SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Allows File owners to determine access rights.
Authorization
Not very difficult to break.
Decentralized access control
To make user certificates available to others
2. An intrusion detection system is an example of what type of countermeasure?
Environmental
Passive network attack
Data Classification
Detective
3. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
X.509
SET
Quantitative analysis
Acceptance - Transfer - Mitigate
4. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Environmental
IPSEC
All
Test virus
5. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic
0-1023
Information
Test virus
6. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Authorization
Man In The Middle
Mobile
Biometrics
7. Information security policies are a ___________________.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Verisign - Microsoft - Dell
Business enabler
Not very difficult to break.
8. A Security Reference Monitor relates to which DoD security standard?
C2
Intentions of the perpetrator
PGP
Detective
9. Accounting - Authentication - and ____________ are the AAAs of information security.
modems
Authorization
Privacy violations
SET
10. A true network security audit does include an audit for _____________
CVE - Common Vulnerabilities and Exposures
All
modems
Granularity
11. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
SLE - Single Loss Expectancy
Protection of data from unauthorized users
Privacy violations
12. Stealth viruses live in memory while __________ are written to disk
Social Engineering
Privacy violations
IANA
Logic bombs
13. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Intentions of the perpetrator
CERT - SANS - CERIAS - COAST
Cramming
Man In The Middle
14. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
IDEA algorithm
Passfilt.dll
involves only computer to computer transactions
Sniffer
15. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Separation of Duties
run applications as generic accounts with little or no privileges.
Warning Banner
Passive network attack
16. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Data Hiding
Also
product development life cycle
Authorization
17. DES - Data Encryption standard has a 128 bit key and is ________
Not very difficult to break.
Buffer Overflow
a good password policy
Confidentiality
18. __________ is the most famous Unix password cracking tool.
MAC - Mandatory Access Control
Assignment
Reboot or system startup
CRACK
19. A boot sector virus goes to work when what event takes place?
Information
Reboot or system startup
Available service ports
Cramming
20. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Salami attack
Less secure
Passive network attack
Buffer Overflow
21. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Certificate
C2
Biometrics
Gathering digital evidence
22. ________ is the authoritative entity which lists port assignments
Prevent - Recover - Detect
Available service ports
Host based - network based
IANA
23. ____ members of the staff need to be educated in disaster recovery procedures.
All
Layer 7 - Application
Risk assessment
Sued for privacy violations
24. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Certificate
IANA
Cryptanalysis
Passfilt.dll
25. What security principle is based on the division of job responsibilities - designed to prevent fraud?
S/Key - OPIE
Steps in handling incidents
One way hash
Separation of Duties
26. The __________ is the most dangerous part of a virus program.
Ethernet
Payload
Social Engineering
C2
27. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
DAC - Discretionary Access Control
Business enabler
Information
Detective
28. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
Warning banners
RADIUS
run applications as generic accounts with little or no privileges.
29. Macintosh computers are _____ at risk for receiving viruses.
Acceptance - Transfer - Mitigate
Ethernet
Also
a good password policy
30. Cable modems are ___________than DSL connections
Data Classification
IDEA algorithm
Sniffer
Less secure
31. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Warning banners
Granularity
Off site in a climate controlled area
IPSEC
32. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Symmetric algorithm
0-1023
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Residual risk
33. Which range defines 'well known ports?'
0-1023
run applications as generic accounts with little or no privileges.
Virus definition downloads and system virus scans
CERT - SANS - CERIAS - COAST
34. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Off site in a climate controlled area
Wild
Cisco
Quantitative analysis
35. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Phreaks
Data Classification
Social Engineering
MAC - Mandatory Access Control
36. They specifically target telephone networks
Phreaks
IDEA algorithm
Symmetric algorithm
Protection of data from unauthorized users
37. Wiretapping is an example of a ________.
Passive network attack
Directive
128
Information
38. A ______________ is an electronically generated record that ties a user's ID to their public key.
Depcrypting
Certificate
DSS - Digital Signature Standard
Assignment
39. A standardized list of the most common security weaknesses and exploits is the __________.
modems
Gathering digital evidence
CVE - Common Vulnerabilities and Exposures
Mobile
40. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
A PGP Signed message
One way hash
Stealth viruses
Presentation Layer - L6
41. HTTP - FTP - SMTP reside at which layer of the OSI model?
Passfilt.dll
NFS
Stateful Inspection
Layer 7 - Application
42. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Accountability
Test virus
Users can gain access to any resource upon request (assuming they have proper permissions)
IPSEC
43. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Wild
Cramming
Cryptanalysis
Confidentiality - Availability -Integrity of data
44. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
All
Residual risk
PGP
IANA
45. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Information
Environmental
Accountability
Preserve electronic evidence and protect it from any alteration
46. Which layer of the OSI model handles encryption?
Presentation Layer - L6
RSA
MAC - Mandatory Access Control
Granularity
47. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Log files
DAC - Discretionary Access Control
128
DSS - Digital Signature Standard
48. Logon and Logoff - Use of User Rights - Security Policy Change
product development life cycle
NT Audit events
Business enabler
SLE - Single Loss Expectancy
49. Countermeasures address security concerns in this category
Main goal of a risk management program
Authentication
modems
Information
50. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Separation of Duties
Personal Firewall - IDS - host based - Antivirus
Prevent - Recover - Detect
Certificate
