SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Granularity
Unix / Linux based security tools?
involves only computer to computer transactions
Protection of data from unauthorized users
2. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Payload
a good password policy
Intentions of the perpetrator
Off site in a climate controlled area
3. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Main goal of a risk management program
0-1023
Payload
SYN Flooding
4. Combine both boot and file virus behavior
SET
RSA
Warning Banner
Multi-partite viruses
5. Contain - Recover - Review - Identify - Prepare
Prevent - Recover - Detect
One way hash
Gathering digital evidence
Steps in handling incidents
6. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Reboot or system startup
Fixed length
IPSEC
NFS
7. __________ is a tool used by network administrators to capture packets from a network.
Directive
Host based - network based
Sniffer
Intrusion Detection System
8. __________ is the most famous Unix password cracking tool.
CRACK
Confidentiality
Risk Equation
Stealth viruses
9. The IDEA algorithm (used in PGP) is _______ bits long.
Not rigid
Granularity
One way hash
128
10. Which of the following is NOT and encryption algorithm?
Prevent - Recover - Detect
modems
SSL
Stateful Inspection
11. A standardized list of the most common security weaknesses and exploits is the __________.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
NFS
CVE - Common Vulnerabilities and Exposures
Verisign - Microsoft - Dell
12. A boot sector virus goes to work when what event takes place?
Reboot or system startup
Biometrics
Sued for privacy violations
Authorization
13. Name two types of Intrusion Detection Systems
Host based - network based
CHAP
Not rigid
Directive
14. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Directive
To make user certificates available to others
SYN Flooding
One way hash
15. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Not very difficult to break.
IDEA algorithm
Layer 3 - Host to Host
Information
16. Information security policies are a ___________________.
Wild
Business enabler
0-1023
Man In The Middle
17. These should be done on a weekly basis
IPSEC
All
Protection of data from unauthorized users
Virus definition downloads and system virus scans
18. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
CRACK
Business enabler
SLE - Single Loss Expectancy
19. A ______________ is an electronically generated record that ties a user's ID to their public key.
Cramming
Directive
Certificate
Ethernet
20. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Presentation Layer - L6
Accountability
Hoaxes
Intrusion Detection System
21. Today - ______________ are almost as serious as security violations
Privacy violations
CERT - SANS - CERIAS - COAST
Decentralized access control
128
22. To help managers find the correct cost balance between risks and countermeasures
Salami attack
Depcrypting
Risk assessment
Main goal of a risk management program
23. So far - no one has been able to crack the ____________ with Brute Force.
Authorization
IDEA algorithm
CRACK
One way hash
24. HTTP - FTP - SMTP reside at which layer of the OSI model?
Buffer Overflow
PGP
Stateful Inspection
Layer 7 - Application
25. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Risk Equation
Information Security policies
Polymorphic
Passive network attack
26. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
CHAP
Warning Banner
Environmental
Acceptance - Transfer - Mitigate
27. Remote Access Dial-in User Service
NFS
PGP
RADIUS
One way hash
28. Accounting - Authentication - and ____________ are the AAAs of information security.
MAC - Mandatory Access Control
modems
Depcrypting
Authorization
29. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Cisco
Stateful Inspection
Host based - network based
SYN Flooding
30. Identifying specific attempts to penetrate systems is the function of the _______________.
Cramming
Depcrypting
Intrusion Detection System
Email
31. There are 65536 _________
Available service ports
Buffer Overflow
All
Off site in a climate controlled area
32. DES - Data Encryption standard has a 128 bit key and is ________
Not very difficult to break.
a good password policy
SET
Test virus
33. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Not very difficult to break.
Warning Banner
Data Classification
SET
34. _______________ supply AV engines with false information to avoid detection
Logic bombs
modems
A PGP Signed message
Stealth viruses
35. The __________ is the most dangerous part of a virus program.
Payload
Wild
Verisign - Microsoft - Dell
RADIUS
36. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Reboot or system startup
CERT - SANS - CERIAS - COAST
Macro
Available service ports
37. A formula used in Quantitative risk analysis
Multi-partite viruses
SLE - Single Loss Expectancy
Password audit
Privacy violations
38. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Quantitative analysis
To make user certificates available to others
Information Security policies
Intentions of the perpetrator
39. ______________ is a major component of an overall risk management program.
PGP
Layer 7 - Application
Risk assessment
SLE - Single Loss Expectancy
40. Macintosh computers are _____ at risk for receiving viruses.
Also
modems
Less secure
IPSEC
41. The ultimate goal of a computer forensics specialist is to ___________________.
Preserve electronic evidence and protect it from any alteration
Configuration Control
Available service ports
NT Audit events
42. Public keys are used for encrypting messages and private keys are used for __________messages.
All
Residual risk
Depcrypting
DSS - Digital Signature Standard
43. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Main goal of a risk management program
TIGER
Hackers and crackers
ISO
44. Cable modems are ___________than DSL connections
Less secure
To make user certificates available to others
Quantitative analysis
One way hash
45. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
SLE - Single Loss Expectancy
Test virus
Granularity
Risk assessment
46. What is the main difference between computer abuse and computer crime?
Confidentiality - Availability -Integrity of data
Multi-partite viruses
Depcrypting
Intentions of the perpetrator
47. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Data Classification
X.509
Quantitative analysis
Risk Equation
48. There are 5 classes of IP addresses available - but only 3 classes are in common use today
CHAP
Not rigid
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Users can gain access to any resource upon request (assuming they have proper permissions)
49. ______________ is a Unix security scanning tool developed at Texas A&M university.
Passfilt.dll
TIGER
NT Audit events
Privacy violations
50. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
One way hash
Users can gain access to any resource upon request (assuming they have proper permissions)
Gathering digital evidence
Passwords
