SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Information security policies are a ___________________.
Business enabler
run applications as generic accounts with little or no privileges.
ISO
Email
2. Smart cards are a secure alternative to which weak security mechanism?
Residual risk
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Passwords
Granularity
3. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Hoaxes
Stateful Inspection
Password audit
a good password policy
4. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
MAC - Mandatory Access Control
Off site in a climate controlled area
Wild
Assignment
5. Cable modems are ___________than DSL connections
Cramming
Privacy violations
Less secure
Verisign - Microsoft - Dell
6. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
Risk Equation
RADIUS
DSS - Digital Signature Standard
7. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Presentation Layer - L6
DAC - Discretionary Access Control
NFS
Granularity
8. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Environmental
To make user certificates available to others
Host based - network based
Ethernet
9. So far - no one has been able to crack the ____________ with Brute Force.
Phreaks
IDEA algorithm
Layer 7 - Application
DSS - Digital Signature Standard
10. Countermeasures address security concerns in this category
To make user certificates available to others
Information
DSS - Digital Signature Standard
Directive
11. __________ is the most famous Unix password cracking tool.
Detective
Mobile
Passive network attack
CRACK
12. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Main goal of a risk management program
MAC - Mandatory Access Control
Password audit
Unix / Linux based security tools?
13. A one way hash converts a string of random length into a _______________ encrypted string.
Environmental
Fixed length
Passwords
Warning banners
14. A formula used in Quantitative risk analysis
Passive network attack
SLE - Single Loss Expectancy
NT Audit events
Data Classification
15. The most secure method for storing backup tapes is?
Multi-partite viruses
Off site in a climate controlled area
Authentication
Cisco
16. Countermeasures' main objectives
Prevent - Recover - Detect
Quantitative analysis
Warning banners
Cramming
17. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Detective
Layer 3 - Host to Host
Virus definition downloads and system virus scans
18. DES - Data Encryption standard has a 128 bit key and is ________
X.509
Not very difficult to break.
NT Audit events
Risk assessment
19. The ability to identify and audit a user and his / her actions is known as ____________.
DAC - Discretionary Access Control
MAC - Mandatory Access Control
Accountability
Gathering digital evidence
20. Name two types of Intrusion Detection Systems
Host based - network based
CVE - Common Vulnerabilities and Exposures
CHAP
Passfilt.dll
21. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
Steps in handling incidents
DSS - Digital Signature Standard
Stealth viruses
22. Today - ______________ are almost as serious as security violations
Privacy violations
Quantitative analysis
All
Unix / Linux based security tools?
23. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Privacy violations
PGP
DSS - Digital Signature Standard
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
24. ____ members of the staff need to be educated in disaster recovery procedures.
Prevent - Recover - Detect
Email
All
Intentions of the perpetrator
25. Allows File owners to determine access rights.
Decentralized access control
Biometrics
Passive network attack
Confidentiality - Availability -Integrity of data
26. What security principle is based on the division of job responsibilities - designed to prevent fraud?
X.509
Separation of Duties
Preserve electronic evidence and protect it from any alteration
CHAP
27. Layer 4 of the OSI model corresponds to which layer of the DoD model?
MAC - Mandatory Access Control
Business enabler
Layer 3 - Host to Host
Sniffer
28. An attempt to break an encryption algorithm is called _____________.
Virus definition downloads and system virus scans
Data Classification
Email
Cryptanalysis
29. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
run applications as generic accounts with little or no privileges.
Gathering digital evidence
SYN Flooding
Acceptance - Transfer - Mitigate
30. Which of the following is NOT and encryption algorithm?
ISO
SSL
NT Audit events
Man In The Middle
31. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Detective
Log files
SSL
Polymorphic
32. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
To make user certificates available to others
Personal Firewall - IDS - host based - Antivirus
Password audit
Stealth viruses
33. What is the main difference between computer abuse and computer crime?
Intentions of the perpetrator
Logic bombs
run applications as generic accounts with little or no privileges.
Available service ports
34. Data being delivered from the source to the intended receiver without being altered
Phreaks
Depcrypting
modems
Protection of data from unauthorized users
35. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Protection of data from unauthorized users
Unix / Linux based security tools?
Users can gain access to any resource upon request (assuming they have proper permissions)
To make user certificates available to others
36. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Residual risk
Cryptanalysis
DSS - Digital Signature Standard
Passive network attack
37. HTTP - FTP - SMTP reside at which layer of the OSI model?
Biometrics
Layer 7 - Application
Test virus
Quantitative analysis
38. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Sniffer
S/Key - OPIE
Log files
Separation of Duties
39. Stealth viruses live in memory while __________ are written to disk
Layer 7 - Application
IANA
Logic bombs
Protection of data from unauthorized users
40. Ways to deal with risk.
Acceptance - Transfer - Mitigate
involves only computer to computer transactions
Salami attack
SSL
41. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
To make user certificates available to others
Directive
Preserve electronic evidence and protect it from any alteration
involves only computer to computer transactions
42. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Stealth viruses
Certificate
CRACK
Hackers and crackers
43. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
run applications as generic accounts with little or no privileges.
Users can gain access to any resource upon request (assuming they have proper permissions)
Separation of Duties
44. Logon and Logoff - Use of User Rights - Security Policy Change
MAC - Mandatory Access Control
Data Classification
Mobile
NT Audit events
45. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Authentication
Cramming
Buffer Overflow
CRACK
46. Which range defines 'well known ports?'
0-1023
CRACK
Less secure
Macro
47. A boot sector virus goes to work when what event takes place?
IPSEC
All
Reboot or system startup
Layer 3 - Host to Host
48. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Granularity
Also
run applications as generic accounts with little or no privileges.
Cramming
49. MD5 is a ___________ algorithm
Privacy violations
Salami attack
Off site in a climate controlled area
One way hash
50. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Sued for privacy violations
SET
Prevent - Recover - Detect
Password audit
