SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ____ members of the staff need to be educated in disaster recovery procedures.
All
Unix / Linux based security tools?
One way hash
Information Security policies
2. Allows File owners to determine access rights.
Wild
SLE - Single Loss Expectancy
To make user certificates available to others
Decentralized access control
3. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
RSA
Log files
S/Key - OPIE
Sniffer
4. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Residual risk
modems
CERT - SANS - CERIAS - COAST
Risk assessment
5. Cable modems are ___________than DSL connections
Multi-partite viruses
Less secure
Data Classification
Reboot or system startup
6. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Phreaks
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Not rigid
Preserve electronic evidence and protect it from any alteration
7. Remote Access Dial-in User Service
Directive
RADIUS
Steps in handling incidents
Ethernet
8. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Layer 7 - Application
Polymorphic
A PGP Signed message
Environmental
9. An intrusion detection system is an example of what type of countermeasure?
Multi-partite viruses
Main goal of a risk management program
Data Hiding
Detective
10. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Confidentiality
Host based - network based
product development life cycle
Accountability
11. ______________ is a Unix security scanning tool developed at Texas A&M university.
run applications as generic accounts with little or no privileges.
A PGP Signed message
TIGER
Decentralized access control
12. Ways to deal with risk.
Acceptance - Transfer - Mitigate
Accountability
Salami attack
Cisco
13. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Salami attack
Logic bombs
Data Classification
ISO
14. ______________ relates to the concept of protecting data from unauthorized users.
SLE - Single Loss Expectancy
Confidentiality
Residual risk
Biometrics
15. A true network security audit does include an audit for _____________
0-1023
MAC - Mandatory Access Control
modems
run applications as generic accounts with little or no privileges.
16. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Layer 3 - Host to Host
Protection of data from unauthorized users
CERT - SANS - CERIAS - COAST
Risk assessment
17. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Unix / Linux based security tools?
Available service ports
Stealth viruses
Passfilt.dll
18. An attempt to break an encryption algorithm is called _____________.
a good password policy
Salami attack
involves only computer to computer transactions
Cryptanalysis
19. Smart cards are a secure alternative to which weak security mechanism?
Detective
To make user certificates available to others
Passwords
Quantitative analysis
20. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Reboot or system startup
NFS
Configuration Control
One way hash
21. RSA is not based on a ________
Password audit
SYN Flooding
Symmetric algorithm
Business enabler
22. Macintosh computers are _____ at risk for receiving viruses.
Presentation Layer - L6
Prevent - Recover - Detect
Also
CVE - Common Vulnerabilities and Exposures
23. _______________ supply AV engines with false information to avoid detection
TIGER
Stealth viruses
Data Classification
Assignment
24. There are 65536 _________
Sued for privacy violations
Available service ports
S/Key - OPIE
Password audit
25. Organizations that can be a valid Certificate Authority (CA)
Warning banners
Intentions of the perpetrator
Verisign - Microsoft - Dell
Social Engineering
26. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Presentation Layer - L6
RADIUS
To make user certificates available to others
27. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
Depcrypting
Symmetric algorithm
Authentication
28. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Host based - network based
Stealth viruses
X.509
Man In The Middle
29. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
run applications as generic accounts with little or no privileges.
Unix / Linux based security tools?
Available service ports
Hoaxes
30. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
ISO
Wild
IANA
31. Combine both boot and file virus behavior
Intentions of the perpetrator
Authentication
X.509
Multi-partite viruses
32. Which of the following is NOT and encryption algorithm?
Verisign - Microsoft - Dell
Information Security policies
SSL
Cisco
33. Accounting - Authentication - and ____________ are the AAAs of information security.
Ethernet
S/Key - OPIE
Depcrypting
Authorization
34. The ultimate goal of a computer forensics specialist is to ___________________.
Also
CERT - SANS - CERIAS - COAST
Preserve electronic evidence and protect it from any alteration
Password audit
35. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
SSL
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
run applications as generic accounts with little or no privileges.
36. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Authorization
RSA
CVE - Common Vulnerabilities and Exposures
SLE - Single Loss Expectancy
37. A Security Reference Monitor relates to which DoD security standard?
Certificate
RADIUS
C2
NT Audit events
38. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Sued for privacy violations
Ethernet
Off site in a climate controlled area
39. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Hackers and crackers
SET
Cramming
Users can gain access to any resource upon request (assuming they have proper permissions)
40. The __________ is the most dangerous part of a virus program.
Cramming
IPSEC
Information
Payload
41. Countermeasures' main objectives
Prevent - Recover - Detect
Also
Reboot or system startup
Depcrypting
42. Logon and Logoff - Use of User Rights - Security Policy Change
SET
NT Audit events
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Man In The Middle
43. The IDEA algorithm (used in PGP) is _______ bits long.
Verisign - Microsoft - Dell
128
Log files
Protection of data from unauthorized users
44. Information security policies are a ___________________.
a good password policy
Steps in handling incidents
Business enabler
All
45. To help managers find the correct cost balance between risks and countermeasures
Authentication
Main goal of a risk management program
Stateful Inspection
Users can gain access to any resource upon request (assuming they have proper permissions)
46. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
128
Privacy violations
To make user certificates available to others
Also
47. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Data Classification
involves only computer to computer transactions
Test virus
Gathering digital evidence
48. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Quantitative analysis
Directive
Biometrics
Depcrypting
49. Digital Certificates use which protocol?
Cisco
Reboot or system startup
Environmental
X.509
50. Which layer of the OSI model handles encryption?
Prevent - Recover - Detect
Hoaxes
Sniffer
Presentation Layer - L6
