SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Wiretapping is an example of a ________.
SSL
Passive network attack
Confidentiality
NT Audit events
2. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
S/Key - OPIE
Available service ports
a good password policy
Social Engineering
3. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Less secure
Protection of data from unauthorized users
Man In The Middle
PGP
4. Logon and Logoff - Use of User Rights - Security Policy Change
CERT - SANS - CERIAS - COAST
NT Audit events
IANA
Cryptanalysis
5. Identifying specific attempts to penetrate systems is the function of the _______________.
Risk Equation
Intrusion Detection System
Also
RSA
6. Which of the following is NOT and encryption algorithm?
Logic bombs
Privacy violations
Detective
SSL
7. The IDEA algorithm (used in PGP) is _______ bits long.
Host based - network based
128
Email
ISO
8. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Separation of Duties
modems
Environmental
One way hash
9. A true network security audit does include an audit for _____________
modems
SSL
Reboot or system startup
involves only computer to computer transactions
10. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Protection of data from unauthorized users
Password audit
Depcrypting
C2
11. Which of the concepts best describes Availability in relation to computer resources?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Users can gain access to any resource upon request (assuming they have proper permissions)
Cramming
Unix / Linux based security tools?
12. Digital Certificates use which protocol?
Password audit
Multi-partite viruses
Environmental
X.509
13. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
S/Key - OPIE
Configuration Control
One way hash
Buffer Overflow
14. Examples of One- Time Password technology
Biometrics
run applications as generic accounts with little or no privileges.
S/Key - OPIE
Confidentiality - Availability -Integrity of data
15. Accounting - Authentication - and ____________ are the AAAs of information security.
Risk Equation
Cryptanalysis
Test virus
Authorization
16. A ______________ is an electronically generated record that ties a user's ID to their public key.
Sniffer
Virus definition downloads and system virus scans
To make user certificates available to others
Certificate
17. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Passfilt.dll
Depcrypting
TIGER
Test virus
18. Name two types of Intrusion Detection Systems
0-1023
Acceptance - Transfer - Mitigate
Email
Host based - network based
19. So far - no one has been able to crack the ____________ with Brute Force.
Sued for privacy violations
RSA
Sniffer
IDEA algorithm
20. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Authentication
Phreaks
TIGER
Not rigid
21. The ability to adjust access control to the exact amount of permission necessary is called ______________.
SSL
Granularity
Password audit
Protection of data from unauthorized users
22. Combine both boot and file virus behavior
S/Key - OPIE
Layer 7 - Application
Intentions of the perpetrator
Multi-partite viruses
23. A one way hash converts a string of random length into a _______________ encrypted string.
Fixed length
Personal Firewall - IDS - host based - Antivirus
Passwords
Buffer Overflow
24. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Phreaks
NFS
IPSEC
Sued for privacy violations
25. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Residual risk
RSA
Data Classification
Configuration Control
26. It is difficult to prosecute a computer criminal if _________ are not deployed
Intrusion Detection System
Social Engineering
Cryptanalysis
Warning banners
27. RSA is not based on a ________
Reboot or system startup
Authorization
Detective
Symmetric algorithm
28. Today - ______________ are almost as serious as security violations
Biometrics
Privacy violations
Acceptance - Transfer - Mitigate
Email
29. To help managers find the correct cost balance between risks and countermeasures
Available service ports
IANA
Warning banners
Main goal of a risk management program
30. Remote Access Dial-in User Service
Accountability
IDEA algorithm
modems
RADIUS
31. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
SSL
Password audit
Risk assessment
32. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
CVE - Common Vulnerabilities and Exposures
Personal Firewall - IDS - host based - Antivirus
RADIUS
Warning Banner
33. Committing computer crimes in such small doses that they almost go unnoticed.
Separation of Duties
Fixed length
Salami attack
Users can gain access to any resource upon request (assuming they have proper permissions)
34. Vulnerability x Threat = RISK is an example of the _______________.
Risk Equation
Granularity
RADIUS
X.509
35. Information security policies are a ___________________.
Protection of data from unauthorized users
Business enabler
Salami attack
Acceptance - Transfer - Mitigate
36. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
IDEA algorithm
Presentation Layer - L6
Password audit
37. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Unix / Linux based security tools?
Gathering digital evidence
Available service ports
Mobile
38. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Confidentiality - Availability -Integrity of data
0-1023
Not very difficult to break.
39. Allows File owners to determine access rights.
involves only computer to computer transactions
Decentralized access control
Risk assessment
Phreaks
40. A standardized list of the most common security weaknesses and exploits is the __________.
Email
CVE - Common Vulnerabilities and Exposures
Stealth viruses
Macro
41. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
NFS
All
Environmental
SYN Flooding
42. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Cramming
Detective
DAC - Discretionary Access Control
Payload
43. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Preserve electronic evidence and protect it from any alteration
Stateful Inspection
Polymorphic
Also
44. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Environmental
PGP
run applications as generic accounts with little or no privileges.
ISO
45. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Intrusion Detection System
Ethernet
Cisco
SYN Flooding
46. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Residual risk
DSS - Digital Signature Standard
Ethernet
47. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
Certificate
Stateful Inspection
Confidentiality
48. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Confidentiality - Availability -Integrity of data
Email
product development life cycle
Sued for privacy violations
49. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Reboot or system startup
Residual risk
RSA
Warning banners
50. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Authentication
Presentation Layer - L6
Acceptance - Transfer - Mitigate
Quantitative analysis
