SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. DES - Data Encryption standard has a 128 bit key and is ________
Fixed length
Buffer Overflow
Not very difficult to break.
TIGER
2. Companies can now be __________ just as easily as they can be sued for security compromises.
Sued for privacy violations
To make user certificates available to others
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
CRACK
3. Committing computer crimes in such small doses that they almost go unnoticed.
CVE - Common Vulnerabilities and Exposures
Acceptance - Transfer - Mitigate
run applications as generic accounts with little or no privileges.
Salami attack
4. Macintosh computers are _____ at risk for receiving viruses.
SLE - Single Loss Expectancy
Logic bombs
Also
Unix / Linux based security tools?
5. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Confidentiality
Quantitative analysis
a good password policy
Cisco
6. Smart cards are a secure alternative to which weak security mechanism?
Information Security policies
Passwords
Buffer Overflow
Data Hiding
7. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Residual risk
SET
TIGER
To make user certificates available to others
8. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Authentication
Separation of Duties
Confidentiality
Directive
9. One method that can reduce exposure to malicious code is to ___________________
Biometrics
run applications as generic accounts with little or no privileges.
Hoaxes
a good password policy
10. Examples of One- Time Password technology
S/Key - OPIE
Also
Steps in handling incidents
Passwords
11. There are 65536 _________
Available service ports
DAC - Discretionary Access Control
PGP
ISO
12. Accounting - Authentication - and ____________ are the AAAs of information security.
0-1023
product development life cycle
Authorization
Information Security policies
13. A true network security audit does include an audit for _____________
Authentication
RADIUS
Not very difficult to break.
modems
14. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Log files
Detective
Logic bombs
Directive
15. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Separation of Duties
Layer 3 - Host to Host
Virus definition downloads and system virus scans
DSS - Digital Signature Standard
16. A standardized list of the most common security weaknesses and exploits is the __________.
Not very difficult to break.
Less secure
Test virus
CVE - Common Vulnerabilities and Exposures
17. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Not rigid
Logic bombs
Sued for privacy violations
All
18. An intrusion detection system is an example of what type of countermeasure?
Steps in handling incidents
Granularity
IDEA algorithm
Detective
19. Logon and Logoff - Use of User Rights - Security Policy Change
Authentication
NT Audit events
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Stealth viruses
20. The ability to adjust access control to the exact amount of permission necessary is called ______________.
ISO
Log files
Not rigid
Granularity
21. Information security policies are a ___________________.
Also
Information
Business enabler
Payload
22. __________ is a tool used by network administrators to capture packets from a network.
SSL
Phreaks
Macro
Sniffer
23. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
C2
Reboot or system startup
Buffer Overflow
involves only computer to computer transactions
24. Today - ______________ are almost as serious as security violations
Host based - network based
Polymorphic
Multi-partite viruses
Privacy violations
25. RSA is not based on a ________
Symmetric algorithm
Ethernet
Confidentiality - Availability -Integrity of data
Passwords
26. MD5 is a ___________ algorithm
Layer 3 - Host to Host
Users can gain access to any resource upon request (assuming they have proper permissions)
One way hash
SYN Flooding
27. The IDEA algorithm (used in PGP) is _______ bits long.
128
CERT - SANS - CERIAS - COAST
X.509
Confidentiality
28. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Warning Banner
Polymorphic
All
Hackers and crackers
29. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Gathering digital evidence
Hackers and crackers
Presentation Layer - L6
Phreaks
30. Cable modems are ___________than DSL connections
DAC - Discretionary Access Control
Passwords
Less secure
Residual risk
31. Contain - Recover - Review - Identify - Prepare
Phreaks
Intrusion Detection System
Steps in handling incidents
Symmetric algorithm
32. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Quantitative analysis
Mobile
Detective
IDEA algorithm
33. Public keys are used for encrypting messages and private keys are used for __________messages.
Logic bombs
Test virus
Depcrypting
Assignment
34. Allows File owners to determine access rights.
Sniffer
a good password policy
involves only computer to computer transactions
Decentralized access control
35. A one way hash converts a string of random length into a _______________ encrypted string.
Fixed length
Virus definition downloads and system virus scans
ISO
Business enabler
36. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
CERT - SANS - CERIAS - COAST
Cramming
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Assignment
37. To help managers find the correct cost balance between risks and countermeasures
Main goal of a risk management program
NT Audit events
Salami attack
Detective
38. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Information Security policies
Risk Equation
Separation of Duties
X.509
39. Countermeasures' main objectives
0-1023
One way hash
Prevent - Recover - Detect
Payload
40. Which of the concepts best describes Availability in relation to computer resources?
Prevent - Recover - Detect
CRACK
Users can gain access to any resource upon request (assuming they have proper permissions)
Data Classification
41. Wiretapping is an example of a ________.
Passive network attack
PGP
Payload
Hoaxes
42. _______________ supply AV engines with false information to avoid detection
Preserve electronic evidence and protect it from any alteration
Stealth viruses
IDEA algorithm
Sniffer
43. Which layer of the OSI model handles encryption?
Presentation Layer - L6
IANA
Log files
IDEA algorithm
44. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Wild
Man In The Middle
ISO
Social Engineering
45. Digital Certificates use which protocol?
Wild
Log files
Email
X.509
46. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
CHAP
Users can gain access to any resource upon request (assuming they have proper permissions)
RSA
Data Hiding
47. It is difficult to prosecute a computer criminal if _________ are not deployed
run applications as generic accounts with little or no privileges.
Warning banners
Personal Firewall - IDS - host based - Antivirus
Assignment
48. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
CVE - Common Vulnerabilities and Exposures
Hackers and crackers
Data Classification
Cramming
49. Data being delivered from the source to the intended receiver without being altered
Sued for privacy violations
Biometrics
IDEA algorithm
Protection of data from unauthorized users
50. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Verisign - Microsoft - Dell
Environmental
Configuration Control
A PGP Signed message
