Control
0-1023
Logic bombs
Fixed length
28. Countermeasures' main objectives
Presentation Layer - L6
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Prevent - Recover - Detect
ISO
29. A ______________ is an electronically generated record that ties a user's ID to their public key.
Users can gain access to any resource upon request (assuming they have proper permissions)
Detective
Intrusion Detection System
Certificate
30. They specifically target telephone networks
Warning Banner
Phreaks
Directive
a good password policy
31. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Also
Off site in a climate controlled area
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Separation of Duties
32. The most secure method for storing backup tapes is?
Cryptanalysis
Off site in a climate controlled area
C2
Hackers and crackers
33. What is the main difference between computer abuse and computer crime?
Intentions of the perpetrator
Not very difficult to break.
Hoaxes
Passfilt.dll
34. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Not rigid
Main goal of a risk management program
Presentation Layer - L6
Not very difficult to break.
35. ______________ is a major component of an overall risk management program.
Risk assessment
RSA
run applications as generic accounts with little or no privileges.
PGP
36. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Business enabler
PGP
S/Key - OPIE
37. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Main goal of a risk management program
Assignment
Granularity
Data Hiding
38. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Not rigid
C2
IPSEC
Reboot or system startup
39. An intrusion detection system is an example of what type of countermeasure?
C2
Detective
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Reboot or system startup
40. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Log files
TIGER
Passive network attack
To make user certificates available to others
41. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Hackers and crackers
RADIUS
Environmental
128
42. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
Preserve electronic evidence and protect it from any alteration
Cramming
Warning banners
43. An attempt to break an encryption algorithm is called _____________.
Reboot or system startup
SSL
Cryptanalysis
Information Security policies
44. _______________ supply AV engines with false information to avoid detection
SSL
Host based - network based
Stealth viruses
Passive network attack
45. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Risk Equation
Test virus
Fixed length
Multi-partite viruses
46. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Sued for privacy violations
Authorization
Information Security policies
Gathering digital evidence
47. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Fixed length
Social Engineering
Not rigid
A PGP Signed message
48. Contain - Recover - Review - Identify - Prepare
Privacy violations
DAC - Discretionary Access Control
Steps in handling incidents
Wild
49. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
Risk Equation
Acceptance - Transfer - Mitigate
Authentication
50. Committing computer crimes in such small doses that they almost go unnoticed.
SYN Flooding
Accountability
Not rigid
Salami attack