SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. _______________ supply AV engines with false information to avoid detection
Stealth viruses
Risk Equation
Directive
SSL
2. Organizations that can be a valid Certificate Authority (CA)
Accountability
Not very difficult to break.
Verisign - Microsoft - Dell
Social Engineering
3. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Separation of Duties
Directive
Personal Firewall - IDS - host based - Antivirus
NT Audit events
4. A one way hash converts a string of random length into a _______________ encrypted string.
Fixed length
involves only computer to computer transactions
Separation of Duties
Macro
5. Name two types of Intrusion Detection Systems
DAC - Discretionary Access Control
Risk assessment
Host based - network based
Risk Equation
6. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Gathering digital evidence
DAC - Discretionary Access Control
Assignment
Risk Equation
7. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Intrusion Detection System
Confidentiality
Ethernet
A PGP Signed message
8. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Salami attack
RADIUS
MAC - Mandatory Access Control
Biometrics
9. ____________ is a file system that was poorly designed and has numerous security flaws.
Quantitative analysis
NFS
CVE - Common Vulnerabilities and Exposures
Multi-partite viruses
10. Combine both boot and file virus behavior
Multi-partite viruses
IPSEC
Password audit
S/Key - OPIE
11. A Security Reference Monitor relates to which DoD security standard?
C2
Logic bombs
Ethernet
Warning banners
12. A formula used in Quantitative risk analysis
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
SLE - Single Loss Expectancy
Detective
Authorization
13. Remote Access Dial-in User Service
Social Engineering
RADIUS
All
Passfilt.dll
14. Today - ______________ are almost as serious as security violations
Environmental
To make user certificates available to others
Stealth viruses
Privacy violations
15. A true network security audit does include an audit for _____________
modems
Sued for privacy violations
NFS
Certificate
16. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Assignment
Confidentiality - Availability -Integrity of data
Biometrics
17. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
modems
DSS - Digital Signature Standard
Host based - network based
Depcrypting
18. ______________ is a Unix security scanning tool developed at Texas A&M university.
Not rigid
Cisco
Accountability
TIGER
19. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
Mobile
involves only computer to computer transactions
Authorization
20. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Layer 3 - Host to Host
C2
involves only computer to computer transactions
Main goal of a risk management program
21. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Symmetric algorithm
Residual risk
Assignment
Information Security policies
22. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
run applications as generic accounts with little or no privileges.
Environmental
Prevent - Recover - Detect
0-1023
23. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Authentication
Layer 3 - Host to Host
NFS
Separation of Duties
24. Contain - Recover - Review - Identify - Prepare
CHAP
Steps in handling incidents
NT Audit events
To make user certificates available to others
25. There are 65536 _________
Cisco
Risk assessment
IANA
Available service ports
26. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
Biometrics
Man In The Middle
Logic bombs
27. ______________ relates to the concept of protecting data from unauthorized users.
CHAP
Privacy violations
Warning Banner
Confidentiality
28. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
SLE - Single Loss Expectancy
IANA
CERT - SANS - CERIAS - COAST
Buffer Overflow
29. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Wild
Prevent - Recover - Detect
Quantitative analysis
Decentralized access control
30. Cable modems are ___________than DSL connections
Salami attack
Less secure
Protection of data from unauthorized users
0-1023
31. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Business enabler
0-1023
product development life cycle
SLE - Single Loss Expectancy
32. Countermeasures address security concerns in this category
Verisign - Microsoft - Dell
Information Security policies
Information
TIGER
33. MD5 is a ___________ algorithm
Users can gain access to any resource upon request (assuming they have proper permissions)
One way hash
Steps in handling incidents
Warning Banner
34. Which of the following is NOT and encryption algorithm?
Information
Confidentiality - Availability -Integrity of data
SSL
DAC - Discretionary Access Control
35. Examples of One- Time Password technology
S/Key - OPIE
Password audit
0-1023
Not very difficult to break.
36. DES - Data Encryption standard has a 128 bit key and is ________
Passwords
Not very difficult to break.
CRACK
run applications as generic accounts with little or no privileges.
37. ____ members of the staff need to be educated in disaster recovery procedures.
Email
One way hash
All
Layer 7 - Application
38. The IDEA algorithm (used in PGP) is _______ bits long.
Risk assessment
NFS
Stealth viruses
128
39. S/MIME was developed for the protection of what communication mechanism(s)?
Biometrics
SYN Flooding
Separation of Duties
Email
40. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Granularity
Steps in handling incidents
Cryptanalysis
Unix / Linux based security tools?
41. A ______________ is an electronically generated record that ties a user's ID to their public key.
Acceptance - Transfer - Mitigate
Ethernet
Certificate
IANA
42. Smart cards are a secure alternative to which weak security mechanism?
Presentation Layer - L6
Accountability
Authorization
Passwords
43. They specifically target telephone networks
Confidentiality - Availability -Integrity of data
RADIUS
Phreaks
Password audit
44. Which range defines 'well known ports?'
0-1023
Environmental
Layer 3 - Host to Host
Residual risk
45. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
One way hash
Also
Data Hiding
SYN Flooding
46. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
SET
Also
Configuration Control
modems
47. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
To make user certificates available to others
Biometrics
NT Audit events
A PGP Signed message
48. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Protection of data from unauthorized users
ISO
Polymorphic
Verisign - Microsoft - Dell
49. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Hoaxes
Off site in a climate controlled area
Sued for privacy violations
involves only computer to computer transactions
50. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Fixed length
Confidentiality
Macro
Test virus