SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Cryptanalysis
Cisco
SYN Flooding
Intrusion Detection System
2. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Password audit
Residual risk
Authorization
Cryptanalysis
3. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Not rigid
128
Information
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
4. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
A PGP Signed message
DSS - Digital Signature Standard
Configuration Control
5. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Passfilt.dll
PGP
NFS
Hoaxes
6. Wiretapping is an example of a ________.
Passive network attack
All
Hackers and crackers
Reboot or system startup
7. This free (for personal use) program is used to encrypt and decrypt emails.
Stateful Inspection
PGP
Gathering digital evidence
Environmental
8. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Passwords
DAC - Discretionary Access Control
Gathering digital evidence
SYN Flooding
9. DES - Data Encryption standard has a 128 bit key and is ________
a good password policy
Biometrics
Not very difficult to break.
Directive
10. Organizations that can be a valid Certificate Authority (CA)
TIGER
Warning Banner
Risk assessment
Verisign - Microsoft - Dell
11. Companies can now be __________ just as easily as they can be sued for security compromises.
TIGER
Cisco
Sued for privacy violations
Confidentiality - Availability -Integrity of data
12. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Reboot or system startup
Authorization
Wild
Layer 3 - Host to Host
13. A true network security audit does include an audit for _____________
One way hash
Sniffer
modems
Unix / Linux based security tools?
14. Public keys are used for encrypting messages and private keys are used for __________messages.
Depcrypting
Virus definition downloads and system virus scans
Quantitative analysis
Authentication
15. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
product development life cycle
Certificate
SLE - Single Loss Expectancy
DAC - Discretionary Access Control
16. What is the main difference between computer abuse and computer crime?
Off site in a climate controlled area
Not very difficult to break.
Intentions of the perpetrator
DAC - Discretionary Access Control
17. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Granularity
Intrusion Detection System
Stateful Inspection
Detective
18. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
SLE - Single Loss Expectancy
Personal Firewall - IDS - host based - Antivirus
Stealth viruses
128
19. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Test virus
Available service ports
Prevent - Recover - Detect
Preserve electronic evidence and protect it from any alteration
20. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
involves only computer to computer transactions
Authentication
Wild
Cramming
21. It is difficult to prosecute a computer criminal if _________ are not deployed
Layer 3 - Host to Host
Warning banners
Virus definition downloads and system virus scans
Host based - network based
22. Today - ______________ are almost as serious as security violations
involves only computer to computer transactions
Directive
S/Key - OPIE
Privacy violations
23. Smart cards are a secure alternative to which weak security mechanism?
Phreaks
Passwords
Salami attack
Quantitative analysis
24. A formula used in Quantitative risk analysis
Reboot or system startup
Biometrics
Main goal of a risk management program
SLE - Single Loss Expectancy
25. Combine both boot and file virus behavior
Multi-partite viruses
Gathering digital evidence
Detective
product development life cycle
26. So far - no one has been able to crack the ____________ with Brute Force.
Detective
IDEA algorithm
Wild
RADIUS
27. Logon and Logoff - Use of User Rights - Security Policy Change
Sued for privacy violations
NT Audit events
Personal Firewall - IDS - host based - Antivirus
Stealth viruses
28. Which of the concepts best describes Availability in relation to computer resources?
Detective
Users can gain access to any resource upon request (assuming they have proper permissions)
Passive network attack
Certificate
29. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
Available service ports
Phreaks
Users can gain access to any resource upon request (assuming they have proper permissions)
30. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Hoaxes
Accountability
Residual risk
Passfilt.dll
31. Information security policies are a ___________________.
Virus definition downloads and system virus scans
Available service ports
Business enabler
Passive network attack
32. The most secure method for storing backup tapes is?
Environmental
Off site in a climate controlled area
Cramming
Logic bombs
33. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Payload
ISO
CVE - Common Vulnerabilities and Exposures
34. Countermeasures' main objectives
NFS
Prevent - Recover - Detect
Email
Environmental
35. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Authentication
SET
Phreaks
C2
36. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Information
Ethernet
Social Engineering
TIGER
37. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Environmental
Log files
Warning banners
CERT - SANS - CERIAS - COAST
38. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
DSS - Digital Signature Standard
Configuration Control
Data Classification
Email
39. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
product development life cycle
Gathering digital evidence
Virus definition downloads and system virus scans
40. The ability to identify and audit a user and his / her actions is known as ____________.
Accountability
NT Audit events
IDEA algorithm
Polymorphic
41. ________ is the authoritative entity which lists port assignments
0-1023
Authentication
IANA
CVE - Common Vulnerabilities and Exposures
42. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Decentralized access control
Stateful Inspection
Warning banners
43. RSA is not based on a ________
Configuration Control
Symmetric algorithm
Not very difficult to break.
RSA
44. MD5 is a ___________ algorithm
Detective
One way hash
Email
Test virus
45. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Gathering digital evidence
Hackers and crackers
ISO
CHAP
46. ____ members of the staff need to be educated in disaster recovery procedures.
All
To make user certificates available to others
Stateful Inspection
Social Engineering
47. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Information
run applications as generic accounts with little or no privileges.
Polymorphic
Man In The Middle
48. The IDEA algorithm (used in PGP) is _______ bits long.
Hoaxes
Layer 3 - Host to Host
Logic bombs
128
49. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Granularity
Information
Certificate
Multi-partite viruses
50. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Buffer Overflow
Macro
Data Hiding
Assignment
