SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
128
Prevent - Recover - Detect
Risk Equation
Unix / Linux based security tools?
2. Which of the following is NOT and encryption algorithm?
IPSEC
SSL
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
S/Key - OPIE
3. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Layer 3 - Host to Host
Test virus
Warning banners
Cisco
4. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Gathering digital evidence
To make user certificates available to others
Passfilt.dll
SLE - Single Loss Expectancy
5. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Host based - network based
TIGER
Personal Firewall - IDS - host based - Antivirus
6. A formula used in Quantitative risk analysis
Biometrics
Test virus
SLE - Single Loss Expectancy
MAC - Mandatory Access Control
7. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Passfilt.dll
Configuration Control
Warning Banner
Logic bombs
8. A ______________ is an electronically generated record that ties a user's ID to their public key.
Certificate
C2
Mobile
Also
9. Stealth viruses live in memory while __________ are written to disk
CHAP
Cisco
Confidentiality
Logic bombs
10. A Security Reference Monitor relates to which DoD security standard?
C2
DAC - Discretionary Access Control
Layer 7 - Application
Decentralized access control
11. Countermeasures' main objectives
Test virus
Confidentiality - Availability -Integrity of data
A PGP Signed message
Prevent - Recover - Detect
12. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
NFS
Not rigid
Buffer Overflow
SYN Flooding
13. __________ is a tool used by network administrators to capture packets from a network.
Salami attack
Sniffer
All
C2
14. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
CERT - SANS - CERIAS - COAST
Warning Banner
RSA
Cisco
15. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
involves only computer to computer transactions
Not rigid
TIGER
Quantitative analysis
16. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Main goal of a risk management program
Log files
Accountability
Multi-partite viruses
17. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Information Security policies
Test virus
Biometrics
Hoaxes
18. Name two types of Intrusion Detection Systems
involves only computer to computer transactions
Host based - network based
S/Key - OPIE
DSS - Digital Signature Standard
19. MD5 is a ___________ algorithm
Also
One way hash
involves only computer to computer transactions
Multi-partite viruses
20. ____ members of the staff need to be educated in disaster recovery procedures.
Verisign - Microsoft - Dell
Directive
All
Multi-partite viruses
21. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Risk Equation
Assignment
Hoaxes
Certificate
22. Cable modems are ___________than DSL connections
Confidentiality
CRACK
Less secure
SET
23. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Virus definition downloads and system virus scans
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Steps in handling incidents
X.509
24. What is the main difference between computer abuse and computer crime?
Intentions of the perpetrator
128
Layer 7 - Application
Ethernet
25. One method that can reduce exposure to malicious code is to ___________________
Confidentiality
0-1023
run applications as generic accounts with little or no privileges.
Warning banners
26. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Authentication
Available service ports
Not rigid
Warning banners
27. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Mobile
Cramming
Phreaks
IDEA algorithm
28. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Wild
Confidentiality
Risk Equation
CHAP
29. DES - Data Encryption standard has a 128 bit key and is ________
Granularity
PGP
Hackers and crackers
Not very difficult to break.
30. Remote Access Dial-in User Service
SLE - Single Loss Expectancy
Less secure
Sued for privacy violations
RADIUS
31. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
DSS - Digital Signature Standard
X.509
Main goal of a risk management program
32. Organizations that can be a valid Certificate Authority (CA)
CVE - Common Vulnerabilities and Exposures
Presentation Layer - L6
Verisign - Microsoft - Dell
Hoaxes
33. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Business enabler
CHAP
product development life cycle
CVE - Common Vulnerabilities and Exposures
34. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Residual risk
Not rigid
Stateful Inspection
Accountability
35. Data being delivered from the source to the intended receiver without being altered
Protection of data from unauthorized users
SLE - Single Loss Expectancy
product development life cycle
Not very difficult to break.
36. A true network security audit does include an audit for _____________
Authorization
modems
MAC - Mandatory Access Control
Not rigid
37. Macintosh computers are _____ at risk for receiving viruses.
Fixed length
Also
Verisign - Microsoft - Dell
RSA
38. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
DSS - Digital Signature Standard
Authentication
Layer 3 - Host to Host
Cramming
39. HTTP - FTP - SMTP reside at which layer of the OSI model?
DSS - Digital Signature Standard
Layer 7 - Application
Business enabler
Cisco
40. A standardized list of the most common security weaknesses and exploits is the __________.
All
Intrusion Detection System
CVE - Common Vulnerabilities and Exposures
SYN Flooding
41. Identifying specific attempts to penetrate systems is the function of the _______________.
CVE - Common Vulnerabilities and Exposures
Password audit
Risk Equation
Intrusion Detection System
42. A one way hash converts a string of random length into a _______________ encrypted string.
Logic bombs
Fixed length
Assignment
Password audit
43. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Hackers and crackers
Macro
Not very difficult to break.
Data Hiding
44. __________ is the most famous Unix password cracking tool.
Host based - network based
CRACK
Fixed length
S/Key - OPIE
45. IKE - Internet Key Exchange is often used in conjunction with what security standard?
product development life cycle
IPSEC
Depcrypting
Decentralized access control
46. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
CRACK
Password audit
Steps in handling incidents
A PGP Signed message
47. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Test virus
RSA
DSS - Digital Signature Standard
Main goal of a risk management program
48. Today - ______________ are almost as serious as security violations
product development life cycle
Salami attack
Privacy violations
Multi-partite viruses
49. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
One way hash
Hoaxes
Hackers and crackers
Reboot or system startup
50. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Layer 3 - Host to Host
MAC - Mandatory Access Control