SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
Symmetric algorithm
NFS
Not rigid
2. Which organization(s) are responsible for the timely distribution of information security intelligence data?
CERT - SANS - CERIAS - COAST
Authentication
Personal Firewall - IDS - host based - Antivirus
Hackers and crackers
3. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Preserve electronic evidence and protect it from any alteration
Gathering digital evidence
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Less secure
4. To help managers find the correct cost balance between risks and countermeasures
Password audit
Gathering digital evidence
Confidentiality
Main goal of a risk management program
5. Vulnerability x Threat = RISK is an example of the _______________.
Risk Equation
Social Engineering
Multi-partite viruses
Risk assessment
6. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Mobile
NT Audit events
Authentication
7. Organizations that can be a valid Certificate Authority (CA)
C2
Quantitative analysis
Verisign - Microsoft - Dell
Email
8. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Payload
Configuration Control
Buffer Overflow
Polymorphic
9. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Polymorphic
Ethernet
Email
Separation of Duties
10. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Not very difficult to break.
Cramming
NFS
Available service ports
11. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Residual risk
Detective
Mobile
CHAP
12. RSA is not based on a ________
Directive
Passive network attack
Layer 3 - Host to Host
Symmetric algorithm
13. Smart cards are a secure alternative to which weak security mechanism?
Passwords
involves only computer to computer transactions
Main goal of a risk management program
IANA
14. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
SLE - Single Loss Expectancy
Password audit
Granularity
Less secure
15. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Macro
Data Classification
Personal Firewall - IDS - host based - Antivirus
DAC - Discretionary Access Control
16. The __________ is the most dangerous part of a virus program.
A PGP Signed message
Payload
Test virus
Layer 7 - Application
17. Digital Certificates use which protocol?
Directive
To make user certificates available to others
Verisign - Microsoft - Dell
X.509
18. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Biometrics
Ethernet
Cisco
Users can gain access to any resource upon request (assuming they have proper permissions)
19. ______________ is a Unix security scanning tool developed at Texas A&M university.
Cramming
Cisco
Cryptanalysis
TIGER
20. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Warning banners
Hackers and crackers
Man In The Middle
Reboot or system startup
21. HTTP - FTP - SMTP reside at which layer of the OSI model?
Stateful Inspection
Polymorphic
Not rigid
Layer 7 - Application
22. An attempt to break an encryption algorithm is called _____________.
run applications as generic accounts with little or no privileges.
Hoaxes
Cryptanalysis
Biometrics
23. So far - no one has been able to crack the ____________ with Brute Force.
CVE - Common Vulnerabilities and Exposures
NT Audit events
Mobile
IDEA algorithm
24. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Warning Banner
Off site in a climate controlled area
Reboot or system startup
Data Classification
25. Companies can now be __________ just as easily as they can be sued for security compromises.
A PGP Signed message
Quantitative analysis
Data Classification
Sued for privacy violations
26. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
Protection of data from unauthorized users
Information Security policies
Hoaxes
27. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
NFS
Hoaxes
Multi-partite viruses
ISO
28. An intrusion detection system is an example of what type of countermeasure?
Detective
Email
MAC - Mandatory Access Control
Hoaxes
29. _______________ supply AV engines with false information to avoid detection
Warning banners
Stealth viruses
Steps in handling incidents
Protection of data from unauthorized users
30. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
IPSEC
CHAP
Information Security policies
Detective
31. Macintosh computers are _____ at risk for receiving viruses.
PGP
Main goal of a risk management program
Also
Passwords
32. Which range defines 'well known ports?'
Fixed length
Information Security policies
Wild
0-1023
33. ____ members of the staff need to be educated in disaster recovery procedures.
Acceptance - Transfer - Mitigate
Less secure
All
Preserve electronic evidence and protect it from any alteration
34. Layer 4 of the OSI model corresponds to which layer of the DoD model?
MAC - Mandatory Access Control
Quantitative analysis
CRACK
Layer 3 - Host to Host
35. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Passfilt.dll
Virus definition downloads and system virus scans
involves only computer to computer transactions
Confidentiality - Availability -Integrity of data
36. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
NFS
Hoaxes
Protection of data from unauthorized users
Unix / Linux based security tools?
37. The most secure method for storing backup tapes is?
Information Security policies
Passfilt.dll
CVE - Common Vulnerabilities and Exposures
Off site in a climate controlled area
38. Which of the concepts best describes Availability in relation to computer resources?
CVE - Common Vulnerabilities and Exposures
Users can gain access to any resource upon request (assuming they have proper permissions)
Ethernet
Intentions of the perpetrator
39. ______________ is a major component of an overall risk management program.
Virus definition downloads and system virus scans
Hoaxes
MAC - Mandatory Access Control
Risk assessment
40. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Passfilt.dll
Layer 7 - Application
Wild
Separation of Duties
41. ____________ is a file system that was poorly designed and has numerous security flaws.
NT Audit events
NFS
DAC - Discretionary Access Control
Multi-partite viruses
42. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Presentation Layer - L6
Residual risk
a good password policy
CRACK
43. Information security policies are a ___________________.
Data Classification
Business enabler
Layer 7 - Application
Cryptanalysis
44. Allows File owners to determine access rights.
CVE - Common Vulnerabilities and Exposures
Information
Decentralized access control
TIGER
45. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Gathering digital evidence
Payload
SSL
Test virus
46. They specifically target telephone networks
Phreaks
Steps in handling incidents
a good password policy
CVE - Common Vulnerabilities and Exposures
47. ___________________ is responsible for creating security policies and for communicating those policies to system users.
NT Audit events
Warning Banner
ISO
Macro
48. What is the main difference between computer abuse and computer crime?
S/Key - OPIE
Risk Equation
Intentions of the perpetrator
product development life cycle
49. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
A PGP Signed message
Authorization
Layer 3 - Host to Host
Assignment
50. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
Granularity
Reboot or system startup
Password audit
