SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The ultimate goal of a computer forensics specialist is to ___________________.
X.509
Preserve electronic evidence and protect it from any alteration
Host based - network based
Passive network attack
2. Digital Certificates use which protocol?
X.509
Virus definition downloads and system virus scans
Passive network attack
RSA
3. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
One way hash
Multi-partite viruses
Residual risk
Not rigid
4. Macintosh computers are _____ at risk for receiving viruses.
Passive network attack
SYN Flooding
Also
Residual risk
5. Information security policies are a ___________________.
Detective
Business enabler
Certificate
Macro
6. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
DAC - Discretionary Access Control
Hoaxes
modems
Intentions of the perpetrator
7. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
involves only computer to computer transactions
MAC - Mandatory Access Control
IANA
PGP
8. Countermeasures' main objectives
Biometrics
Prevent - Recover - Detect
Business enabler
Social Engineering
9. MD5 is a ___________ algorithm
Confidentiality
Privacy violations
One way hash
Not rigid
10. Remote Access Dial-in User Service
Intrusion Detection System
RADIUS
Users can gain access to any resource upon request (assuming they have proper permissions)
RSA
11. Combine both boot and file virus behavior
IDEA algorithm
Multi-partite viruses
Steps in handling incidents
RADIUS
12. Contain - Recover - Review - Identify - Prepare
Preserve electronic evidence and protect it from any alteration
Steps in handling incidents
Intrusion Detection System
Quantitative analysis
13. These should be done on a weekly basis
Multi-partite viruses
Data Hiding
Virus definition downloads and system virus scans
Layer 3 - Host to Host
14. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SLE - Single Loss Expectancy
SET
Layer 7 - Application
X.509
15. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Assignment
Cryptanalysis
Directive
Users can gain access to any resource upon request (assuming they have proper permissions)
16. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Email
IPSEC
PGP
Directive
17. A boot sector virus goes to work when what event takes place?
Authorization
NFS
Confidentiality
Reboot or system startup
18. The ability to identify and audit a user and his / her actions is known as ____________.
Preserve electronic evidence and protect it from any alteration
Accountability
MAC - Mandatory Access Control
Biometrics
19. Ways to deal with risk.
NT Audit events
Wild
Layer 3 - Host to Host
Acceptance - Transfer - Mitigate
20. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Wild
Log files
Available service ports
Verisign - Microsoft - Dell
21. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Personal Firewall - IDS - host based - Antivirus
Environmental
Business enabler
Data Classification
22. ______________ is a Unix security scanning tool developed at Texas A&M university.
TIGER
Off site in a climate controlled area
CHAP
Virus definition downloads and system virus scans
23. Committing computer crimes in such small doses that they almost go unnoticed.
ISO
Mobile
Social Engineering
Salami attack
24. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
SET
Protection of data from unauthorized users
Granularity
25. A formula used in Quantitative risk analysis
Data Classification
Intrusion Detection System
Risk Equation
SLE - Single Loss Expectancy
26. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
0-1023
Social Engineering
Authentication
27. Data being delivered from the source to the intended receiver without being altered
CHAP
A PGP Signed message
Also
Protection of data from unauthorized users
28. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Authorization
Warning Banner
involves only computer to computer transactions
Separation of Duties
29. ________ is the authoritative entity which lists port assignments
IANA
A PGP Signed message
Hoaxes
Polymorphic
30. __________ is a tool used by network administrators to capture packets from a network.
Data Hiding
Sniffer
Also
Less secure
31. So far - no one has been able to crack the ____________ with Brute Force.
Directive
Mobile
Polymorphic
IDEA algorithm
32. Examples of One- Time Password technology
Off site in a climate controlled area
Information Security policies
S/Key - OPIE
Privacy violations
33. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Protection of data from unauthorized users
Email
Not rigid
TIGER
34. Allows File owners to determine access rights.
Decentralized access control
X.509
Accountability
Salami attack
35. There are 65536 _________
128
Biometrics
Users can gain access to any resource upon request (assuming they have proper permissions)
Available service ports
36. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
involves only computer to computer transactions
NT Audit events
product development life cycle
Separation of Duties
37. IKE - Internet Key Exchange is often used in conjunction with what security standard?
IPSEC
Fixed length
Layer 7 - Application
Gathering digital evidence
38. A standardized list of the most common security weaknesses and exploits is the __________.
Mobile
CVE - Common Vulnerabilities and Exposures
SET
Information
39. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Residual risk
Privacy violations
Prevent - Recover - Detect
Cramming
40. Logon and Logoff - Use of User Rights - Security Policy Change
Logic bombs
Confidentiality
Personal Firewall - IDS - host based - Antivirus
NT Audit events
41. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Polymorphic
Layer 3 - Host to Host
A PGP Signed message
42. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Layer 3 - Host to Host
Granularity
Password audit
Layer 7 - Application
43. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Wild
X.509
Buffer Overflow
Authentication
44. An intrusion detection system is an example of what type of countermeasure?
Stateful Inspection
Directive
Detective
Configuration Control
45. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
involves only computer to computer transactions
Buffer Overflow
MAC - Mandatory Access Control
C2
46. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
Layer 7 - Application
Accountability
Decentralized access control
47. Organizations that can be a valid Certificate Authority (CA)
modems
Verisign - Microsoft - Dell
Directive
Not very difficult to break.
48. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Passive network attack
One way hash
Mobile
TIGER
49. RSA is not based on a ________
RADIUS
Symmetric algorithm
Sniffer
Password audit
50. A Security Reference Monitor relates to which DoD security standard?
TIGER
C2
Symmetric algorithm
DSS - Digital Signature Standard