SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ______________ is a Unix security scanning tool developed at Texas A&M university.
X.509
C2
TIGER
modems
2. Committing computer crimes in such small doses that they almost go unnoticed.
Accountability
Confidentiality - Availability -Integrity of data
Salami attack
Acceptance - Transfer - Mitigate
3. DES - Data Encryption standard has a 128 bit key and is ________
Not very difficult to break.
Quantitative analysis
Passwords
Personal Firewall - IDS - host based - Antivirus
4. Combine both boot and file virus behavior
CRACK
Fixed length
Multi-partite viruses
Mobile
5. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Passwords
Wild
product development life cycle
Layer 3 - Host to Host
6. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
Available service ports
Biometrics
Assignment
7. Layer 4 of the OSI model corresponds to which layer of the DoD model?
modems
Layer 3 - Host to Host
Test virus
Payload
8. _______________ supply AV engines with false information to avoid detection
Stealth viruses
run applications as generic accounts with little or no privileges.
Layer 3 - Host to Host
Depcrypting
9. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
SLE - Single Loss Expectancy
Data Hiding
Assignment
Quantitative analysis
10. Contain - Recover - Review - Identify - Prepare
Phreaks
Information
PGP
Steps in handling incidents
11. Which layer of the OSI model handles encryption?
NT Audit events
ISO
Presentation Layer - L6
Host based - network based
12. They specifically target telephone networks
Email
Phreaks
Not rigid
CHAP
13. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Warning banners
Residual risk
Information
14. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
IDEA algorithm
Wild
Layer 7 - Application
DAC - Discretionary Access Control
15. It is difficult to prosecute a computer criminal if _________ are not deployed
Buffer Overflow
Warning banners
S/Key - OPIE
A PGP Signed message
16. Cable modems are ___________than DSL connections
Mobile
IDEA algorithm
Less secure
Payload
17. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Passfilt.dll
Stealth viruses
Data Classification
SYN Flooding
18. What is the main difference between computer abuse and computer crime?
Test virus
A PGP Signed message
Intentions of the perpetrator
Available service ports
19. What security principle is based on the division of job responsibilities - designed to prevent fraud?
involves only computer to computer transactions
Stealth viruses
All
Separation of Duties
20. So far - no one has been able to crack the ____________ with Brute Force.
To make user certificates available to others
IDEA algorithm
Hackers and crackers
Buffer Overflow
21. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Virus definition downloads and system virus scans
CHAP
Not rigid
X.509
22. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
SSL
involves only computer to computer transactions
Verisign - Microsoft - Dell
Not rigid
23. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Users can gain access to any resource upon request (assuming they have proper permissions)
modems
Test virus
Directive
24. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Mobile
Granularity
IDEA algorithm
Authentication
25. Public keys are used for encrypting messages and private keys are used for __________messages.
Password audit
Depcrypting
Quantitative analysis
CRACK
26. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
To make user certificates available to others
Man In The Middle
Biometrics
a good password policy
27. ____ members of the staff need to be educated in disaster recovery procedures.
Information
Passive network attack
All
Acceptance - Transfer - Mitigate
28. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
To make user certificates available to others
Virus definition downloads and system virus scans
Passwords
Hoaxes
29. Countermeasures' main objectives
DAC - Discretionary Access Control
Cryptanalysis
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Prevent - Recover - Detect
30. Examples of One- Time Password technology
S/Key - OPIE
CHAP
DSS - Digital Signature Standard
Directive
31. There are 5 classes of IP addresses available - but only 3 classes are in common use today
RADIUS
Host based - network based
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Main goal of a risk management program
32. Vulnerability x Threat = RISK is an example of the _______________.
Unix / Linux based security tools?
A PGP Signed message
Risk Equation
Hoaxes
33. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Polymorphic
128
CERT - SANS - CERIAS - COAST
DSS - Digital Signature Standard
34. S/MIME was developed for the protection of what communication mechanism(s)?
Macro
Man In The Middle
Passfilt.dll
Email
35. Wiretapping is an example of a ________.
Man In The Middle
Detective
Data Hiding
Passive network attack
36. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
SYN Flooding
Cisco
Verisign - Microsoft - Dell
RSA
37. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Intrusion Detection System
MAC - Mandatory Access Control
Residual risk
Quantitative analysis
38. ___________________ viruses change the code order of the strain each time they replicate to another machine.
NFS
Polymorphic
Prevent - Recover - Detect
Stateful Inspection
39. Stealth viruses live in memory while __________ are written to disk
Warning Banner
X.509
Privacy violations
Logic bombs
40. The __________ is the most dangerous part of a virus program.
Sued for privacy violations
Mobile
Payload
Data Hiding
41. Logon and Logoff - Use of User Rights - Security Policy Change
Accountability
Available service ports
NT Audit events
Presentation Layer - L6
42. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Password audit
Gathering digital evidence
Also
Presentation Layer - L6
43. ______________ is a major component of an overall risk management program.
SET
Risk assessment
Hackers and crackers
Password audit
44. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
TIGER
Logic bombs
Intentions of the perpetrator
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
45. A Security Reference Monitor relates to which DoD security standard?
Confidentiality - Availability -Integrity of data
Password audit
Decentralized access control
C2
46. IKE - Internet Key Exchange is often used in conjunction with what security standard?
IPSEC
Gathering digital evidence
CHAP
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
47. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Passfilt.dll
Passwords
RSA
48. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Layer 3 - Host to Host
Mobile
Password audit
Log files
49. Data being delivered from the source to the intended receiver without being altered
Protection of data from unauthorized users
Multi-partite viruses
Fixed length
Test virus
50. ___________________ is responsible for creating security policies and for communicating those policies to system users.
ISO
Macro
To make user certificates available to others
One way hash
