SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Cryptanalysis
Confidentiality - Availability -Integrity of data
Ethernet
2. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Test virus
Detective
Cramming
Authentication
3. __________ is a tool used by network administrators to capture packets from a network.
SET
Sniffer
Depcrypting
Authorization
4. They specifically target telephone networks
Confidentiality
Phreaks
Log files
SLE - Single Loss Expectancy
5. RSA is not based on a ________
Buffer Overflow
Symmetric algorithm
Mobile
SYN Flooding
6. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
Off site in a climate controlled area
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Configuration Control
7. A standardized list of the most common security weaknesses and exploits is the __________.
Environmental
Cramming
CVE - Common Vulnerabilities and Exposures
involves only computer to computer transactions
8. An intrusion detection system is an example of what type of countermeasure?
Prevent - Recover - Detect
Detective
Configuration Control
CRACK
9. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
C2
Less secure
CHAP
10. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Social Engineering
Test virus
Risk assessment
11. The most secure method for storing backup tapes is?
CERT - SANS - CERIAS - COAST
Sued for privacy violations
Separation of Duties
Off site in a climate controlled area
12. Stealth viruses live in memory while __________ are written to disk
Logic bombs
Available service ports
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Cisco
13. Which of the concepts best describes Availability in relation to computer resources?
Mobile
SYN Flooding
Users can gain access to any resource upon request (assuming they have proper permissions)
Prevent - Recover - Detect
14. This free (for personal use) program is used to encrypt and decrypt emails.
PGP
Warning banners
Steps in handling incidents
Information Security policies
15. A boot sector virus goes to work when what event takes place?
NT Audit events
Reboot or system startup
Payload
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
16. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic
C2
modems
Quantitative analysis
17. A ______________ is an electronically generated record that ties a user's ID to their public key.
Passwords
Intrusion Detection System
Certificate
IANA
18. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Detective
Cisco
IPSEC
Test virus
19. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Personal Firewall - IDS - host based - Antivirus
SLE - Single Loss Expectancy
Stateful Inspection
Stealth viruses
20. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Certificate
Salami attack
Multi-partite viruses
Social Engineering
21. Contain - Recover - Review - Identify - Prepare
SLE - Single Loss Expectancy
Main goal of a risk management program
Steps in handling incidents
ISO
22. The ability to identify and audit a user and his / her actions is known as ____________.
Sued for privacy violations
Configuration Control
a good password policy
Accountability
23. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Risk Equation
RSA
Multi-partite viruses
A PGP Signed message
24. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Data Classification
Cisco
a good password policy
SYN Flooding
25. What is the main difference between computer abuse and computer crime?
Separation of Duties
Presentation Layer - L6
Personal Firewall - IDS - host based - Antivirus
Intentions of the perpetrator
26. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Confidentiality - Availability -Integrity of data
Multi-partite viruses
Wild
Granularity
27. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
Passive network attack
Fixed length
Intrusion Detection System
28. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Stateful Inspection
Log files
RSA
DSS - Digital Signature Standard
29. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Email
Password audit
CVE - Common Vulnerabilities and Exposures
DAC - Discretionary Access Control
30. Committing computer crimes in such small doses that they almost go unnoticed.
Off site in a climate controlled area
Risk Equation
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Salami attack
31. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Configuration Control
Data Hiding
Passwords
Steps in handling incidents
32. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
Detective
MAC - Mandatory Access Control
Warning Banner
33. So far - no one has been able to crack the ____________ with Brute Force.
involves only computer to computer transactions
IDEA algorithm
Fixed length
Business enabler
34. Vulnerability x Threat = RISK is an example of the _______________.
Risk Equation
Symmetric algorithm
Data Hiding
RSA
35. Organizations that can be a valid Certificate Authority (CA)
Data Hiding
Verisign - Microsoft - Dell
Logic bombs
Cisco
36. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
C2
Payload
NT Audit events
37. Accounting - Authentication - and ____________ are the AAAs of information security.
Separation of Duties
Authorization
Available service ports
Main goal of a risk management program
38. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Separation of Duties
All
CERT - SANS - CERIAS - COAST
SLE - Single Loss Expectancy
39. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Detective
Verisign - Microsoft - Dell
C2
MAC - Mandatory Access Control
40. Ways to deal with risk.
Acceptance - Transfer - Mitigate
Not very difficult to break.
IANA
Log files
41. Main goals of an information security program
Not rigid
Confidentiality - Availability -Integrity of data
Host based - network based
Prevent - Recover - Detect
42. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Test virus
Hackers and crackers
Detective
Cramming
43. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Passfilt.dll
Biometrics
Ethernet
Confidentiality - Availability -Integrity of data
44. ______________ is a Unix security scanning tool developed at Texas A&M university.
IDEA algorithm
Protection of data from unauthorized users
Data Hiding
TIGER
45. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Preserve electronic evidence and protect it from any alteration
Authentication
Not very difficult to break.
Unix / Linux based security tools?
46. A formula used in Quantitative risk analysis
Detective
Polymorphic
Salami attack
SLE - Single Loss Expectancy
47. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
IPSEC
Gathering digital evidence
Authorization
Assignment
48. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Quantitative analysis
Unix / Linux based security tools?
Data Classification
Environmental
49. The __________ is the most dangerous part of a virus program.
Payload
Wild
Information Security policies
ISO
50. Name two types of Intrusion Detection Systems
Host based - network based
IANA
Prevent - Recover - Detect
RSA
