SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following is NOT and encryption algorithm?
Confidentiality
Quantitative analysis
SSL
involves only computer to computer transactions
2. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
Mobile
Symmetric algorithm
Biometrics
3. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Ethernet
Sniffer
Buffer Overflow
Logic bombs
4. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Depcrypting
Authentication
Man In The Middle
Information Security policies
5. Stealth viruses live in memory while __________ are written to disk
Directive
RADIUS
X.509
Logic bombs
6. A one way hash converts a string of random length into a _______________ encrypted string.
CHAP
Fixed length
Passfilt.dll
Decentralized access control
7. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Steps in handling incidents
Quantitative analysis
Depcrypting
C2
8. S/MIME was developed for the protection of what communication mechanism(s)?
128
Unix / Linux based security tools?
Off site in a climate controlled area
Email
9. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Detective
Unix / Linux based security tools?
Multi-partite viruses
10. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Host based - network based
ISO
Unix / Linux based security tools?
CVE - Common Vulnerabilities and Exposures
11. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Test virus
Cryptanalysis
Decentralized access control
One way hash
12. ________ is the authoritative entity which lists port assignments
IANA
0-1023
DAC - Discretionary Access Control
Cisco
13. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
Off site in a climate controlled area
Configuration Control
Intrusion Detection System
14. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Decentralized access control
Presentation Layer - L6
Layer 7 - Application
Stateful Inspection
15. Main goals of an information security program
Confidentiality - Availability -Integrity of data
Unix / Linux based security tools?
NFS
Privacy violations
16. ______________ is a major component of an overall risk management program.
Risk assessment
PGP
Information Security policies
RADIUS
17. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Authentication
Environmental
a good password policy
run applications as generic accounts with little or no privileges.
18. Information security policies are a ___________________.
Business enabler
Logic bombs
Cramming
CERT - SANS - CERIAS - COAST
19. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Warning Banner
Ethernet
Users can gain access to any resource upon request (assuming they have proper permissions)
NT Audit events
20. MD5 is a ___________ algorithm
One way hash
Salami attack
Cryptanalysis
Confidentiality - Availability -Integrity of data
21. RSA is not based on a ________
Information Security policies
Symmetric algorithm
Certificate
One way hash
22. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Data Classification
Information Security policies
Risk assessment
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
23. HTTP - FTP - SMTP reside at which layer of the OSI model?
Sniffer
Presentation Layer - L6
Layer 7 - Application
Warning Banner
24. A formula used in Quantitative risk analysis
a good password policy
All
SLE - Single Loss Expectancy
Stateful Inspection
25. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Gathering digital evidence
Social Engineering
PGP
Cramming
26. The IDEA algorithm (used in PGP) is _______ bits long.
involves only computer to computer transactions
128
SET
Quantitative analysis
27. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
Depcrypting
Passive network attack
Residual risk
28. They specifically target telephone networks
Macro
Preserve electronic evidence and protect it from any alteration
Phreaks
Verisign - Microsoft - Dell
29. Data being delivered from the source to the intended receiver without being altered
Protection of data from unauthorized users
Passfilt.dll
Ethernet
Sued for privacy violations
30. DES - Data Encryption standard has a 128 bit key and is ________
Not very difficult to break.
Data Hiding
Virus definition downloads and system virus scans
Environmental
31. What is the main difference between computer abuse and computer crime?
Off site in a climate controlled area
CHAP
Logic bombs
Intentions of the perpetrator
32. One method that can reduce exposure to malicious code is to ___________________
Residual risk
Warning Banner
run applications as generic accounts with little or no privileges.
Steps in handling incidents
33. ____________ is a file system that was poorly designed and has numerous security flaws.
S/Key - OPIE
NFS
Logic bombs
Prevent - Recover - Detect
34. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Cryptanalysis
Data Classification
Cisco
Accountability
35. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Main goal of a risk management program
Man In The Middle
Wild
Less secure
36. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Configuration Control
IANA
Mobile
Data Classification
37. Ways to deal with risk.
Layer 7 - Application
Unix / Linux based security tools?
Acceptance - Transfer - Mitigate
Email
38. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
RSA
SLE - Single Loss Expectancy
Assignment
CVE - Common Vulnerabilities and Exposures
39. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Not rigid
Users can gain access to any resource upon request (assuming they have proper permissions)
Data Hiding
Information
40. IKE - Internet Key Exchange is often used in conjunction with what security standard?
IPSEC
Less secure
RADIUS
Email
41. These should be done on a weekly basis
Not rigid
Reboot or system startup
All
Virus definition downloads and system virus scans
42. The most secure method for storing backup tapes is?
Ethernet
Decentralized access control
Mobile
Off site in a climate controlled area
43. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
PGP
Residual risk
Business enabler
44. There are 65536 _________
Risk assessment
SYN Flooding
Fixed length
Available service ports
45. Which range defines 'well known ports?'
Test virus
Gathering digital evidence
0-1023
S/Key - OPIE
46. The ability to identify and audit a user and his / her actions is known as ____________.
All
Accountability
Data Classification
Fixed length
47. A Security Reference Monitor relates to which DoD security standard?
Personal Firewall - IDS - host based - Antivirus
Polymorphic
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
C2
48. An intrusion detection system is an example of what type of countermeasure?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Accountability
Preserve electronic evidence and protect it from any alteration
Detective
49. Vulnerability x Threat = RISK is an example of the _______________.
Less secure
Personal Firewall - IDS - host based - Antivirus
Risk Equation
Quantitative analysis
50. So far - no one has been able to crack the ____________ with Brute Force.
Authorization
IDEA algorithm
Certificate
Stealth viruses
