SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Passfilt.dll
Stateful Inspection
product development life cycle
Business enabler
2. Wiretapping is an example of a ________.
Hackers and crackers
Passive network attack
Ethernet
Intrusion Detection System
3. Data being delivered from the source to the intended receiver without being altered
128
Salami attack
Layer 3 - Host to Host
Protection of data from unauthorized users
4. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
NFS
RSA
Residual risk
CRACK
5. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
a good password policy
One way hash
C2
6. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
CHAP
Main goal of a risk management program
Hackers and crackers
Confidentiality - Availability -Integrity of data
7. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Passive network attack
Information Security policies
Risk Equation
Polymorphic
8. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Social Engineering
Decentralized access control
Layer 7 - Application
9. Combine both boot and file virus behavior
Cramming
a good password policy
Decentralized access control
Multi-partite viruses
10. Examples of One- Time Password technology
Available service ports
S/Key - OPIE
Intentions of the perpetrator
Cryptanalysis
11. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
DAC - Discretionary Access Control
128
Prevent - Recover - Detect
Directive
12. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Environmental
Verisign - Microsoft - Dell
A PGP Signed message
Intentions of the perpetrator
13. A standardized list of the most common security weaknesses and exploits is the __________.
One way hash
SSL
CVE - Common Vulnerabilities and Exposures
128
14. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Directive
Man In The Middle
Passwords
NT Audit events
15. Logon and Logoff - Use of User Rights - Security Policy Change
Intentions of the perpetrator
One way hash
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
NT Audit events
16. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Risk assessment
Protection of data from unauthorized users
Ethernet
Password audit
17. Which of the concepts best describes Availability in relation to computer resources?
Warning Banner
Risk Equation
Users can gain access to any resource upon request (assuming they have proper permissions)
Ethernet
18. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
involves only computer to computer transactions
Logic bombs
Phreaks
Authorization
19. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Symmetric algorithm
Preserve electronic evidence and protect it from any alteration
Host based - network based
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
20. A formula used in Quantitative risk analysis
SLE - Single Loss Expectancy
Prevent - Recover - Detect
Confidentiality - Availability -Integrity of data
Layer 7 - Application
21. _______________ supply AV engines with false information to avoid detection
Presentation Layer - L6
Log files
MAC - Mandatory Access Control
Stealth viruses
22. An intrusion detection system is an example of what type of countermeasure?
Host based - network based
Sniffer
Detective
Stateful Inspection
23. Public keys are used for encrypting messages and private keys are used for __________messages.
Symmetric algorithm
Depcrypting
Accountability
All
24. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Biometrics
Polymorphic
Environmental
run applications as generic accounts with little or no privileges.
25. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
modems
Accountability
DSS - Digital Signature Standard
Quantitative analysis
26. A boot sector virus goes to work when what event takes place?
SSL
Hoaxes
Reboot or system startup
Passfilt.dll
27. ______________ is a major component of an overall risk management program.
Users can gain access to any resource upon request (assuming they have proper permissions)
C2
involves only computer to computer transactions
Risk assessment
28. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
C2
Granularity
Log files
29. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
CVE - Common Vulnerabilities and Exposures
Information
Hoaxes
Residual risk
30. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Layer 3 - Host to Host
DSS - Digital Signature Standard
Business enabler
A PGP Signed message
31. Which of the following is NOT and encryption algorithm?
SSL
Less secure
Accountability
Information Security policies
32. __________ is a tool used by network administrators to capture packets from a network.
Passwords
Sniffer
ISO
Test virus
33. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
S/Key - OPIE
DAC - Discretionary Access Control
Unix / Linux based security tools?
Risk assessment
34. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Intrusion Detection System
Salami attack
Business enabler
Cisco
35. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Passfilt.dll
Also
MAC - Mandatory Access Control
DAC - Discretionary Access Control
36. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Log files
Logic bombs
involves only computer to computer transactions
Buffer Overflow
37. A one way hash converts a string of random length into a _______________ encrypted string.
Data Hiding
Symmetric algorithm
Verisign - Microsoft - Dell
Fixed length
38. ______________ relates to the concept of protecting data from unauthorized users.
Buffer Overflow
involves only computer to computer transactions
Unix / Linux based security tools?
Confidentiality
39. So far - no one has been able to crack the ____________ with Brute Force.
Also
Sued for privacy violations
Ethernet
IDEA algorithm
40. Cable modems are ___________than DSL connections
Less secure
Accountability
Personal Firewall - IDS - host based - Antivirus
Warning banners
41. What is the main difference between computer abuse and computer crime?
Confidentiality
Polymorphic
Intentions of the perpetrator
IANA
42. ______________ is a Unix security scanning tool developed at Texas A&M university.
Hoaxes
Presentation Layer - L6
Confidentiality - Availability -Integrity of data
TIGER
43. Digital Certificates use which protocol?
Off site in a climate controlled area
DAC - Discretionary Access Control
Users can gain access to any resource upon request (assuming they have proper permissions)
X.509
44. RSA is not based on a ________
Layer 7 - Application
Symmetric algorithm
Data Hiding
Quantitative analysis
45. ________ is the authoritative entity which lists port assignments
Decentralized access control
IANA
128
Off site in a climate controlled area
46. Which layer of the OSI model handles encryption?
Presentation Layer - L6
Log files
Configuration Control
Payload
47. A true network security audit does include an audit for _____________
Fixed length
modems
All
Stealth viruses
48. A Security Reference Monitor relates to which DoD security standard?
Quantitative analysis
Log files
C2
Certificate
49. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
RSA
Depcrypting
Data Hiding
Personal Firewall - IDS - host based - Antivirus
50. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Users can gain access to any resource upon request (assuming they have proper permissions)
Hackers and crackers
NFS
All
