SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
NT Audit events
X.509
Man In The Middle
Environmental
2. Countermeasures' main objectives
NT Audit events
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Polymorphic
Prevent - Recover - Detect
3. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Confidentiality - Availability -Integrity of data
Passfilt.dll
Macro
Acceptance - Transfer - Mitigate
4. An attempt to break an encryption algorithm is called _____________.
Warning banners
Passwords
Cryptanalysis
Separation of Duties
5. The IDEA algorithm (used in PGP) is _______ bits long.
128
Stealth viruses
RSA
Social Engineering
6. Combine both boot and file virus behavior
Stealth viruses
Multi-partite viruses
Ethernet
Intrusion Detection System
7. S/MIME was developed for the protection of what communication mechanism(s)?
Residual risk
IDEA algorithm
Layer 7 - Application
Email
8. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Configuration Control
Stateful Inspection
Polymorphic
DSS - Digital Signature Standard
9. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Gathering digital evidence
Multi-partite viruses
Information
Information Security policies
10. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Decentralized access control
MAC - Mandatory Access Control
Residual risk
Layer 7 - Application
11. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Decentralized access control
CERT - SANS - CERIAS - COAST
CRACK
Quantitative analysis
12. This free (for personal use) program is used to encrypt and decrypt emails.
PGP
IANA
Confidentiality - Availability -Integrity of data
Authorization
13. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Cramming
Stateful Inspection
modems
Risk assessment
14. A formula used in Quantitative risk analysis
Authorization
SLE - Single Loss Expectancy
DAC - Discretionary Access Control
Authentication
15. Which layer of the OSI model handles encryption?
Presentation Layer - L6
DSS - Digital Signature Standard
TIGER
Virus definition downloads and system virus scans
16. RSA is not based on a ________
Ethernet
Acceptance - Transfer - Mitigate
Symmetric algorithm
Hoaxes
17. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Data Hiding
Data Classification
Separation of Duties
A PGP Signed message
18. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Passive network attack
ISO
CERT - SANS - CERIAS - COAST
SSL
19. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
CHAP
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Password audit
Users can gain access to any resource upon request (assuming they have proper permissions)
20. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
MAC - Mandatory Access Control
Data Hiding
Unix / Linux based security tools?
21. Organizations that can be a valid Certificate Authority (CA)
Biometrics
Not rigid
Information Security policies
Verisign - Microsoft - Dell
22. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Mobile
Macro
Sniffer
S/Key - OPIE
23. Information security policies are a ___________________.
Business enabler
Assignment
SET
One way hash
24. These should be done on a weekly basis
Intentions of the perpetrator
C2
Virus definition downloads and system virus scans
NT Audit events
25. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
To make user certificates available to others
Buffer Overflow
CERT - SANS - CERIAS - COAST
product development life cycle
26. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
SSL
Logic bombs
To make user certificates available to others
Steps in handling incidents
27. They specifically target telephone networks
Symmetric algorithm
NFS
IANA
Phreaks
28. Which of the following is NOT and encryption algorithm?
One way hash
Biometrics
Stealth viruses
SSL
29. ____________ is a file system that was poorly designed and has numerous security flaws.
a good password policy
S/Key - OPIE
X.509
NFS
30. A Security Reference Monitor relates to which DoD security standard?
Man In The Middle
C2
Separation of Duties
CRACK
31. There are 65536 _________
Available service ports
Verisign - Microsoft - Dell
Social Engineering
One way hash
32. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
SLE - Single Loss Expectancy
Biometrics
Certificate
33. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Virus definition downloads and system virus scans
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Man In The Middle
Email
34. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Buffer Overflow
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Authentication
NT Audit events
35. __________ is the most famous Unix password cracking tool.
CRACK
Configuration Control
ISO
Environmental
36. Digital Certificates use which protocol?
Warning banners
X.509
Presentation Layer - L6
Confidentiality
37. __________ is a tool used by network administrators to capture packets from a network.
CRACK
Biometrics
Protection of data from unauthorized users
Sniffer
38. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Fixed length
Cryptanalysis
DSS - Digital Signature Standard
Cramming
39. Ways to deal with risk.
Risk assessment
Payload
Mobile
Acceptance - Transfer - Mitigate
40. Wiretapping is an example of a ________.
Biometrics
Passive network attack
Risk assessment
To make user certificates available to others
41. Countermeasures address security concerns in this category
Stateful Inspection
X.509
Information
S/Key - OPIE
42. Committing computer crimes in such small doses that they almost go unnoticed.
involves only computer to computer transactions
Confidentiality - Availability -Integrity of data
Salami attack
IPSEC
43. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Risk Equation
product development life cycle
Certificate
DAC - Discretionary Access Control
44. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Not rigid
DAC - Discretionary Access Control
Quantitative analysis
Hackers and crackers
45. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Wild
Risk Equation
CRACK
Log files
46. Companies can now be __________ just as easily as they can be sued for security compromises.
Environmental
IPSEC
Sued for privacy violations
Confidentiality - Availability -Integrity of data
47. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
modems
IANA
Test virus
SSL
48. A boot sector virus goes to work when what event takes place?
Configuration Control
Reboot or system startup
Macro
Depcrypting
49. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Cramming
One way hash
run applications as generic accounts with little or no privileges.
involves only computer to computer transactions
50. Data being delivered from the source to the intended receiver without being altered
Host based - network based
Hoaxes
Protection of data from unauthorized users
CVE - Common Vulnerabilities and Exposures