SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Test virus
Certificate
RADIUS
MAC - Mandatory Access Control
2. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Stealth viruses
Presentation Layer - L6
Ethernet
Authorization
3. A true network security audit does include an audit for _____________
Off site in a climate controlled area
X.509
To make user certificates available to others
modems
4. HTTP - FTP - SMTP reside at which layer of the OSI model?
product development life cycle
Privacy violations
TIGER
Layer 7 - Application
5. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Information Security policies
Passfilt.dll
To make user certificates available to others
Sniffer
6. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Preserve electronic evidence and protect it from any alteration
Protection of data from unauthorized users
product development life cycle
SET
7. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Granularity
Risk assessment
product development life cycle
Buffer Overflow
8. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
Granularity
Authentication
Unix / Linux based security tools?
9. IKE - Internet Key Exchange is often used in conjunction with what security standard?
C2
IPSEC
Unix / Linux based security tools?
Environmental
10. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Data Hiding
Sued for privacy violations
Directive
SLE - Single Loss Expectancy
11. Today - ______________ are almost as serious as security violations
CERT - SANS - CERIAS - COAST
Privacy violations
Sniffer
Passive network attack
12. MD5 is a ___________ algorithm
One way hash
S/Key - OPIE
Acceptance - Transfer - Mitigate
Authorization
13. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Preserve electronic evidence and protect it from any alteration
modems
Data Hiding
Off site in a climate controlled area
14. Contain - Recover - Review - Identify - Prepare
Configuration Control
Steps in handling incidents
Passive network attack
Data Hiding
15. There are 65536 _________
Available service ports
Passfilt.dll
Man In The Middle
Salami attack
16. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Man In The Middle
Configuration Control
Layer 3 - Host to Host
Symmetric algorithm
17. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
CRACK
Man In The Middle
Stateful Inspection
Log files
18. ______________ relates to the concept of protecting data from unauthorized users.
IPSEC
Assignment
SYN Flooding
Confidentiality
19. Cable modems are ___________than DSL connections
Less secure
S/Key - OPIE
Cryptanalysis
NFS
20. It is difficult to prosecute a computer criminal if _________ are not deployed
A PGP Signed message
Macro
To make user certificates available to others
Warning banners
21. A ______________ is an electronically generated record that ties a user's ID to their public key.
NT Audit events
Certificate
Assignment
Environmental
22. Combine both boot and file virus behavior
Multi-partite viruses
128
Directive
SET
23. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Main goal of a risk management program
Acceptance - Transfer - Mitigate
128
24. ____________ is a file system that was poorly designed and has numerous security flaws.
Virus definition downloads and system virus scans
Mobile
Phreaks
NFS
25. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Authentication
PGP
Depcrypting
DAC - Discretionary Access Control
26. ______________ is a Unix security scanning tool developed at Texas A&M university.
0-1023
TIGER
involves only computer to computer transactions
NT Audit events
27. An attempt to break an encryption algorithm is called _____________.
Cryptanalysis
Phreaks
Biometrics
Hoaxes
28. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Acceptance - Transfer - Mitigate
Gathering digital evidence
Wild
Warning banners
29. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Decentralized access control
A PGP Signed message
Information Security policies
Environmental
30. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Cisco
Information Security policies
IDEA algorithm
CERT - SANS - CERIAS - COAST
31. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
Data Classification
SLE - Single Loss Expectancy
Information Security policies
32. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
involves only computer to computer transactions
Mobile
SYN Flooding
Off site in a climate controlled area
33. Smart cards are a secure alternative to which weak security mechanism?
Passwords
Data Hiding
NT Audit events
Risk Equation
34. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Quantitative analysis
Separation of Duties
Information Security policies
IPSEC
35. Identifying specific attempts to penetrate systems is the function of the _______________.
NFS
Layer 7 - Application
Intrusion Detection System
Depcrypting
36. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Assignment
Accountability
Unix / Linux based security tools?
Salami attack
37. A one way hash converts a string of random length into a _______________ encrypted string.
Granularity
Fixed length
DSS - Digital Signature Standard
S/Key - OPIE
38. A boot sector virus goes to work when what event takes place?
Information Security policies
Reboot or system startup
Salami attack
Risk Equation
39. This free (for personal use) program is used to encrypt and decrypt emails.
PGP
A PGP Signed message
Personal Firewall - IDS - host based - Antivirus
Depcrypting
40. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Data Classification
Residual risk
Risk Equation
Personal Firewall - IDS - host based - Antivirus
41. Logon and Logoff - Use of User Rights - Security Policy Change
product development life cycle
NT Audit events
X.509
Granularity
42. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Gathering digital evidence
Warning Banner
S/Key - OPIE
Configuration Control
43. These should be done on a weekly basis
Sued for privacy violations
modems
Preserve electronic evidence and protect it from any alteration
Virus definition downloads and system virus scans
44. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Reboot or system startup
Privacy violations
Not rigid
To make user certificates available to others
45. ___________________ is responsible for creating security policies and for communicating those policies to system users.
CVE - Common Vulnerabilities and Exposures
MAC - Mandatory Access Control
Residual risk
ISO
46. Which range defines 'well known ports?'
Man In The Middle
0-1023
SSL
One way hash
47. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Mobile
MAC - Mandatory Access Control
Personal Firewall - IDS - host based - Antivirus
Salami attack
48. They specifically target telephone networks
Log files
Confidentiality - Availability -Integrity of data
Phreaks
Stealth viruses
49. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Protection of data from unauthorized users
Privacy violations
Quantitative analysis
Logic bombs
50. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Ethernet
Passfilt.dll
Log files
a good password policy