SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Data Hiding
Granularity
Confidentiality - Availability -Integrity of data
Directive
2. __________ is the most famous Unix password cracking tool.
Salami attack
Passive network attack
CRACK
Logic bombs
3. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
CHAP
Data Classification
CRACK
Information Security policies
4. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
CVE - Common Vulnerabilities and Exposures
A PGP Signed message
Main goal of a risk management program
Intrusion Detection System
5. ___________________ is responsible for creating security policies and for communicating those policies to system users.
run applications as generic accounts with little or no privileges.
product development life cycle
involves only computer to computer transactions
ISO
6. ______________ relates to the concept of protecting data from unauthorized users.
Presentation Layer - L6
Confidentiality
Environmental
Gathering digital evidence
7. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Separation of Duties
A PGP Signed message
Polymorphic
Intentions of the perpetrator
8. __________ is a tool used by network administrators to capture packets from a network.
Phreaks
Sniffer
Hoaxes
Email
9. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Directive
NFS
Cisco
Data Classification
10. Accounting - Authentication - and ____________ are the AAAs of information security.
Warning banners
Reboot or system startup
Verisign - Microsoft - Dell
Authorization
11. The most secure method for storing backup tapes is?
Wild
Gathering digital evidence
MAC - Mandatory Access Control
Off site in a climate controlled area
12. Allows File owners to determine access rights.
Hoaxes
Sniffer
Decentralized access control
Business enabler
13. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Confidentiality
Wild
TIGER
ISO
14. Main goals of an information security program
Cramming
Social Engineering
A PGP Signed message
Confidentiality - Availability -Integrity of data
15. To help managers find the correct cost balance between risks and countermeasures
Quantitative analysis
128
Confidentiality
Main goal of a risk management program
16. Identifying specific attempts to penetrate systems is the function of the _______________.
128
Hoaxes
Intrusion Detection System
All
17. Logon and Logoff - Use of User Rights - Security Policy Change
Available service ports
Man In The Middle
NT Audit events
Email
18. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Man In The Middle
Intentions of the perpetrator
Information
Biometrics
19. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Buffer Overflow
Macro
S/Key - OPIE
NT Audit events
20. A ______________ is an electronically generated record that ties a user's ID to their public key.
Phreaks
Intrusion Detection System
RSA
Certificate
21. So far - no one has been able to crack the ____________ with Brute Force.
Fixed length
Cisco
IDEA algorithm
Logic bombs
22. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Cisco
Intentions of the perpetrator
Sniffer
Assignment
23. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Ethernet
DSS - Digital Signature Standard
X.509
Risk Equation
24. There are 5 classes of IP addresses available - but only 3 classes are in common use today
To make user certificates available to others
PGP
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Reboot or system startup
25. Wiretapping is an example of a ________.
All
Confidentiality - Availability -Integrity of data
Passive network attack
Email
26. RSA is not based on a ________
Intrusion Detection System
Wild
Symmetric algorithm
Business enabler
27. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
SYN Flooding
Layer 3 - Host to Host
Phreaks
RSA
28. It is difficult to prosecute a computer criminal if _________ are not deployed
Decentralized access control
C2
Certificate
Warning banners
29. A one way hash converts a string of random length into a _______________ encrypted string.
a good password policy
One way hash
Presentation Layer - L6
Fixed length
30. Which of the concepts best describes Availability in relation to computer resources?
Certificate
Users can gain access to any resource upon request (assuming they have proper permissions)
Hackers and crackers
Protection of data from unauthorized users
31. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Unix / Linux based security tools?
Warning banners
Directive
Detective
32. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Warning Banner
Hoaxes
Main goal of a risk management program
Personal Firewall - IDS - host based - Antivirus
33. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Risk assessment
Separation of Duties
Assignment
Layer 7 - Application
34. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Information Security policies
Preserve electronic evidence and protect it from any alteration
MAC - Mandatory Access Control
Privacy violations
35. These should be done on a weekly basis
Certificate
Hoaxes
Virus definition downloads and system virus scans
Less secure
36. Today - ______________ are almost as serious as security violations
IPSEC
ISO
Granularity
Privacy violations
37. Macintosh computers are _____ at risk for receiving viruses.
Phreaks
Also
Layer 3 - Host to Host
Ethernet
38. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Granularity
SYN Flooding
Confidentiality
involves only computer to computer transactions
39. Data being delivered from the source to the intended receiver without being altered
Password audit
Protection of data from unauthorized users
Configuration Control
Less secure
40. ________ is the authoritative entity which lists port assignments
Cramming
Separation of Duties
IANA
Hoaxes
41. Which layer of the OSI model handles encryption?
Email
Environmental
Protection of data from unauthorized users
Presentation Layer - L6
42. ______________ is a major component of an overall risk management program.
Risk assessment
Stateful Inspection
Reboot or system startup
Acceptance - Transfer - Mitigate
43. Examples of One- Time Password technology
S/Key - OPIE
Decentralized access control
Protection of data from unauthorized users
Steps in handling incidents
44. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
DAC - Discretionary Access Control
Preserve electronic evidence and protect it from any alteration
Macro
Quantitative analysis
45. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Buffer Overflow
Log files
a good password policy
Hackers and crackers
46. They specifically target telephone networks
One way hash
Phreaks
Decentralized access control
SYN Flooding
47. A true network security audit does include an audit for _____________
modems
Risk assessment
Warning Banner
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
48. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Fixed length
Symmetric algorithm
modems
Gathering digital evidence
49. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Users can gain access to any resource upon request (assuming they have proper permissions)
RSA
Host based - network based
Not rigid
50. S/MIME was developed for the protection of what communication mechanism(s)?
Less secure
Email
Password audit
Passwords