SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Log files
A PGP Signed message
Social Engineering
Mobile
2. Smart cards are a secure alternative to which weak security mechanism?
product development life cycle
Passwords
Confidentiality - Availability -Integrity of data
Off site in a climate controlled area
3. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Fixed length
product development life cycle
Wild
Test virus
4. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Accountability
RSA
Detective
Hackers and crackers
5. A true network security audit does include an audit for _____________
Quantitative analysis
Layer 7 - Application
modems
S/Key - OPIE
6. They specifically target telephone networks
Depcrypting
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
One way hash
Phreaks
7. A formula used in Quantitative risk analysis
A PGP Signed message
SLE - Single Loss Expectancy
Macro
Verisign - Microsoft - Dell
8. These should be done on a weekly basis
Salami attack
IDEA algorithm
Environmental
Virus definition downloads and system virus scans
9. Examples of One- Time Password technology
Passwords
Layer 7 - Application
S/Key - OPIE
DSS - Digital Signature Standard
10. So far - no one has been able to crack the ____________ with Brute Force.
Hoaxes
IDEA algorithm
Separation of Duties
Phreaks
11. Which organization(s) are responsible for the timely distribution of information security intelligence data?
CERT - SANS - CERIAS - COAST
Verisign - Microsoft - Dell
Users can gain access to any resource upon request (assuming they have proper permissions)
Log files
12. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Separation of Duties
Information Security policies
Accountability
Users can gain access to any resource upon request (assuming they have proper permissions)
13. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Assignment
Acceptance - Transfer - Mitigate
Gathering digital evidence
Quantitative analysis
14. __________ is a tool used by network administrators to capture packets from a network.
Layer 7 - Application
Sniffer
Prevent - Recover - Detect
Polymorphic
15. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Payload
Authorization
Layer 3 - Host to Host
Passwords
16. Wiretapping is an example of a ________.
Data Classification
Passive network attack
Not very difficult to break.
Verisign - Microsoft - Dell
17. Ways to deal with risk.
Acceptance - Transfer - Mitigate
Decentralized access control
Log files
A PGP Signed message
18. Logon and Logoff - Use of User Rights - Security Policy Change
NT Audit events
DSS - Digital Signature Standard
Layer 3 - Host to Host
Wild
19. Countermeasures address security concerns in this category
Authentication
Information
Protection of data from unauthorized users
Host based - network based
20. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Host based - network based
Polymorphic
Decentralized access control
DSS - Digital Signature Standard
21. The ability to identify and audit a user and his / her actions is known as ____________.
Accountability
Less secure
Email
Man In The Middle
22. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
To make user certificates available to others
Mobile
Password audit
Cryptanalysis
23. IKE - Internet Key Exchange is often used in conjunction with what security standard?
modems
Hackers and crackers
Protection of data from unauthorized users
IPSEC
24. A Security Reference Monitor relates to which DoD security standard?
Detective
CERT - SANS - CERIAS - COAST
Cisco
C2
25. S/MIME was developed for the protection of what communication mechanism(s)?
Email
One way hash
Phreaks
Log files
26. Allows File owners to determine access rights.
Man In The Middle
Phreaks
Decentralized access control
Data Hiding
27. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Presentation Layer - L6
Quantitative analysis
Residual risk
Passfilt.dll
28. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Mobile
Business enabler
run applications as generic accounts with little or no privileges.
Wild
29. Which range defines 'well known ports?'
Risk Equation
0-1023
Hackers and crackers
Configuration Control
30. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Accountability
involves only computer to computer transactions
Less secure
Test virus
31. Which of the concepts best describes Availability in relation to computer resources?
S/Key - OPIE
Password audit
Users can gain access to any resource upon request (assuming they have proper permissions)
Layer 3 - Host to Host
32. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Test virus
Main goal of a risk management program
Reboot or system startup
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
33. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
CRACK
Cramming
Host based - network based
run applications as generic accounts with little or no privileges.
34. It is difficult to prosecute a computer criminal if _________ are not deployed
CERT - SANS - CERIAS - COAST
Email
SYN Flooding
Warning banners
35. Identifying specific attempts to penetrate systems is the function of the _______________.
Buffer Overflow
Intrusion Detection System
Granularity
Presentation Layer - L6
36. Organizations that can be a valid Certificate Authority (CA)
Payload
Verisign - Microsoft - Dell
Wild
SLE - Single Loss Expectancy
37. Which of the following is NOT and encryption algorithm?
Steps in handling incidents
Sued for privacy violations
CVE - Common Vulnerabilities and Exposures
SSL
38. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Passive network attack
RSA
C2
Layer 7 - Application
39. Data being delivered from the source to the intended receiver without being altered
CERT - SANS - CERIAS - COAST
Protection of data from unauthorized users
Certificate
CRACK
40. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Not very difficult to break.
Users can gain access to any resource upon request (assuming they have proper permissions)
Available service ports
41. Combine both boot and file virus behavior
Hoaxes
Host based - network based
Passive network attack
Multi-partite viruses
42. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Risk Equation
Environmental
Users can gain access to any resource upon request (assuming they have proper permissions)
Intrusion Detection System
43. Remote Access Dial-in User Service
RADIUS
Confidentiality
Passwords
Intrusion Detection System
44. This free (for personal use) program is used to encrypt and decrypt emails.
Verisign - Microsoft - Dell
PGP
Multi-partite viruses
MAC - Mandatory Access Control
45. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
run applications as generic accounts with little or no privileges.
Log files
Environmental
Residual risk
46. A ______________ is an electronically generated record that ties a user's ID to their public key.
Ethernet
IDEA algorithm
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Certificate
47. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Buffer Overflow
Multi-partite viruses
RSA
Virus definition downloads and system virus scans
48. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Risk assessment
C2
Log files
product development life cycle
49. Public keys are used for encrypting messages and private keys are used for __________messages.
SLE - Single Loss Expectancy
Depcrypting
Privacy violations
0-1023
50. DES - Data Encryption standard has a 128 bit key and is ________
Data Hiding
Sued for privacy violations
modems
Not very difficult to break.
