SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Fixed length
Risk assessment
CVE - Common Vulnerabilities and Exposures
a good password policy
2. A true network security audit does include an audit for _____________
Intentions of the perpetrator
modems
Symmetric algorithm
Password audit
3. Which of the concepts best describes Availability in relation to computer resources?
Users can gain access to any resource upon request (assuming they have proper permissions)
Cramming
SSL
RADIUS
4. Smart cards are a secure alternative to which weak security mechanism?
Business enabler
Passwords
RSA
product development life cycle
5. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Users can gain access to any resource upon request (assuming they have proper permissions)
Verisign - Microsoft - Dell
SYN Flooding
Intrusion Detection System
6. A ______________ is an electronically generated record that ties a user's ID to their public key.
Virus definition downloads and system virus scans
Less secure
CHAP
Certificate
7. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SYN Flooding
NT Audit events
Gathering digital evidence
SET
8. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Confidentiality - Availability -Integrity of data
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Cramming
Passwords
9. The most secure method for storing backup tapes is?
Main goal of a risk management program
NT Audit events
Off site in a climate controlled area
A PGP Signed message
10. Organizations that can be a valid Certificate Authority (CA)
Fixed length
Verisign - Microsoft - Dell
0-1023
DSS - Digital Signature Standard
11. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
A PGP Signed message
Off site in a climate controlled area
Buffer Overflow
Hoaxes
12. Cable modems are ___________than DSL connections
Configuration Control
Cramming
Less secure
SLE - Single Loss Expectancy
13. ____________ is a file system that was poorly designed and has numerous security flaws.
Ethernet
Logic bombs
ISO
NFS
14. An intrusion detection system is an example of what type of countermeasure?
Detective
product development life cycle
Social Engineering
SYN Flooding
15. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Acceptance - Transfer - Mitigate
Symmetric algorithm
CERT - SANS - CERIAS - COAST
IPSEC
16. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
RSA
Warning Banner
Not rigid
Verisign - Microsoft - Dell
17. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
MAC - Mandatory Access Control
SLE - Single Loss Expectancy
Buffer Overflow
18. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
IPSEC
Cryptanalysis
Symmetric algorithm
19. A Security Reference Monitor relates to which DoD security standard?
C2
modems
SYN Flooding
Not rigid
20. An attempt to break an encryption algorithm is called _____________.
Business enabler
Social Engineering
Cryptanalysis
Unix / Linux based security tools?
21. Examples of One- Time Password technology
CHAP
S/Key - OPIE
TIGER
Verisign - Microsoft - Dell
22. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Decentralized access control
Password audit
ISO
Protection of data from unauthorized users
23. Allows File owners to determine access rights.
CERT - SANS - CERIAS - COAST
Reboot or system startup
Decentralized access control
Social Engineering
24. Accounting - Authentication - and ____________ are the AAAs of information security.
Host based - network based
Authorization
Symmetric algorithm
SLE - Single Loss Expectancy
25. The IDEA algorithm (used in PGP) is _______ bits long.
modems
CRACK
Polymorphic
128
26. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Warning banners
Log files
Host based - network based
27. Name two types of Intrusion Detection Systems
MAC - Mandatory Access Control
Host based - network based
Directive
Stateful Inspection
28. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Granularity
PGP
Reboot or system startup
A PGP Signed message
29. Main goals of an information security program
Confidentiality - Availability -Integrity of data
Confidentiality
TIGER
Detective
30. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Hoaxes
DSS - Digital Signature Standard
Macro
Authentication
31. ____ members of the staff need to be educated in disaster recovery procedures.
All
Available service ports
Separation of Duties
Detective
32. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Information
Also
Authentication
33. Vulnerability x Threat = RISK is an example of the _______________.
Biometrics
128
RSA
Risk Equation
34. They specifically target telephone networks
Layer 7 - Application
Multi-partite viruses
Social Engineering
Phreaks
35. Which range defines 'well known ports?'
Presentation Layer - L6
Logic bombs
Environmental
0-1023
36. RSA is not based on a ________
Stateful Inspection
Users can gain access to any resource upon request (assuming they have proper permissions)
Symmetric algorithm
Intrusion Detection System
37. Which layer of the OSI model handles encryption?
Verisign - Microsoft - Dell
Warning Banner
Presentation Layer - L6
a good password policy
38. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Presentation Layer - L6
product development life cycle
Confidentiality
Configuration Control
39. A one way hash converts a string of random length into a _______________ encrypted string.
IDEA algorithm
Verisign - Microsoft - Dell
Logic bombs
Fixed length
40. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Data Classification
Test virus
Gathering digital evidence
SLE - Single Loss Expectancy
41. A standardized list of the most common security weaknesses and exploits is the __________.
DSS - Digital Signature Standard
RADIUS
CVE - Common Vulnerabilities and Exposures
Not very difficult to break.
42. Wiretapping is an example of a ________.
Multi-partite viruses
C2
Passive network attack
SYN Flooding
43. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Cisco
Not rigid
IPSEC
Stealth viruses
44. ___________________ viruses change the code order of the strain each time they replicate to another machine.
a good password policy
Polymorphic
Log files
NT Audit events
45. ________ is the authoritative entity which lists port assignments
Personal Firewall - IDS - host based - Antivirus
IANA
Hackers and crackers
0-1023
46. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Environmental
Layer 3 - Host to Host
Residual risk
Preserve electronic evidence and protect it from any alteration
47. Contain - Recover - Review - Identify - Prepare
Cryptanalysis
Steps in handling incidents
Less secure
Privacy violations
48. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
NFS
CVE - Common Vulnerabilities and Exposures
Sniffer
49. ______________ relates to the concept of protecting data from unauthorized users.
Warning Banner
Less secure
Confidentiality
Granularity
50. The ability to identify and audit a user and his / her actions is known as ____________.
Accountability
Also
Logic bombs
Reboot or system startup