SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Companies can now be __________ just as easily as they can be sued for security compromises.
DAC - Discretionary Access Control
Sued for privacy violations
RSA
Passwords
2. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Phreaks
Personal Firewall - IDS - host based - Antivirus
Warning Banner
SYN Flooding
3. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Authentication
Sniffer
Quantitative analysis
MAC - Mandatory Access Control
4. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
modems
Data Hiding
Information Security policies
Sniffer
5. Organizations that can be a valid Certificate Authority (CA)
PGP
Verisign - Microsoft - Dell
Macro
Data Hiding
6. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Sued for privacy violations
Off site in a climate controlled area
Payload
7. Information security policies are a ___________________.
Prevent - Recover - Detect
Stealth viruses
Ethernet
Business enabler
8. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Less secure
Cramming
Authorization
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
9. Which of the following is NOT and encryption algorithm?
SSL
Steps in handling incidents
Assignment
Salami attack
10. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Less secure
Social Engineering
Personal Firewall - IDS - host based - Antivirus
Directive
11. Committing computer crimes in such small doses that they almost go unnoticed.
Information
PGP
Salami attack
Hoaxes
12. One method that can reduce exposure to malicious code is to ___________________
Stealth viruses
Mobile
run applications as generic accounts with little or no privileges.
Hoaxes
13. A formula used in Quantitative risk analysis
A PGP Signed message
Test virus
Residual risk
SLE - Single Loss Expectancy
14. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
One way hash
A PGP Signed message
Layer 7 - Application
Password audit
15. Stealth viruses live in memory while __________ are written to disk
Prevent - Recover - Detect
Authorization
Logic bombs
run applications as generic accounts with little or no privileges.
16. Digital Certificates use which protocol?
X.509
Off site in a climate controlled area
Fixed length
Information
17. These should be done on a weekly basis
NFS
Intentions of the perpetrator
run applications as generic accounts with little or no privileges.
Virus definition downloads and system virus scans
18. RSA is not based on a ________
A PGP Signed message
Users can gain access to any resource upon request (assuming they have proper permissions)
Salami attack
Symmetric algorithm
19. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SET
Stateful Inspection
Privacy violations
product development life cycle
20. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Quantitative analysis
Assignment
Configuration Control
Polymorphic
21. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Stealth viruses
RADIUS
Configuration Control
Risk assessment
22. __________ is the most famous Unix password cracking tool.
CRACK
Residual risk
Business enabler
Multi-partite viruses
23. This free (for personal use) program is used to encrypt and decrypt emails.
Prevent - Recover - Detect
PGP
Test virus
Detective
24. Main goals of an information security program
Confidentiality - Availability -Integrity of data
CRACK
SLE - Single Loss Expectancy
Environmental
25. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
NT Audit events
DAC - Discretionary Access Control
Directive
DSS - Digital Signature Standard
26. An attempt to break an encryption algorithm is called _____________.
Gathering digital evidence
Presentation Layer - L6
Sued for privacy violations
Cryptanalysis
27. They specifically target telephone networks
Cryptanalysis
Phreaks
RSA
Polymorphic
28. The ability to identify and audit a user and his / her actions is known as ____________.
Layer 3 - Host to Host
Accountability
Sniffer
All
29. Macintosh computers are _____ at risk for receiving viruses.
Data Classification
Cryptanalysis
To make user certificates available to others
Also
30. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Biometrics
Sniffer
Hoaxes
Environmental
31. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
a good password policy
Not very difficult to break.
Host based - network based
Biometrics
32. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Mobile
Test virus
Acceptance - Transfer - Mitigate
33. Wiretapping is an example of a ________.
Assignment
Warning Banner
Passive network attack
Logic bombs
34. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Confidentiality - Availability -Integrity of data
involves only computer to computer transactions
Main goal of a risk management program
Passfilt.dll
35. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
RADIUS
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Test virus
Mobile
36. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Authorization
Available service ports
Information Security policies
Cramming
37. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
CRACK
Cisco
Macro
Gathering digital evidence
38. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Verisign - Microsoft - Dell
PGP
Cryptanalysis
SYN Flooding
39. To help managers find the correct cost balance between risks and countermeasures
To make user certificates available to others
Sued for privacy violations
Main goal of a risk management program
Residual risk
40. A Security Reference Monitor relates to which DoD security standard?
Unix / Linux based security tools?
C2
Detective
Users can gain access to any resource upon request (assuming they have proper permissions)
41. Vulnerability x Threat = RISK is an example of the _______________.
Wild
Configuration Control
All
Risk Equation
42. Cable modems are ___________than DSL connections
Less secure
To make user certificates available to others
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Depcrypting
43. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Off site in a climate controlled area
Granularity
Authentication
Logic bombs
44. Today - ______________ are almost as serious as security violations
Verisign - Microsoft - Dell
Privacy violations
Symmetric algorithm
Cisco
45. Countermeasures' main objectives
Acceptance - Transfer - Mitigate
X.509
Cryptanalysis
Prevent - Recover - Detect
46. Which layer of the OSI model handles encryption?
Presentation Layer - L6
Depcrypting
CERT - SANS - CERIAS - COAST
DAC - Discretionary Access Control
47. Smart cards are a secure alternative to which weak security mechanism?
Passwords
Also
0-1023
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
48. Which of the concepts best describes Availability in relation to computer resources?
Payload
Information Security policies
SLE - Single Loss Expectancy
Users can gain access to any resource upon request (assuming they have proper permissions)
49. HTTP - FTP - SMTP reside at which layer of the OSI model?
Payload
Directive
Layer 3 - Host to Host
Layer 7 - Application
50. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
IANA
MAC - Mandatory Access Control
Ethernet
Assignment