SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Data being delivered from the source to the intended receiver without being altered
a good password policy
Cryptanalysis
Protection of data from unauthorized users
NT Audit events
2. __________ is the most famous Unix password cracking tool.
Data Classification
RSA
CRACK
Email
3. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Mobile
Wild
Polymorphic
Less secure
4. Which layer of the OSI model handles encryption?
Available service ports
X.509
Presentation Layer - L6
Passfilt.dll
5. Macintosh computers are _____ at risk for receiving viruses.
Granularity
Passwords
Also
Email
6. The most secure method for storing backup tapes is?
Residual risk
Verisign - Microsoft - Dell
Off site in a climate controlled area
Personal Firewall - IDS - host based - Antivirus
7. Stealth viruses live in memory while __________ are written to disk
Payload
Salami attack
IANA
Logic bombs
8. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Business enabler
Preserve electronic evidence and protect it from any alteration
Macro
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
9. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
ISO
Warning Banner
MAC - Mandatory Access Control
10. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Passfilt.dll
Residual risk
Warning banners
product development life cycle
11. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Symmetric algorithm
Prevent - Recover - Detect
Granularity
Main goal of a risk management program
12. MD5 is a ___________ algorithm
Business enabler
MAC - Mandatory Access Control
Warning banners
One way hash
13. Wiretapping is an example of a ________.
Gathering digital evidence
DAC - Discretionary Access Control
Passive network attack
Off site in a climate controlled area
14. An intrusion detection system is an example of what type of countermeasure?
Logic bombs
Intrusion Detection System
Reboot or system startup
Detective
15. So far - no one has been able to crack the ____________ with Brute Force.
Prevent - Recover - Detect
Quantitative analysis
Not rigid
IDEA algorithm
16. Allows File owners to determine access rights.
IANA
SYN Flooding
Layer 7 - Application
Decentralized access control
17. Information security policies are a ___________________.
Fixed length
Log files
Business enabler
Off site in a climate controlled area
18. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Virus definition downloads and system virus scans
ISO
Log files
Residual risk
19. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Virus definition downloads and system virus scans
involves only computer to computer transactions
0-1023
Assignment
20. One method that can reduce exposure to malicious code is to ___________________
Environmental
Configuration Control
run applications as generic accounts with little or no privileges.
PGP
21. Which of the concepts best describes Availability in relation to computer resources?
Users can gain access to any resource upon request (assuming they have proper permissions)
Personal Firewall - IDS - host based - Antivirus
Configuration Control
involves only computer to computer transactions
22. Smart cards are a secure alternative to which weak security mechanism?
A PGP Signed message
Host based - network based
Passwords
Gathering digital evidence
23. Companies can now be __________ just as easily as they can be sued for security compromises.
SSL
C2
CVE - Common Vulnerabilities and Exposures
Sued for privacy violations
24. The __________ is the most dangerous part of a virus program.
Risk Equation
MAC - Mandatory Access Control
Warning banners
Payload
25. Layer 4 of the OSI model corresponds to which layer of the DoD model?
CRACK
Layer 3 - Host to Host
One way hash
Ethernet
26. ______________ relates to the concept of protecting data from unauthorized users.
Prevent - Recover - Detect
Confidentiality
Test virus
To make user certificates available to others
27. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Data Classification
Logic bombs
Test virus
ISO
28. Examples of One- Time Password technology
S/Key - OPIE
involves only computer to computer transactions
a good password policy
Phreaks
29. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
C2
Depcrypting
Hoaxes
Not rigid
30. They specifically target telephone networks
Phreaks
Confidentiality
S/Key - OPIE
CVE - Common Vulnerabilities and Exposures
31. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Polymorphic
Social Engineering
Steps in handling incidents
Certificate
32. _______________ supply AV engines with false information to avoid detection
Stealth viruses
Separation of Duties
C2
RADIUS
33. Which range defines 'well known ports?'
Depcrypting
Intentions of the perpetrator
0-1023
Prevent - Recover - Detect
34. Countermeasures address security concerns in this category
IDEA algorithm
Sniffer
Less secure
Information
35. Committing computer crimes in such small doses that they almost go unnoticed.
Test virus
Salami attack
Password audit
Sniffer
36. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Steps in handling incidents
A PGP Signed message
Data Hiding
Cryptanalysis
37. A standardized list of the most common security weaknesses and exploits is the __________.
Sued for privacy violations
SLE - Single Loss Expectancy
Authentication
CVE - Common Vulnerabilities and Exposures
38. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
involves only computer to computer transactions
CRACK
Also
Privacy violations
39. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Ethernet
S/Key - OPIE
Warning Banner
MAC - Mandatory Access Control
40. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
product development life cycle
Personal Firewall - IDS - host based - Antivirus
S/Key - OPIE
One way hash
41. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Residual risk
SYN Flooding
RSA
Stateful Inspection
42. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
NT Audit events
Multi-partite viruses
Certificate
A PGP Signed message
43. There are 65536 _________
Passfilt.dll
Layer 3 - Host to Host
Available service ports
Preserve electronic evidence and protect it from any alteration
44. Vulnerability x Threat = RISK is an example of the _______________.
Mobile
Risk Equation
Information Security policies
TIGER
45. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Reboot or system startup
Directive
Ethernet
Passive network attack
46. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Hoaxes
Salami attack
Environmental
Detective
47. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
One way hash
IPSEC
Passwords
48. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Layer 3 - Host to Host
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Cisco
Detective
49. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
RSA
Users can gain access to any resource upon request (assuming they have proper permissions)
SLE - Single Loss Expectancy
Mobile
50. Which organization(s) are responsible for the timely distribution of information security intelligence data?
CERT - SANS - CERIAS - COAST
Intrusion Detection System
Personal Firewall - IDS - host based - Antivirus
Less secure