SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Log files
Data Classification
Users can gain access to any resource upon request (assuming they have proper permissions)
Environmental
2. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Salami attack
Steps in handling incidents
Layer 3 - Host to Host
All
3. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
SSL
Directive
Also
Assignment
4. There are 5 classes of IP addresses available - but only 3 classes are in common use today
CERT - SANS - CERIAS - COAST
Host based - network based
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Data Hiding
5. There are 65536 _________
Available service ports
Fixed length
Ethernet
Mobile
6. An intrusion detection system is an example of what type of countermeasure?
CHAP
a good password policy
Detective
Steps in handling incidents
7. __________ is a tool used by network administrators to capture packets from a network.
Stealth viruses
Sniffer
Off site in a climate controlled area
Hackers and crackers
8. Countermeasures address security concerns in this category
Fixed length
Information
involves only computer to computer transactions
Main goal of a risk management program
9. A formula used in Quantitative risk analysis
SLE - Single Loss Expectancy
A PGP Signed message
Email
Mobile
10. A one way hash converts a string of random length into a _______________ encrypted string.
SYN Flooding
Social Engineering
Separation of Duties
Fixed length
11. This free (for personal use) program is used to encrypt and decrypt emails.
Symmetric algorithm
MAC - Mandatory Access Control
Presentation Layer - L6
PGP
12. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Layer 3 - Host to Host
Information
Information Security policies
Accountability
13. Which range defines 'well known ports?'
Users can gain access to any resource upon request (assuming they have proper permissions)
Separation of Duties
Main goal of a risk management program
0-1023
14. A true network security audit does include an audit for _____________
NFS
modems
Multi-partite viruses
Logic bombs
15. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
CHAP
a good password policy
Intrusion Detection System
16. Stealth viruses live in memory while __________ are written to disk
Hackers and crackers
Virus definition downloads and system virus scans
Logic bombs
S/Key - OPIE
17. ______________ relates to the concept of protecting data from unauthorized users.
Hoaxes
SSL
Sued for privacy violations
Confidentiality
18. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Authorization
Assignment
Authentication
Wild
19. DES - Data Encryption standard has a 128 bit key and is ________
C2
Presentation Layer - L6
SYN Flooding
Not very difficult to break.
20. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Also
Hackers and crackers
Personal Firewall - IDS - host based - Antivirus
Directive
21. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
Warning banners
Email
Social Engineering
22. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
DSS - Digital Signature Standard
C2
Gathering digital evidence
Logic bombs
23. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Buffer Overflow
a good password policy
Email
Environmental
24. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Also
Cramming
Available service ports
Sued for privacy violations
25. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Sniffer
Data Hiding
IPSEC
Ethernet
26. Examples of One- Time Password technology
S/Key - OPIE
IDEA algorithm
Also
Data Classification
27. The most secure method for storing backup tapes is?
Off site in a climate controlled area
IPSEC
C2
CVE - Common Vulnerabilities and Exposures
28. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
ISO
Ethernet
Preserve electronic evidence and protect it from any alteration
Quantitative analysis
29. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
involves only computer to computer transactions
Environmental
IANA
CRACK
30. Public keys are used for encrypting messages and private keys are used for __________messages.
Cramming
TIGER
Depcrypting
NT Audit events
31. Companies can now be __________ just as easily as they can be sued for security compromises.
Sued for privacy violations
Logic bombs
IANA
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
32. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Users can gain access to any resource upon request (assuming they have proper permissions)
Privacy violations
Residual risk
SET
33. Identifying specific attempts to penetrate systems is the function of the _______________.
Off site in a climate controlled area
Acceptance - Transfer - Mitigate
C2
Intrusion Detection System
34. Digital Certificates use which protocol?
X.509
Business enabler
Symmetric algorithm
Depcrypting
35. Main goals of an information security program
Mobile
Confidentiality - Availability -Integrity of data
Passfilt.dll
To make user certificates available to others
36. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
DAC - Discretionary Access Control
Cisco
Logic bombs
37. ____ members of the staff need to be educated in disaster recovery procedures.
Gathering digital evidence
All
Decentralized access control
Warning Banner
38. Organizations that can be a valid Certificate Authority (CA)
SLE - Single Loss Expectancy
Log files
Data Hiding
Verisign - Microsoft - Dell
39. So far - no one has been able to crack the ____________ with Brute Force.
Decentralized access control
Multi-partite viruses
Reboot or system startup
IDEA algorithm
40. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Test virus
Log files
Warning Banner
Warning banners
41. Macintosh computers are _____ at risk for receiving viruses.
IANA
Accountability
X.509
Also
42. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
To make user certificates available to others
All
PGP
Accountability
43. It is difficult to prosecute a computer criminal if _________ are not deployed
Risk assessment
Passwords
All
Warning banners
44. These should be done on a weekly basis
ISO
Virus definition downloads and system virus scans
SYN Flooding
CVE - Common Vulnerabilities and Exposures
45. HTTP - FTP - SMTP reside at which layer of the OSI model?
Information Security policies
Buffer Overflow
Layer 7 - Application
A PGP Signed message
46. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Biometrics
NT Audit events
Available service ports
Data Hiding
47. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Unix / Linux based security tools?
IANA
product development life cycle
Data Hiding
48. Wiretapping is an example of a ________.
Layer 7 - Application
Passive network attack
Authentication
TIGER
49. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
Quantitative analysis
Passfilt.dll
Layer 7 - Application
50. What is the main difference between computer abuse and computer crime?
Prevent - Recover - Detect
Stealth viruses
Certificate
Intentions of the perpetrator
