SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Information Security policies
Stealth viruses
Social Engineering
Presentation Layer - L6
2. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Authentication
Information
Not very difficult to break.
Personal Firewall - IDS - host based - Antivirus
3. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Mobile
Hoaxes
Hackers and crackers
Ethernet
4. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Not rigid
Salami attack
Macro
Ethernet
5. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
All
Wild
Salami attack
Passfilt.dll
6. Countermeasures' main objectives
Passive network attack
Stateful Inspection
Prevent - Recover - Detect
Residual risk
7. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Sniffer
Fixed length
Residual risk
8. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Quantitative analysis
Gathering digital evidence
Acceptance - Transfer - Mitigate
Payload
9. ___________________ viruses change the code order of the strain each time they replicate to another machine.
IPSEC
Business enabler
Polymorphic
Data Hiding
10. MD5 is a ___________ algorithm
Symmetric algorithm
Off site in a climate controlled area
One way hash
Granularity
11. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Privacy violations
Business enabler
Unix / Linux based security tools?
Preserve electronic evidence and protect it from any alteration
12. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Separation of Duties
Hoaxes
Biometrics
Mobile
13. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
DAC - Discretionary Access Control
Not rigid
Logic bombs
Password audit
14. To help managers find the correct cost balance between risks and countermeasures
Authorization
Confidentiality - Availability -Integrity of data
Stateful Inspection
Main goal of a risk management program
15. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Authentication
Man In The Middle
Less secure
Presentation Layer - L6
16. The ability to identify and audit a user and his / her actions is known as ____________.
Business enabler
product development life cycle
Accountability
Cryptanalysis
17. Data being delivered from the source to the intended receiver without being altered
Risk Equation
Protection of data from unauthorized users
Passfilt.dll
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
18. This free (for personal use) program is used to encrypt and decrypt emails.
Log files
Salami attack
Passfilt.dll
PGP
19. _______________ supply AV engines with false information to avoid detection
Stealth viruses
Virus definition downloads and system virus scans
Accountability
Logic bombs
20. ____________ is a file system that was poorly designed and has numerous security flaws.
Salami attack
NFS
X.509
Host based - network based
21. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Authorization
Users can gain access to any resource upon request (assuming they have proper permissions)
Data Hiding
22. A Security Reference Monitor relates to which DoD security standard?
Quantitative analysis
Configuration Control
C2
Decentralized access control
23. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Payload
Preserve electronic evidence and protect it from any alteration
CHAP
24. Stealth viruses live in memory while __________ are written to disk
Main goal of a risk management program
Logic bombs
Privacy violations
TIGER
25. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
TIGER
Hoaxes
Ethernet
a good password policy
26. A ______________ is an electronically generated record that ties a user's ID to their public key.
Steps in handling incidents
One way hash
Assignment
Certificate
27. Companies can now be __________ just as easily as they can be sued for security compromises.
Sued for privacy violations
Stealth viruses
Cryptanalysis
Protection of data from unauthorized users
28. Examples of One- Time Password technology
Stateful Inspection
Multi-partite viruses
S/Key - OPIE
Available service ports
29. So far - no one has been able to crack the ____________ with Brute Force.
Multi-partite viruses
X.509
SLE - Single Loss Expectancy
IDEA algorithm
30. Cable modems are ___________than DSL connections
a good password policy
Macro
Less secure
Sniffer
31. Combine both boot and file virus behavior
One way hash
Less secure
Multi-partite viruses
Main goal of a risk management program
32. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
ISO
DAC - Discretionary Access Control
Separation of Duties
Not very difficult to break.
33. Layer 4 of the OSI model corresponds to which layer of the DoD model?
modems
Layer 3 - Host to Host
Steps in handling incidents
All
34. Wiretapping is an example of a ________.
Passive network attack
Unix / Linux based security tools?
Authorization
Symmetric algorithm
35. The most secure method for storing backup tapes is?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Off site in a climate controlled area
Unix / Linux based security tools?
Not very difficult to break.
36. Ways to deal with risk.
Acceptance - Transfer - Mitigate
Data Classification
A PGP Signed message
Test virus
37. One method that can reduce exposure to malicious code is to ___________________
Privacy violations
Confidentiality - Availability -Integrity of data
128
run applications as generic accounts with little or no privileges.
38. Accounting - Authentication - and ____________ are the AAAs of information security.
RADIUS
NFS
Risk assessment
Authorization
39. Smart cards are a secure alternative to which weak security mechanism?
Email
Passwords
MAC - Mandatory Access Control
DAC - Discretionary Access Control
40. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Residual risk
Ethernet
NT Audit events
Hackers and crackers
41. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Available service ports
Directive
Presentation Layer - L6
All
42. An attempt to break an encryption algorithm is called _____________.
Assignment
Cryptanalysis
Data Hiding
Passive network attack
43. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Layer 7 - Application
Presentation Layer - L6
Mobile
CERT - SANS - CERIAS - COAST
44. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
CERT - SANS - CERIAS - COAST
SET
Confidentiality
Fixed length
45. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Users can gain access to any resource upon request (assuming they have proper permissions)
Wild
Decentralized access control
Warning banners
46. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Protection of data from unauthorized users
Gathering digital evidence
Cisco
Biometrics
47. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Depcrypting
Man In The Middle
Buffer Overflow
48. Name two types of Intrusion Detection Systems
IPSEC
Host based - network based
128
Layer 7 - Application
49. DES - Data Encryption standard has a 128 bit key and is ________
Cisco
Not very difficult to break.
S/Key - OPIE
Test virus
50. There are 65536 _________
Depcrypting
CVE - Common Vulnerabilities and Exposures
Available service ports
Host based - network based