SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Countermeasures address security concerns in this category
Users can gain access to any resource upon request (assuming they have proper permissions)
Verisign - Microsoft - Dell
Information
Cisco
2. An intrusion detection system is an example of what type of countermeasure?
Warning banners
Detective
Assignment
SLE - Single Loss Expectancy
3. Wiretapping is an example of a ________.
Passive network attack
Confidentiality
Mobile
RADIUS
4. Which range defines 'well known ports?'
Log files
Warning banners
Configuration Control
0-1023
5. Information security policies are a ___________________.
Not very difficult to break.
Available service ports
Business enabler
Phreaks
6. The __________ is the most dangerous part of a virus program.
Payload
modems
Depcrypting
DAC - Discretionary Access Control
7. Name two types of Intrusion Detection Systems
Verisign - Microsoft - Dell
PGP
Host based - network based
Authentication
8. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Main goal of a risk management program
Social Engineering
Prevent - Recover - Detect
9. This free (for personal use) program is used to encrypt and decrypt emails.
PGP
Passwords
Information Security policies
product development life cycle
10. Digital Certificates use which protocol?
Layer 3 - Host to Host
To make user certificates available to others
X.509
Verisign - Microsoft - Dell
11. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
SYN Flooding
Preserve electronic evidence and protect it from any alteration
Gathering digital evidence
Buffer Overflow
12. They specifically target telephone networks
Phreaks
Protection of data from unauthorized users
SSL
CHAP
13. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Protection of data from unauthorized users
Passfilt.dll
Hackers and crackers
Multi-partite viruses
14. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Passwords
Stateful Inspection
Ethernet
CRACK
15. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Cisco
SYN Flooding
Not rigid
CERT - SANS - CERIAS - COAST
16. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Not very difficult to break.
Depcrypting
Data Classification
CRACK
17. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Reboot or system startup
Password audit
a good password policy
product development life cycle
18. Smart cards are a secure alternative to which weak security mechanism?
Mobile
PGP
Passwords
Warning banners
19. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Biometrics
Information Security policies
IDEA algorithm
DAC - Discretionary Access Control
20. HTTP - FTP - SMTP reside at which layer of the OSI model?
RADIUS
Layer 7 - Application
Main goal of a risk management program
CHAP
21. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
S/Key - OPIE
Sniffer
Ethernet
Prevent - Recover - Detect
22. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Wild
Also
Separation of Duties
23. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
product development life cycle
Mobile
run applications as generic accounts with little or no privileges.
CHAP
24. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
MAC - Mandatory Access Control
Environmental
Cisco
Not very difficult to break.
25. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Intentions of the perpetrator
Presentation Layer - L6
Authorization
Gathering digital evidence
26. Logon and Logoff - Use of User Rights - Security Policy Change
Detective
Symmetric algorithm
Biometrics
NT Audit events
27. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Intrusion Detection System
Information
Data Hiding
Cryptanalysis
28. ______________ is a major component of an overall risk management program.
Risk assessment
0-1023
Hackers and crackers
Depcrypting
29. Companies can now be __________ just as easily as they can be sued for security compromises.
Warning banners
Granularity
Sued for privacy violations
ISO
30. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Main goal of a risk management program
RADIUS
Social Engineering
Warning Banner
31. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Assignment
Salami attack
NFS
product development life cycle
32. ____________ is a file system that was poorly designed and has numerous security flaws.
Detective
NFS
Acceptance - Transfer - Mitigate
Directive
33. Countermeasures' main objectives
Prevent - Recover - Detect
Mobile
Hackers and crackers
Confidentiality - Availability -Integrity of data
34. RSA is not based on a ________
Certificate
Environmental
Layer 3 - Host to Host
Symmetric algorithm
35. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Reboot or system startup
Cryptanalysis
Test virus
Assignment
36. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
CHAP
Intentions of the perpetrator
Confidentiality - Availability -Integrity of data
involves only computer to computer transactions
37. Stealth viruses live in memory while __________ are written to disk
Logic bombs
Log files
C2
X.509
38. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Stealth viruses
Certificate
SET
Layer 3 - Host to Host
39. Remote Access Dial-in User Service
Privacy violations
Accountability
Multi-partite viruses
RADIUS
40. Which organization(s) are responsible for the timely distribution of information security intelligence data?
0-1023
CERT - SANS - CERIAS - COAST
Phreaks
Business enabler
41. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Acceptance - Transfer - Mitigate
Passfilt.dll
product development life cycle
Reboot or system startup
42. Identifying specific attempts to penetrate systems is the function of the _______________.
Biometrics
Reboot or system startup
Risk Equation
Intrusion Detection System
43. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Depcrypting
Certificate
Assignment
Verisign - Microsoft - Dell
44. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Macro
DSS - Digital Signature Standard
Not very difficult to break.
RSA
45. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Salami attack
Password audit
SSL
Host based - network based
46. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
ISO
Authentication
Main goal of a risk management program
NT Audit events
47. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Biometrics
Steps in handling incidents
Quantitative analysis
0-1023
48. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Quantitative analysis
SET
Hoaxes
Environmental
49. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
ISO
Sued for privacy violations
DSS - Digital Signature Standard
50. A formula used in Quantitative risk analysis
DAC - Discretionary Access Control
involves only computer to computer transactions
Log files
SLE - Single Loss Expectancy