SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Companies can now be __________ just as easily as they can be sued for security compromises.
Layer 3 - Host to Host
Mobile
Sued for privacy violations
Macro
2. Which of the following is NOT and encryption algorithm?
C2
Email
SSL
Assignment
3. DES - Data Encryption standard has a 128 bit key and is ________
Passwords
MAC - Mandatory Access Control
Not very difficult to break.
Certificate
4. ____________ is a file system that was poorly designed and has numerous security flaws.
Virus definition downloads and system virus scans
NFS
Passwords
IDEA algorithm
5. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Symmetric algorithm
Not rigid
Log files
Off site in a climate controlled area
6. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Sued for privacy violations
Wild
Symmetric algorithm
Separation of Duties
7. Which layer of the OSI model handles encryption?
Presentation Layer - L6
Buffer Overflow
Log files
Information Security policies
8. It is difficult to prosecute a computer criminal if _________ are not deployed
Granularity
Warning banners
Configuration Control
Depcrypting
9. Stealth viruses live in memory while __________ are written to disk
PGP
Logic bombs
Stateful Inspection
Granularity
10. HTTP - FTP - SMTP reside at which layer of the OSI model?
Also
Layer 7 - Application
Environmental
Salami attack
11. They specifically target telephone networks
To make user certificates available to others
Decentralized access control
Phreaks
Not very difficult to break.
12. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Ethernet
Macro
0-1023
Virus definition downloads and system virus scans
13. MD5 is a ___________ algorithm
ISO
Password audit
Layer 3 - Host to Host
One way hash
14. Information security policies are a ___________________.
Acceptance - Transfer - Mitigate
Business enabler
Reboot or system startup
Logic bombs
15. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Data Classification
Information Security policies
Buffer Overflow
PGP
16. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Separation of Duties
A PGP Signed message
CERT - SANS - CERIAS - COAST
Presentation Layer - L6
17. Remote Access Dial-in User Service
Cryptanalysis
Logic bombs
Configuration Control
RADIUS
18. The __________ is the most dangerous part of a virus program.
Directive
Environmental
Residual risk
Payload
19. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
Authorization
NT Audit events
Quantitative analysis
20. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
run applications as generic accounts with little or no privileges.
Less secure
A PGP Signed message
Ethernet
21. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Prevent - Recover - Detect
Confidentiality - Availability -Integrity of data
IPSEC
RSA
22. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Password audit
Data Classification
Separation of Duties
Polymorphic
23. Contain - Recover - Review - Identify - Prepare
Acceptance - Transfer - Mitigate
X.509
S/Key - OPIE
Steps in handling incidents
24. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Layer 3 - Host to Host
Accountability
Hoaxes
Gathering digital evidence
25. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Man In The Middle
DSS - Digital Signature Standard
C2
ISO
26. Combine both boot and file virus behavior
Protection of data from unauthorized users
Accountability
Multi-partite viruses
Layer 7 - Application
27. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Preserve electronic evidence and protect it from any alteration
modems
Multi-partite viruses
Test virus
28. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Hoaxes
Directive
NT Audit events
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
29. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Environmental
Preserve electronic evidence and protect it from any alteration
Business enabler
C2
30. Organizations that can be a valid Certificate Authority (CA)
Directive
Cramming
Passfilt.dll
Verisign - Microsoft - Dell
31. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Cisco
CVE - Common Vulnerabilities and Exposures
Main goal of a risk management program
Sued for privacy violations
32. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
Cisco
Polymorphic
a good password policy
33. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Warning Banner
Data Classification
Granularity
Information
34. So far - no one has been able to crack the ____________ with Brute Force.
TIGER
IDEA algorithm
Log files
Business enabler
35. Committing computer crimes in such small doses that they almost go unnoticed.
Salami attack
Depcrypting
Cramming
Sniffer
36. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Verisign - Microsoft - Dell
Residual risk
Biometrics
One way hash
37. The ultimate goal of a computer forensics specialist is to ___________________.
Preserve electronic evidence and protect it from any alteration
S/Key - OPIE
RADIUS
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
38. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Hoaxes
MAC - Mandatory Access Control
Assignment
Depcrypting
39. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
NT Audit events
Biometrics
Passfilt.dll
Unix / Linux based security tools?
40. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Passfilt.dll
Environmental
Hackers and crackers
Hoaxes
41. There are 65536 _________
Available service ports
Salami attack
Off site in a climate controlled area
product development life cycle
42. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Reboot or system startup
Stateful Inspection
All
Gathering digital evidence
43. Logon and Logoff - Use of User Rights - Security Policy Change
NT Audit events
TIGER
Stealth viruses
Unix / Linux based security tools?
44. Today - ______________ are almost as serious as security violations
DAC - Discretionary Access Control
Privacy violations
Personal Firewall - IDS - host based - Antivirus
Gathering digital evidence
45. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
RSA
All
Hoaxes
Email
46. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Biometrics
product development life cycle
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Not rigid
47. Main goals of an information security program
Salami attack
Risk Equation
Confidentiality - Availability -Integrity of data
Password audit
48. Data being delivered from the source to the intended receiver without being altered
Passfilt.dll
Protection of data from unauthorized users
Information Security policies
Personal Firewall - IDS - host based - Antivirus
49. What is the main difference between computer abuse and computer crime?
Passive network attack
Intentions of the perpetrator
X.509
Passwords
50. Cable modems are ___________than DSL connections
Stealth viruses
Less secure
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Cramming
