SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Personal Firewall - IDS - host based - Antivirus
Wild
Presentation Layer - L6
PGP
2. Name two types of Intrusion Detection Systems
Protection of data from unauthorized users
Macro
Host based - network based
Presentation Layer - L6
3. Which of the concepts best describes Availability in relation to computer resources?
Data Classification
Not very difficult to break.
Multi-partite viruses
Users can gain access to any resource upon request (assuming they have proper permissions)
4. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
X.509
Information
Protection of data from unauthorized users
5. ______________ is a Unix security scanning tool developed at Texas A&M university.
Ethernet
TIGER
Protection of data from unauthorized users
Sued for privacy violations
6. Which range defines 'well known ports?'
All
Directive
0-1023
NT Audit events
7. MD5 is a ___________ algorithm
Host based - network based
ISO
Accountability
One way hash
8. So far - no one has been able to crack the ____________ with Brute Force.
IDEA algorithm
Layer 3 - Host to Host
Personal Firewall - IDS - host based - Antivirus
Directive
9. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning Banner
Host based - network based
Warning banners
Virus definition downloads and system virus scans
10. Ways to deal with risk.
involves only computer to computer transactions
a good password policy
Quantitative analysis
Acceptance - Transfer - Mitigate
11. ____ members of the staff need to be educated in disaster recovery procedures.
Passive network attack
All
Intentions of the perpetrator
Virus definition downloads and system virus scans
12. A true network security audit does include an audit for _____________
NFS
modems
Layer 3 - Host to Host
Password audit
13. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
Fixed length
Email
SYN Flooding
14. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
a good password policy
Business enabler
Directive
Steps in handling incidents
15. ______________ is a major component of an overall risk management program.
Layer 7 - Application
Sued for privacy violations
Risk assessment
Salami attack
16. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic
involves only computer to computer transactions
Steps in handling incidents
Sued for privacy violations
17. __________ is a tool used by network administrators to capture packets from a network.
Passive network attack
Users can gain access to any resource upon request (assuming they have proper permissions)
Virus definition downloads and system virus scans
Sniffer
18. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
DSS - Digital Signature Standard
Quantitative analysis
DAC - Discretionary Access Control
Logic bombs
19. Smart cards are a secure alternative to which weak security mechanism?
Directive
IANA
Passwords
PGP
20. _______________ supply AV engines with false information to avoid detection
Stealth viruses
Risk Equation
128
Also
21. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Cramming
C2
Quantitative analysis
involves only computer to computer transactions
22. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Ethernet
Phreaks
product development life cycle
Separation of Duties
23. Accounting - Authentication - and ____________ are the AAAs of information security.
One way hash
CHAP
Acceptance - Transfer - Mitigate
Authorization
24. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
modems
Personal Firewall - IDS - host based - Antivirus
Hoaxes
Residual risk
25. The ability to adjust access control to the exact amount of permission necessary is called ______________.
0-1023
Granularity
DAC - Discretionary Access Control
Stealth viruses
26. This free (for personal use) program is used to encrypt and decrypt emails.
Sued for privacy violations
Prevent - Recover - Detect
PGP
MAC - Mandatory Access Control
27. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
One way hash
SLE - Single Loss Expectancy
Passive network attack
28. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
IPSEC
Authorization
Reboot or system startup
Configuration Control
29. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
Confidentiality - Availability -Integrity of data
IANA
Layer 7 - Application
30. An intrusion detection system is an example of what type of countermeasure?
Passive network attack
Mobile
Detective
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
31. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
IDEA algorithm
a good password policy
Buffer Overflow
Layer 7 - Application
32. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Hackers and crackers
Prevent - Recover - Detect
Test virus
Not very difficult to break.
33. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
C2
Password audit
Protection of data from unauthorized users
SYN Flooding
34. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Biometrics
IPSEC
Sued for privacy violations
Password audit
35. The ability to identify and audit a user and his / her actions is known as ____________.
Hackers and crackers
A PGP Signed message
Acceptance - Transfer - Mitigate
Accountability
36. Vulnerability x Threat = RISK is an example of the _______________.
CERT - SANS - CERIAS - COAST
Acceptance - Transfer - Mitigate
Risk Equation
IANA
37. ________ is the authoritative entity which lists port assignments
Authentication
CRACK
IANA
Passfilt.dll
38. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Less secure
ISO
Cisco
Passive network attack
39. What security principle is based on the division of job responsibilities - designed to prevent fraud?
S/Key - OPIE
run applications as generic accounts with little or no privileges.
Separation of Duties
SSL
40. Wiretapping is an example of a ________.
Acceptance - Transfer - Mitigate
Payload
Detective
Passive network attack
41. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Not rigid
Also
Hackers and crackers
CVE - Common Vulnerabilities and Exposures
42. A formula used in Quantitative risk analysis
Buffer Overflow
Protection of data from unauthorized users
SLE - Single Loss Expectancy
Virus definition downloads and system virus scans
43. Cable modems are ___________than DSL connections
TIGER
Off site in a climate controlled area
Less secure
Quantitative analysis
44. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Accountability
Man In The Middle
Protection of data from unauthorized users
A PGP Signed message
45. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Sued for privacy violations
Wild
One way hash
Authentication
46. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Users can gain access to any resource upon request (assuming they have proper permissions)
Decentralized access control
Test virus
run applications as generic accounts with little or no privileges.
47. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Stateful Inspection
Cryptanalysis
Layer 7 - Application
SSL
48. Countermeasures address security concerns in this category
Cryptanalysis
Layer 7 - Application
run applications as generic accounts with little or no privileges.
Information
49. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Quantitative analysis
involves only computer to computer transactions
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
DAC - Discretionary Access Control
50. The IDEA algorithm (used in PGP) is _______ bits long.
Configuration Control
Cramming
0-1023
128
