SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. RSA is not based on a ________
Symmetric algorithm
Available service ports
NT Audit events
CERT - SANS - CERIAS - COAST
2. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
run applications as generic accounts with little or no privileges.
Host based - network based
Residual risk
Hoaxes
3. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Accountability
Assignment
To make user certificates available to others
Not rigid
4. The ability to adjust access control to the exact amount of permission necessary is called ______________.
MAC - Mandatory Access Control
run applications as generic accounts with little or no privileges.
Buffer Overflow
Granularity
5. ____ members of the staff need to be educated in disaster recovery procedures.
Confidentiality - Availability -Integrity of data
Man In The Middle
Buffer Overflow
All
6. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
a good password policy
Separation of Duties
Intentions of the perpetrator
7. Data being delivered from the source to the intended receiver without being altered
Ethernet
Protection of data from unauthorized users
Privacy violations
Social Engineering
8. An attempt to break an encryption algorithm is called _____________.
SET
Cryptanalysis
Hackers and crackers
Ethernet
9. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Email
DSS - Digital Signature Standard
Information
Confidentiality - Availability -Integrity of data
10. Remote Access Dial-in User Service
RADIUS
Salami attack
Stealth viruses
C2
11. MD5 is a ___________ algorithm
One way hash
Cryptanalysis
Authentication
Certificate
12. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Preserve electronic evidence and protect it from any alteration
Unix / Linux based security tools?
involves only computer to computer transactions
Cryptanalysis
13. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
CVE - Common Vulnerabilities and Exposures
X.509
Quantitative analysis
Passwords
14. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Decentralized access control
Directive
Data Hiding
Information
15. The ability to identify and audit a user and his / her actions is known as ____________.
Salami attack
Symmetric algorithm
Email
Accountability
16. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
product development life cycle
Warning Banner
Fixed length
A PGP Signed message
17. There are 65536 _________
S/Key - OPIE
Off site in a climate controlled area
To make user certificates available to others
Available service ports
18. Vulnerability x Threat = RISK is an example of the _______________.
Man In The Middle
CERT - SANS - CERIAS - COAST
Risk Equation
Steps in handling incidents
19. __________ is a tool used by network administrators to capture packets from a network.
Social Engineering
Layer 3 - Host to Host
Verisign - Microsoft - Dell
Sniffer
20. One method that can reduce exposure to malicious code is to ___________________
SLE - Single Loss Expectancy
C2
Cramming
run applications as generic accounts with little or no privileges.
21. A boot sector virus goes to work when what event takes place?
Presentation Layer - L6
0-1023
Business enabler
Reboot or system startup
22. HTTP - FTP - SMTP reside at which layer of the OSI model?
Cryptanalysis
Layer 7 - Application
Gathering digital evidence
Data Hiding
23. Information security policies are a ___________________.
Not rigid
S/Key - OPIE
CRACK
Business enabler
24. They specifically target telephone networks
Fixed length
Verisign - Microsoft - Dell
Phreaks
SSL
25. The most secure method for storing backup tapes is?
IANA
Symmetric algorithm
Main goal of a risk management program
Off site in a climate controlled area
26. The IDEA algorithm (used in PGP) is _______ bits long.
IANA
128
RSA
SSL
27. Allows File owners to determine access rights.
Decentralized access control
Reboot or system startup
Hackers and crackers
DSS - Digital Signature Standard
28. Which range defines 'well known ports?'
SET
0-1023
Risk assessment
Business enabler
29. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Virus definition downloads and system virus scans
Ethernet
Separation of Duties
Off site in a climate controlled area
30. These should be done on a weekly basis
Privacy violations
Sued for privacy violations
A PGP Signed message
Virus definition downloads and system virus scans
31. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
MAC - Mandatory Access Control
Not rigid
Authentication
Password audit
32. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Data Classification
NFS
Payload
Warning Banner
33. ________ is the authoritative entity which lists port assignments
Depcrypting
Test virus
IANA
Layer 7 - Application
34. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Off site in a climate controlled area
Test virus
Main goal of a risk management program
Preserve electronic evidence and protect it from any alteration
35. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
Preserve electronic evidence and protect it from any alteration
Passive network attack
Privacy violations
36. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Passfilt.dll
To make user certificates available to others
SET
Buffer Overflow
37. S/MIME was developed for the protection of what communication mechanism(s)?
All
Wild
Email
A PGP Signed message
38. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Residual risk
Host based - network based
RSA
SSL
39. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
DSS - Digital Signature Standard
Business enabler
Preserve electronic evidence and protect it from any alteration
Log files
40. Examples of One- Time Password technology
ISO
NT Audit events
S/Key - OPIE
Gathering digital evidence
41. Macintosh computers are _____ at risk for receiving viruses.
Also
modems
One way hash
Detective
42. This free (for personal use) program is used to encrypt and decrypt emails.
Stateful Inspection
Information Security policies
Business enabler
PGP
43. Committing computer crimes in such small doses that they almost go unnoticed.
To make user certificates available to others
Salami attack
Off site in a climate controlled area
Ethernet
44. A true network security audit does include an audit for _____________
modems
PGP
Salami attack
Cramming
45. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Payload
SLE - Single Loss Expectancy
Biometrics
Privacy violations
46. There are 5 classes of IP addresses available - but only 3 classes are in common use today
IANA
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
ISO
Intentions of the perpetrator
47. Wiretapping is an example of a ________.
Cryptanalysis
Certificate
Passive network attack
CRACK
48. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Authentication
Layer 3 - Host to Host
Ethernet
Assignment
49. Smart cards are a secure alternative to which weak security mechanism?
Passwords
Social Engineering
Not very difficult to break.
Phreaks
50. A ______________ is an electronically generated record that ties a user's ID to their public key.
TIGER
Also
S/Key - OPIE
Certificate