SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
0-1023
Residual risk
Prevent - Recover - Detect
2. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Man In The Middle
Confidentiality
Stealth viruses
Hoaxes
3. Macintosh computers are _____ at risk for receiving viruses.
Email
Logic bombs
Also
Off site in a climate controlled area
4. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
0-1023
DAC - Discretionary Access Control
Verisign - Microsoft - Dell
SYN Flooding
5. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Data Classification
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
CVE - Common Vulnerabilities and Exposures
a good password policy
6. Information security policies are a ___________________.
Authorization
Stealth viruses
Intrusion Detection System
Business enabler
7. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Test virus
Available service ports
Acceptance - Transfer - Mitigate
ISO
8. DES - Data Encryption standard has a 128 bit key and is ________
Not very difficult to break.
Directive
CHAP
Unix / Linux based security tools?
9. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
Polymorphic
run applications as generic accounts with little or no privileges.
ISO
10. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Users can gain access to any resource upon request (assuming they have proper permissions)
CHAP
PGP
Detective
11. Combine both boot and file virus behavior
CRACK
Multi-partite viruses
Quantitative analysis
Biometrics
12. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Preserve electronic evidence and protect it from any alteration
Accountability
Presentation Layer - L6
Stateful Inspection
13. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Business enabler
Passfilt.dll
Wild
CVE - Common Vulnerabilities and Exposures
14. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Warning banners
involves only computer to computer transactions
Configuration Control
Stateful Inspection
15. Public keys are used for encrypting messages and private keys are used for __________messages.
Depcrypting
Hoaxes
Virus definition downloads and system virus scans
Layer 7 - Application
16. ______________ is a major component of an overall risk management program.
Risk assessment
128
Personal Firewall - IDS - host based - Antivirus
Residual risk
17. Countermeasures' main objectives
Privacy violations
Directive
Prevent - Recover - Detect
IDEA algorithm
18. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Man In The Middle
Residual risk
Phreaks
One way hash
19. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Ethernet
C2
Biometrics
20. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Information
Risk assessment
involves only computer to computer transactions
Quantitative analysis
21. Companies can now be __________ just as easily as they can be sued for security compromises.
Users can gain access to any resource upon request (assuming they have proper permissions)
Passfilt.dll
Sued for privacy violations
run applications as generic accounts with little or no privileges.
22. Wiretapping is an example of a ________.
Not very difficult to break.
Configuration Control
Accountability
Passive network attack
23. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Quantitative analysis
a good password policy
A PGP Signed message
Log files
24. The ability to identify and audit a user and his / her actions is known as ____________.
Unix / Linux based security tools?
Accountability
C2
SET
25. S/MIME was developed for the protection of what communication mechanism(s)?
Email
One way hash
RADIUS
Granularity
26. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Depcrypting
To make user certificates available to others
Passfilt.dll
27. Allows File owners to determine access rights.
Decentralized access control
Man In The Middle
SET
Buffer Overflow
28. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Risk Equation
CHAP
product development life cycle
Privacy violations
29. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Symmetric algorithm
DSS - Digital Signature Standard
Social Engineering
Logic bombs
30. The IDEA algorithm (used in PGP) is _______ bits long.
Gathering digital evidence
Configuration Control
Less secure
128
31. Vulnerability x Threat = RISK is an example of the _______________.
Intentions of the perpetrator
Personal Firewall - IDS - host based - Antivirus
Cisco
Risk Equation
32. Cable modems are ___________than DSL connections
Less secure
RSA
Multi-partite viruses
Biometrics
33. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
Biometrics
Sniffer
Not rigid
34. Countermeasures address security concerns in this category
Information
RSA
Stealth viruses
Log files
35. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Depcrypting
0-1023
Quantitative analysis
SET
36. What is the main difference between computer abuse and computer crime?
Unix / Linux based security tools?
Intentions of the perpetrator
CERT - SANS - CERIAS - COAST
Presentation Layer - L6
37. Today - ______________ are almost as serious as security violations
Privacy violations
Man In The Middle
Passfilt.dll
SET
38. ______________ relates to the concept of protecting data from unauthorized users.
Gathering digital evidence
Confidentiality
NT Audit events
Privacy violations
39. A true network security audit does include an audit for _____________
Warning Banner
Authentication
modems
DSS - Digital Signature Standard
40. A ______________ is an electronically generated record that ties a user's ID to their public key.
Sniffer
Preserve electronic evidence and protect it from any alteration
Certificate
Protection of data from unauthorized users
41. A Security Reference Monitor relates to which DoD security standard?
Depcrypting
Assignment
C2
Logic bombs
42. Which range defines 'well known ports?'
Man In The Middle
Stealth viruses
Risk assessment
0-1023
43. MD5 is a ___________ algorithm
Risk Equation
Stealth viruses
One way hash
Symmetric algorithm
44. ________ is the authoritative entity which lists port assignments
0-1023
Password audit
Confidentiality - Availability -Integrity of data
IANA
45. Contain - Recover - Review - Identify - Prepare
X.509
All
NFS
Steps in handling incidents
46. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
C2
CERT - SANS - CERIAS - COAST
Password audit
Payload
47. An intrusion detection system is an example of what type of countermeasure?
Intentions of the perpetrator
Detective
MAC - Mandatory Access Control
0-1023
48. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Passfilt.dll
Symmetric algorithm
Prevent - Recover - Detect
Hackers and crackers
49. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
X.509
Quantitative analysis
0-1023
Risk Equation
50. These should be done on a weekly basis
Protection of data from unauthorized users
Virus definition downloads and system virus scans
Not rigid
TIGER
