SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
PGP
IANA
NT Audit events
Passfilt.dll
2. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Sued for privacy violations
Wild
Cisco
Payload
3. A standardized list of the most common security weaknesses and exploits is the __________.
Test virus
Cramming
Information Security policies
CVE - Common Vulnerabilities and Exposures
4. Vulnerability x Threat = RISK is an example of the _______________.
Social Engineering
Data Hiding
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Risk Equation
5. __________ is the most famous Unix password cracking tool.
Decentralized access control
MAC - Mandatory Access Control
CRACK
Passive network attack
6. Name two types of Intrusion Detection Systems
Passwords
Host based - network based
run applications as generic accounts with little or no privileges.
Main goal of a risk management program
7. A ______________ is an electronically generated record that ties a user's ID to their public key.
Intrusion Detection System
Cramming
Payload
Certificate
8. They specifically target telephone networks
Information Security policies
Residual risk
Phreaks
Depcrypting
9. These should be done on a weekly basis
Reboot or system startup
Virus definition downloads and system virus scans
Cisco
Prevent - Recover - Detect
10. The ultimate goal of a computer forensics specialist is to ___________________.
Preserve electronic evidence and protect it from any alteration
NT Audit events
Quantitative analysis
Steps in handling incidents
11. What is the main difference between computer abuse and computer crime?
Decentralized access control
Privacy violations
Available service ports
Intentions of the perpetrator
12. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
X.509
Multi-partite viruses
Biometrics
Residual risk
13. A Security Reference Monitor relates to which DoD security standard?
NT Audit events
run applications as generic accounts with little or no privileges.
C2
PGP
14. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
X.509
SET
Intrusion Detection System
15. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
Authorization
TIGER
ISO
16. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Certificate
Mobile
128
Unix / Linux based security tools?
17. ___________________ viruses change the code order of the strain each time they replicate to another machine.
CERT - SANS - CERIAS - COAST
Polymorphic
Cramming
DSS - Digital Signature Standard
18. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
involves only computer to computer transactions
Sued for privacy violations
Data Classification
Preserve electronic evidence and protect it from any alteration
19. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Polymorphic
Macro
ISO
Not very difficult to break.
20. ______________ relates to the concept of protecting data from unauthorized users.
IPSEC
Email
Confidentiality
Symmetric algorithm
21. DES - Data Encryption standard has a 128 bit key and is ________
Not very difficult to break.
Authentication
SLE - Single Loss Expectancy
Authorization
22. A one way hash converts a string of random length into a _______________ encrypted string.
Confidentiality - Availability -Integrity of data
Fixed length
All
modems
23. To help managers find the correct cost balance between risks and countermeasures
SYN Flooding
Acceptance - Transfer - Mitigate
SET
Main goal of a risk management program
24. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Polymorphic
Fixed length
Mobile
SLE - Single Loss Expectancy
25. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
Residual risk
SYN Flooding
Log files
26. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
a good password policy
Multi-partite viruses
Macro
SYN Flooding
27. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
0-1023
Information Security policies
Ethernet
Intrusion Detection System
28. So far - no one has been able to crack the ____________ with Brute Force.
IDEA algorithm
Not very difficult to break.
To make user certificates available to others
Not rigid
29. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Environmental
RSA
Test virus
To make user certificates available to others
30. Smart cards are a secure alternative to which weak security mechanism?
Privacy violations
Passwords
DAC - Discretionary Access Control
Ethernet
31. An attempt to break an encryption algorithm is called _____________.
Payload
Risk assessment
Cryptanalysis
IPSEC
32. Cable modems are ___________than DSL connections
Less secure
Also
SLE - Single Loss Expectancy
Passfilt.dll
33. The most secure method for storing backup tapes is?
Off site in a climate controlled area
Passwords
Layer 3 - Host to Host
Ethernet
34. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Main goal of a risk management program
Configuration Control
Business enabler
Layer 3 - Host to Host
35. The IDEA algorithm (used in PGP) is _______ bits long.
Assignment
128
Cramming
Stateful Inspection
36. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Information Security policies
Risk Equation
Test virus
Separation of Duties
37. HTTP - FTP - SMTP reside at which layer of the OSI model?
Data Hiding
Hoaxes
Layer 7 - Application
Mobile
38. Countermeasures' main objectives
Man In The Middle
Test virus
Prevent - Recover - Detect
Stealth viruses
39. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Configuration Control
NFS
Macro
Environmental
40. Countermeasures address security concerns in this category
Confidentiality - Availability -Integrity of data
Information
Phreaks
Password audit
41. RSA is not based on a ________
Password audit
Risk Equation
Verisign - Microsoft - Dell
Symmetric algorithm
42. Which layer of the OSI model handles encryption?
Business enabler
Presentation Layer - L6
SET
Information Security policies
43. S/MIME was developed for the protection of what communication mechanism(s)?
Email
TIGER
modems
Gathering digital evidence
44. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Warning Banner
Macro
SET
A PGP Signed message
45. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Data Hiding
Wild
DSS - Digital Signature Standard
46. Macintosh computers are _____ at risk for receiving viruses.
Passive network attack
Also
Biometrics
Prevent - Recover - Detect
47. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
NFS
Protection of data from unauthorized users
Gathering digital evidence
Man In The Middle
48. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
DAC - Discretionary Access Control
Password audit
Also
Stealth viruses
49. One method that can reduce exposure to malicious code is to ___________________
Main goal of a risk management program
run applications as generic accounts with little or no privileges.
Detective
Accountability
50. Ways to deal with risk.
Acceptance - Transfer - Mitigate
Verisign - Microsoft - Dell
involves only computer to computer transactions
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
