SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
IPSEC
Unix / Linux based security tools?
Log files
2. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Also
Hoaxes
RADIUS
Cryptanalysis
3. Examples of One- Time Password technology
To make user certificates available to others
C2
S/Key - OPIE
Sued for privacy violations
4. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
PGP
Main goal of a risk management program
product development life cycle
Mobile
5. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Information Security policies
To make user certificates available to others
MAC - Mandatory Access Control
SYN Flooding
6. The most secure method for storing backup tapes is?
Logic bombs
Hackers and crackers
Off site in a climate controlled area
Prevent - Recover - Detect
7. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Detective
Data Classification
Environmental
Business enabler
8. Information security policies are a ___________________.
To make user certificates available to others
IPSEC
Business enabler
Symmetric algorithm
9. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Data Hiding
RSA
Confidentiality
Authentication
10. Stealth viruses live in memory while __________ are written to disk
Main goal of a risk management program
Sniffer
Logic bombs
Steps in handling incidents
11. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Presentation Layer - L6
Stealth viruses
Environmental
Cisco
12. The ultimate goal of a computer forensics specialist is to ___________________.
Logic bombs
Preserve electronic evidence and protect it from any alteration
ISO
Separation of Duties
13. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Confidentiality
Multi-partite viruses
Separation of Duties
14. Digital Certificates use which protocol?
Macro
X.509
Sued for privacy violations
SSL
15. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
S/Key - OPIE
SYN Flooding
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Verisign - Microsoft - Dell
16. A true network security audit does include an audit for _____________
Ethernet
Wild
modems
Steps in handling incidents
17. Which layer of the OSI model handles encryption?
A PGP Signed message
Intrusion Detection System
Presentation Layer - L6
Business enabler
18. A Security Reference Monitor relates to which DoD security standard?
Virus definition downloads and system virus scans
C2
Personal Firewall - IDS - host based - Antivirus
Ethernet
19. Combine both boot and file virus behavior
Multi-partite viruses
SET
Salami attack
Main goal of a risk management program
20. S/MIME was developed for the protection of what communication mechanism(s)?
Phreaks
SSL
Acceptance - Transfer - Mitigate
Email
21. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
To make user certificates available to others
NFS
Personal Firewall - IDS - host based - Antivirus
SET
22. The __________ is the most dangerous part of a virus program.
Payload
Test virus
Log files
SET
23. So far - no one has been able to crack the ____________ with Brute Force.
Quantitative analysis
Email
IDEA algorithm
C2
24. A formula used in Quantitative risk analysis
Data Classification
SLE - Single Loss Expectancy
Passwords
C2
25. Cable modems are ___________than DSL connections
Less secure
Log files
CVE - Common Vulnerabilities and Exposures
Prevent - Recover - Detect
26. The ability to adjust access control to the exact amount of permission necessary is called ______________.
TIGER
CHAP
S/Key - OPIE
Granularity
27. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
Cryptanalysis
Social Engineering
Salami attack
28. __________ is a tool used by network administrators to capture packets from a network.
Fixed length
Sniffer
SET
Risk assessment
29. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Stateful Inspection
Authentication
Stealth viruses
Cisco
30. __________ is the most famous Unix password cracking tool.
Warning banners
CRACK
Cisco
C2
31. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
IDEA algorithm
Test virus
Residual risk
32. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
SET
Data Classification
X.509
Risk assessment
33. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Password audit
DAC - Discretionary Access Control
Confidentiality - Availability -Integrity of data
modems
34. DES - Data Encryption standard has a 128 bit key and is ________
Password audit
a good password policy
Stateful Inspection
Not very difficult to break.
35. Macintosh computers are _____ at risk for receiving viruses.
Intrusion Detection System
CRACK
Also
X.509
36. An attempt to break an encryption algorithm is called _____________.
Cryptanalysis
Risk assessment
Hoaxes
All
37. A boot sector virus goes to work when what event takes place?
Ethernet
Reboot or system startup
Environmental
Fixed length
38. This free (for personal use) program is used to encrypt and decrypt emails.
ISO
Polymorphic
Multi-partite viruses
PGP
39. RSA is not based on a ________
Hackers and crackers
Warning Banner
Symmetric algorithm
Buffer Overflow
40. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
product development life cycle
Business enabler
Configuration Control
41. A standardized list of the most common security weaknesses and exploits is the __________.
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
modems
128
CVE - Common Vulnerabilities and Exposures
42. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Confidentiality
Hackers and crackers
IDEA algorithm
Granularity
43. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
Logic bombs
Intrusion Detection System
Directive
44. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Acceptance - Transfer - Mitigate
Cryptanalysis
Quantitative analysis
Granularity
45. Wiretapping is an example of a ________.
Data Hiding
Passive network attack
Host based - network based
Data Classification
46. To help managers find the correct cost balance between risks and countermeasures
Users can gain access to any resource upon request (assuming they have proper permissions)
Presentation Layer - L6
Main goal of a risk management program
a good password policy
47. Countermeasures address security concerns in this category
Preserve electronic evidence and protect it from any alteration
Information
Acceptance - Transfer - Mitigate
All
48. Companies can now be __________ just as easily as they can be sued for security compromises.
run applications as generic accounts with little or no privileges.
Available service ports
Sued for privacy violations
To make user certificates available to others
49. There are 65536 _________
PGP
Payload
Available service ports
Confidentiality
50. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Password audit
SLE - Single Loss Expectancy
CERT - SANS - CERIAS - COAST
Test virus
