SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Data Hiding
SYN Flooding
Configuration Control
run applications as generic accounts with little or no privileges.
2. Cable modems are ___________than DSL connections
Not rigid
Layer 7 - Application
Off site in a climate controlled area
Less secure
3. Smart cards are a secure alternative to which weak security mechanism?
Buffer Overflow
CHAP
Also
Passwords
4. S/MIME was developed for the protection of what communication mechanism(s)?
Certificate
Email
Multi-partite viruses
Test virus
5. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
Prevent - Recover - Detect
Accountability
product development life cycle
6. ________ is the authoritative entity which lists port assignments
Verisign - Microsoft - Dell
Available service ports
Cryptanalysis
IANA
7. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
MAC - Mandatory Access Control
Macro
Polymorphic
Mobile
8. They specifically target telephone networks
128
ISO
SLE - Single Loss Expectancy
Phreaks
9. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Information
Passive network attack
Business enabler
product development life cycle
10. Macintosh computers are _____ at risk for receiving viruses.
NFS
Also
Multi-partite viruses
Configuration Control
11. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Risk assessment
involves only computer to computer transactions
Separation of Duties
Protection of data from unauthorized users
12. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Password audit
A PGP Signed message
Phreaks
Hoaxes
13. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Detective
Available service ports
a good password policy
DSS - Digital Signature Standard
14. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Verisign - Microsoft - Dell
Gathering digital evidence
Salami attack
Layer 3 - Host to Host
15. ______________ is a major component of an overall risk management program.
Information Security policies
Quantitative analysis
Risk assessment
Depcrypting
16. Digital Certificates use which protocol?
Detective
Symmetric algorithm
X.509
modems
17. A ______________ is an electronically generated record that ties a user's ID to their public key.
Host based - network based
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
SYN Flooding
Certificate
18. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Email
Presentation Layer - L6
Macro
Not very difficult to break.
19. The __________ is the most dangerous part of a virus program.
MAC - Mandatory Access Control
Sniffer
Data Hiding
Payload
20. Which organization(s) are responsible for the timely distribution of information security intelligence data?
IDEA algorithm
CERT - SANS - CERIAS - COAST
SET
Environmental
21. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Environmental
ISO
IANA
Log files
22. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Symmetric algorithm
Buffer Overflow
Detective
S/Key - OPIE
23. The IDEA algorithm (used in PGP) is _______ bits long.
128
Data Classification
Certificate
Hoaxes
24. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Configuration Control
Wild
Passfilt.dll
DAC - Discretionary Access Control
25. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Password audit
Also
Risk assessment
Wild
26. _______________ supply AV engines with false information to avoid detection
Passwords
modems
Stealth viruses
Cisco
27. Name two types of Intrusion Detection Systems
IPSEC
Certificate
Host based - network based
IANA
28. There are 65536 _________
Information Security policies
Cisco
PGP
Available service ports
29. __________ is a tool used by network administrators to capture packets from a network.
Intentions of the perpetrator
Sniffer
Directive
Verisign - Microsoft - Dell
30. Examples of One- Time Password technology
Risk assessment
S/Key - OPIE
One way hash
Quantitative analysis
31. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Logic bombs
Presentation Layer - L6
Cisco
Assignment
32. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Intrusion Detection System
Gathering digital evidence
Less secure
Not rigid
33. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Accountability
Warning banners
Stateful Inspection
Layer 3 - Host to Host
34. So far - no one has been able to crack the ____________ with Brute Force.
IDEA algorithm
DSS - Digital Signature Standard
IPSEC
Business enabler
35. The ultimate goal of a computer forensics specialist is to ___________________.
Email
Phreaks
Preserve electronic evidence and protect it from any alteration
One way hash
36. ____ members of the staff need to be educated in disaster recovery procedures.
Environmental
All
Business enabler
Decentralized access control
37. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Password audit
Warning banners
128
Depcrypting
38. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Password audit
Not very difficult to break.
Hoaxes
SLE - Single Loss Expectancy
39. A standardized list of the most common security weaknesses and exploits is the __________.
Log files
Residual risk
Logic bombs
CVE - Common Vulnerabilities and Exposures
40. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Intrusion Detection System
Detective
Payload
Social Engineering
41. Stealth viruses live in memory while __________ are written to disk
Not very difficult to break.
Logic bombs
Also
Prevent - Recover - Detect
42. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Social Engineering
S/Key - OPIE
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Authentication
43. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
Payload
NT Audit events
IDEA algorithm
44. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Fixed length
Stealth viruses
Authentication
Configuration Control
45. Vulnerability x Threat = RISK is an example of the _______________.
To make user certificates available to others
Not very difficult to break.
S/Key - OPIE
Risk Equation
46. A Security Reference Monitor relates to which DoD security standard?
Information Security policies
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Data Hiding
C2
47. Combine both boot and file virus behavior
Intrusion Detection System
Off site in a climate controlled area
RSA
Multi-partite viruses
48. An attempt to break an encryption algorithm is called _____________.
involves only computer to computer transactions
RSA
Cryptanalysis
modems
49. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
CHAP
Information
Acceptance - Transfer - Mitigate
Unix / Linux based security tools?
50. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
0-1023
Sued for privacy violations
Granularity
