SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which range defines 'well known ports?'
0-1023
Authorization
Macro
involves only computer to computer transactions
2. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
128
Warning banners
Mobile
Buffer Overflow
3. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Gathering digital evidence
Cramming
Hoaxes
Passwords
4. What is the main difference between computer abuse and computer crime?
Risk Equation
A PGP Signed message
Reboot or system startup
Intentions of the perpetrator
5. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Macro
Warning Banner
Wild
Users can gain access to any resource upon request (assuming they have proper permissions)
6. Ways to deal with risk.
Data Hiding
Not very difficult to break.
Verisign - Microsoft - Dell
Acceptance - Transfer - Mitigate
7. An intrusion detection system is an example of what type of countermeasure?
CVE - Common Vulnerabilities and Exposures
Detective
NFS
Configuration Control
8. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
X.509
Wild
Risk assessment
NFS
9. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Warning banners
IDEA algorithm
Personal Firewall - IDS - host based - Antivirus
Stealth viruses
10. A ______________ is an electronically generated record that ties a user's ID to their public key.
Intentions of the perpetrator
Decentralized access control
Certificate
Mobile
11. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Privacy violations
Risk Equation
Unix / Linux based security tools?
12. RSA is not based on a ________
Ethernet
X.509
Gathering digital evidence
Symmetric algorithm
13. __________ is the most famous Unix password cracking tool.
MAC - Mandatory Access Control
Environmental
Ethernet
CRACK
14. ______________ is a Unix security scanning tool developed at Texas A&M university.
Layer 3 - Host to Host
All
TIGER
Granularity
15. Cable modems are ___________than DSL connections
Preserve electronic evidence and protect it from any alteration
Warning banners
IANA
Less secure
16. DES - Data Encryption standard has a 128 bit key and is ________
Passwords
Not very difficult to break.
Stealth viruses
Separation of Duties
17. Data being delivered from the source to the intended receiver without being altered
Depcrypting
IPSEC
Protection of data from unauthorized users
Sued for privacy violations
18. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Authentication
Depcrypting
RSA
Quantitative analysis
19. A formula used in Quantitative risk analysis
Also
Users can gain access to any resource upon request (assuming they have proper permissions)
Less secure
SLE - Single Loss Expectancy
20. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
0-1023
Biometrics
S/Key - OPIE
DSS - Digital Signature Standard
21. A one way hash converts a string of random length into a _______________ encrypted string.
Passive network attack
Warning Banner
modems
Fixed length
22. Accounting - Authentication - and ____________ are the AAAs of information security.
Prevent - Recover - Detect
Unix / Linux based security tools?
Steps in handling incidents
Authorization
23. These should be done on a weekly basis
Virus definition downloads and system virus scans
Available service ports
Phreaks
Symmetric algorithm
24. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Privacy violations
128
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Residual risk
25. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Passfilt.dll
A PGP Signed message
MAC - Mandatory Access Control
Privacy violations
26. Public keys are used for encrypting messages and private keys are used for __________messages.
CRACK
TIGER
Depcrypting
product development life cycle
27. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Cisco
Certificate
Off site in a climate controlled area
Not rigid
28. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Granularity
Email
Presentation Layer - L6
Confidentiality
29. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
Acceptance - Transfer - Mitigate
Risk Equation
Users can gain access to any resource upon request (assuming they have proper permissions)
30. ______________ is a major component of an overall risk management program.
Directive
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Passfilt.dll
Risk assessment
31. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
RSA
Password audit
NFS
To make user certificates available to others
32. The ability to identify and audit a user and his / her actions is known as ____________.
Accountability
Preserve electronic evidence and protect it from any alteration
Phreaks
Off site in a climate controlled area
33. Which of the following is NOT and encryption algorithm?
Sued for privacy violations
SSL
DSS - Digital Signature Standard
S/Key - OPIE
34. A true network security audit does include an audit for _____________
Available service ports
modems
To make user certificates available to others
TIGER
35. Remote Access Dial-in User Service
RADIUS
All
Authentication
Passive network attack
36. __________ is a tool used by network administrators to capture packets from a network.
Sniffer
Multi-partite viruses
Wild
Macro
37. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Layer 3 - Host to Host
Acceptance - Transfer - Mitigate
X.509
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
38. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Unix / Linux based security tools?
Stateful Inspection
Passfilt.dll
Steps in handling incidents
39. Allows File owners to determine access rights.
SYN Flooding
C2
Phreaks
Decentralized access control
40. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Fixed length
NT Audit events
Passive network attack
A PGP Signed message
41. ________ is the authoritative entity which lists port assignments
0-1023
IANA
128
CERT - SANS - CERIAS - COAST
42. Information security policies are a ___________________.
IDEA algorithm
Warning banners
Test virus
Business enabler
43. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
To make user certificates available to others
Assignment
product development life cycle
128
44. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Biometrics
CHAP
SYN Flooding
Fixed length
45. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Residual risk
Layer 7 - Application
run applications as generic accounts with little or no privileges.
Macro
46. ____ members of the staff need to be educated in disaster recovery procedures.
All
Prevent - Recover - Detect
Macro
Test virus
47. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
CERT - SANS - CERIAS - COAST
Mobile
Macro
SET
48. Countermeasures' main objectives
Prevent - Recover - Detect
DAC - Discretionary Access Control
run applications as generic accounts with little or no privileges.
Accountability
49. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
All
C2
Passfilt.dll
Authentication
50. Macintosh computers are _____ at risk for receiving viruses.
Unix / Linux based security tools?
Verisign - Microsoft - Dell
Also
Virus definition downloads and system virus scans
