SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Confidentiality
CRACK
DSS - Digital Signature Standard
Gathering digital evidence
2. RSA is not based on a ________
Symmetric algorithm
Cisco
CERT - SANS - CERIAS - COAST
Data Hiding
3. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Warning banners
Quantitative analysis
Man In The Middle
Password audit
4. Smart cards are a secure alternative to which weak security mechanism?
Salami attack
Passwords
CERT - SANS - CERIAS - COAST
RADIUS
5. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Not very difficult to break.
0-1023
RSA
6. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
Separation of Duties
Main goal of a risk management program
One way hash
7. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Accountability
SET
Separation of Duties
Data Classification
8. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Reboot or system startup
Man In The Middle
Multi-partite viruses
A PGP Signed message
9. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Logic bombs
SYN Flooding
CERT - SANS - CERIAS - COAST
NFS
10. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Phreaks
Host based - network based
SYN Flooding
Social Engineering
11. IKE - Internet Key Exchange is often used in conjunction with what security standard?
RADIUS
Fixed length
IPSEC
All
12. Allows File owners to determine access rights.
Available service ports
Risk assessment
Decentralized access control
Granularity
13. A boot sector virus goes to work when what event takes place?
Reboot or system startup
SYN Flooding
Available service ports
PGP
14. This free (for personal use) program is used to encrypt and decrypt emails.
Privacy violations
Configuration Control
Host based - network based
PGP
15. A Security Reference Monitor relates to which DoD security standard?
C2
Directive
Social Engineering
Warning Banner
16. ________ is the authoritative entity which lists port assignments
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
IANA
Fixed length
Verisign - Microsoft - Dell
17. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Granularity
Protection of data from unauthorized users
Layer 3 - Host to Host
modems
18. Vulnerability x Threat = RISK is an example of the _______________.
Social Engineering
Stateful Inspection
128
Risk Equation
19. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Cisco
Also
Depcrypting
Data Classification
20. Companies can now be __________ just as easily as they can be sued for security compromises.
Not rigid
Separation of Duties
Sued for privacy violations
Symmetric algorithm
21. __________ is the most famous Unix password cracking tool.
CRACK
Phreaks
Stealth viruses
Depcrypting
22. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Wild
DSS - Digital Signature Standard
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Cisco
23. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Intrusion Detection System
Risk Equation
Phreaks
DSS - Digital Signature Standard
24. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Layer 7 - Application
MAC - Mandatory Access Control
Passfilt.dll
SLE - Single Loss Expectancy
25. Identifying specific attempts to penetrate systems is the function of the _______________.
Certificate
Log files
Available service ports
Intrusion Detection System
26. Digital Certificates use which protocol?
Cryptanalysis
involves only computer to computer transactions
Test virus
X.509
27. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
DAC - Discretionary Access Control
Data Classification
CHAP
Risk Equation
28. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Steps in handling incidents
DAC - Discretionary Access Control
Not rigid
Business enabler
29. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Data Hiding
Multi-partite viruses
Host based - network based
Separation of Duties
30. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
RSA
Business enabler
Cisco
Email
31. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Assignment
CERT - SANS - CERIAS - COAST
Preserve electronic evidence and protect it from any alteration
Stealth viruses
32. Logon and Logoff - Use of User Rights - Security Policy Change
PGP
Preserve electronic evidence and protect it from any alteration
Intrusion Detection System
NT Audit events
33. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Multi-partite viruses
Layer 3 - Host to Host
Cramming
Data Hiding
34. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
CERT - SANS - CERIAS - COAST
Preserve electronic evidence and protect it from any alteration
Ethernet
Reboot or system startup
35. Today - ______________ are almost as serious as security violations
Confidentiality - Availability -Integrity of data
Granularity
Passfilt.dll
Privacy violations
36. ______________ relates to the concept of protecting data from unauthorized users.
Buffer Overflow
Warning Banner
Confidentiality
RSA
37. They specifically target telephone networks
Steps in handling incidents
Phreaks
Log files
Ethernet
38. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
Passwords
Prevent - Recover - Detect
C2
39. Macintosh computers are _____ at risk for receiving viruses.
Directive
Intrusion Detection System
Also
A PGP Signed message
40. Layer 4 of the OSI model corresponds to which layer of the DoD model?
IPSEC
Layer 3 - Host to Host
Hackers and crackers
Configuration Control
41. Stealth viruses live in memory while __________ are written to disk
run applications as generic accounts with little or no privileges.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Logic bombs
Directive
42. ___________________ is responsible for creating security policies and for communicating those policies to system users.
ISO
Fixed length
Social Engineering
Salami attack
43. Countermeasures address security concerns in this category
Stateful Inspection
Information
modems
SET
44. The ability to identify and audit a user and his / her actions is known as ____________.
Hoaxes
Accountability
modems
Wild
45. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Log files
Layer 3 - Host to Host
Polymorphic
46. A ______________ is an electronically generated record that ties a user's ID to their public key.
Log files
Certificate
CVE - Common Vulnerabilities and Exposures
Preserve electronic evidence and protect it from any alteration
47. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Available service ports
Risk assessment
a good password policy
involves only computer to computer transactions
48. Countermeasures' main objectives
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Reboot or system startup
Main goal of a risk management program
Prevent - Recover - Detect
49. HTTP - FTP - SMTP reside at which layer of the OSI model?
Layer 7 - Application
Mobile
IPSEC
Password audit
50. An attempt to break an encryption algorithm is called _____________.
Confidentiality - Availability -Integrity of data
Cryptanalysis
CHAP
Residual risk
