SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ______________ is a major component of an overall risk management program.
Risk assessment
Passfilt.dll
Directive
Salami attack
2. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
Users can gain access to any resource upon request (assuming they have proper permissions)
Authorization
CRACK
3. The IDEA algorithm (used in PGP) is _______ bits long.
Host based - network based
128
Salami attack
To make user certificates available to others
4. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Intentions of the perpetrator
X.509
Separation of Duties
5. Identifying specific attempts to penetrate systems is the function of the _______________.
Symmetric algorithm
To make user certificates available to others
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Intrusion Detection System
6. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Users can gain access to any resource upon request (assuming they have proper permissions)
Logic bombs
CRACK
7. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Environmental
Layer 3 - Host to Host
Man In The Middle
SLE - Single Loss Expectancy
8. Digital Certificates use which protocol?
X.509
SLE - Single Loss Expectancy
DSS - Digital Signature Standard
128
9. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Social Engineering
involves only computer to computer transactions
CVE - Common Vulnerabilities and Exposures
Layer 3 - Host to Host
10. Ways to deal with risk.
To make user certificates available to others
Mobile
SLE - Single Loss Expectancy
Acceptance - Transfer - Mitigate
11. A standardized list of the most common security weaknesses and exploits is the __________.
SET
One way hash
CVE - Common Vulnerabilities and Exposures
IPSEC
12. Name two types of Intrusion Detection Systems
Passwords
Host based - network based
Sued for privacy violations
Depcrypting
13. The most secure method for storing backup tapes is?
Off site in a climate controlled area
run applications as generic accounts with little or no privileges.
Separation of Duties
All
14. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
To make user certificates available to others
CERT - SANS - CERIAS - COAST
Steps in handling incidents
15. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Test virus
S/Key - OPIE
Macro
Decentralized access control
16. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Polymorphic
Privacy violations
Environmental
Layer 3 - Host to Host
17. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Steps in handling incidents
Ethernet
Authentication
Environmental
18. One method that can reduce exposure to malicious code is to ___________________
Risk Equation
run applications as generic accounts with little or no privileges.
Confidentiality - Availability -Integrity of data
Password audit
19. Which layer of the OSI model handles encryption?
Presentation Layer - L6
Information Security policies
Information
Certificate
20. The ability to identify and audit a user and his / her actions is known as ____________.
A PGP Signed message
Accountability
Biometrics
NT Audit events
21. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Confidentiality
SET
Gathering digital evidence
Test virus
22. ________ is the authoritative entity which lists port assignments
IANA
Warning banners
Configuration Control
Test virus
23. Examples of One- Time Password technology
Preserve electronic evidence and protect it from any alteration
Directive
S/Key - OPIE
Acceptance - Transfer - Mitigate
24. What is the main difference between computer abuse and computer crime?
Layer 7 - Application
Intentions of the perpetrator
Residual risk
Warning Banner
25. Allows File owners to determine access rights.
Decentralized access control
CVE - Common Vulnerabilities and Exposures
Sniffer
Man In The Middle
26. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Polymorphic
Assignment
Steps in handling incidents
MAC - Mandatory Access Control
27. Companies can now be __________ just as easily as they can be sued for security compromises.
Users can gain access to any resource upon request (assuming they have proper permissions)
Prevent - Recover - Detect
Sued for privacy violations
SYN Flooding
28. The ability to adjust access control to the exact amount of permission necessary is called ______________.
involves only computer to computer transactions
Prevent - Recover - Detect
X.509
Granularity
29. Public keys are used for encrypting messages and private keys are used for __________messages.
Users can gain access to any resource upon request (assuming they have proper permissions)
Payload
Depcrypting
Detective
30. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Available service ports
NT Audit events
IPSEC
Information Security policies
31. Accounting - Authentication - and ____________ are the AAAs of information security.
Personal Firewall - IDS - host based - Antivirus
DSS - Digital Signature Standard
Authorization
C2
32. Smart cards are a secure alternative to which weak security mechanism?
Stealth viruses
Verisign - Microsoft - Dell
Passwords
Authorization
33. Remote Access Dial-in User Service
RADIUS
Granularity
SSL
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
34. Data being delivered from the source to the intended receiver without being altered
TIGER
Protection of data from unauthorized users
Also
S/Key - OPIE
35. A true network security audit does include an audit for _____________
Fixed length
modems
SYN Flooding
Cramming
36. DES - Data Encryption standard has a 128 bit key and is ________
CERT - SANS - CERIAS - COAST
TIGER
Not very difficult to break.
Stealth viruses
37. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Steps in handling incidents
Preserve electronic evidence and protect it from any alteration
Quantitative analysis
Passfilt.dll
38. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Symmetric algorithm
Wild
Confidentiality - Availability -Integrity of data
product development life cycle
39. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Layer 7 - Application
All
Social Engineering
Protection of data from unauthorized users
40. ______________ relates to the concept of protecting data from unauthorized users.
Reboot or system startup
SET
Confidentiality
Fixed length
41. Vulnerability x Threat = RISK is an example of the _______________.
Risk Equation
Available service ports
Email
Password audit
42. Which range defines 'well known ports?'
Not very difficult to break.
0-1023
Polymorphic
A PGP Signed message
43. RSA is not based on a ________
Symmetric algorithm
Data Hiding
Not very difficult to break.
Users can gain access to any resource upon request (assuming they have proper permissions)
44. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Ethernet
Information
IPSEC
Configuration Control
45. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
PGP
Data Hiding
A PGP Signed message
Ethernet
46. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Sniffer
Verisign - Microsoft - Dell
Data Hiding
Quantitative analysis
47. Main goals of an information security program
Accountability
Confidentiality - Availability -Integrity of data
Steps in handling incidents
Passive network attack
48. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Cramming
Off site in a climate controlled area
SET
Stateful Inspection
49. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Biometrics
C2
Fixed length
Salami attack
50. So far - no one has been able to crack the ____________ with Brute Force.
Business enabler
Available service ports
run applications as generic accounts with little or no privileges.
IDEA algorithm
