SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Accountability
Payload
Certificate
Biometrics
2. MD5 is a ___________ algorithm
Sued for privacy violations
Sniffer
Host based - network based
One way hash
3. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic
Payload
Warning Banner
Protection of data from unauthorized users
4. Layer 4 of the OSI model corresponds to which layer of the DoD model?
C2
Unix / Linux based security tools?
Layer 3 - Host to Host
Verisign - Microsoft - Dell
5. ________ is the authoritative entity which lists port assignments
IANA
Confidentiality
128
RADIUS
6. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Not very difficult to break.
Authentication
RSA
IANA
7. Information security policies are a ___________________.
Cisco
Stealth viruses
Information
Business enabler
8. They specifically target telephone networks
Test virus
Phreaks
Granularity
Intentions of the perpetrator
9. ____ members of the staff need to be educated in disaster recovery procedures.
All
Warning Banner
Hackers and crackers
Risk Equation
10. The __________ is the most dangerous part of a virus program.
C2
Configuration Control
Wild
Payload
11. Data being delivered from the source to the intended receiver without being altered
Stealth viruses
Cryptanalysis
Protection of data from unauthorized users
DSS - Digital Signature Standard
12. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Mobile
Personal Firewall - IDS - host based - Antivirus
Intentions of the perpetrator
Directive
13. Which range defines 'well known ports?'
run applications as generic accounts with little or no privileges.
0-1023
SLE - Single Loss Expectancy
All
14. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
NFS
Passfilt.dll
Information
15. Public keys are used for encrypting messages and private keys are used for __________messages.
Directive
Depcrypting
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Intentions of the perpetrator
16. Identifying specific attempts to penetrate systems is the function of the _______________.
Intrusion Detection System
Hackers and crackers
SLE - Single Loss Expectancy
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
17. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
SYN Flooding
Protection of data from unauthorized users
Information
IPSEC
18. Accounting - Authentication - and ____________ are the AAAs of information security.
Business enabler
Warning Banner
Steps in handling incidents
Authorization
19. An intrusion detection system is an example of what type of countermeasure?
Cramming
Authentication
Detective
Configuration Control
20. What is the main difference between computer abuse and computer crime?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Multi-partite viruses
Layer 3 - Host to Host
Intentions of the perpetrator
21. The ultimate goal of a computer forensics specialist is to ___________________.
Social Engineering
Passwords
Information
Preserve electronic evidence and protect it from any alteration
22. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Stateful Inspection
Environmental
NFS
MAC - Mandatory Access Control
23. Digital Certificates use which protocol?
Authorization
X.509
Gathering digital evidence
Risk Equation
24. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Quantitative analysis
Stealth viruses
Logic bombs
Granularity
25. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Separation of Duties
Multi-partite viruses
Risk assessment
SET
26. So far - no one has been able to crack the ____________ with Brute Force.
Sniffer
a good password policy
IDEA algorithm
Unix / Linux based security tools?
27. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
NT Audit events
Gathering digital evidence
Ethernet
Symmetric algorithm
28. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Privacy violations
Warning Banner
Symmetric algorithm
Configuration Control
29. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
0-1023
TIGER
Buffer Overflow
S/Key - OPIE
30. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Social Engineering
Man In The Middle
Residual risk
Environmental
31. A ______________ is an electronically generated record that ties a user's ID to their public key.
Certificate
One way hash
Prevent - Recover - Detect
X.509
32. Examples of One- Time Password technology
Configuration Control
C2
a good password policy
S/Key - OPIE
33. __________ is a tool used by network administrators to capture packets from a network.
Sniffer
To make user certificates available to others
Intrusion Detection System
Layer 7 - Application
34. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Detective
Risk assessment
Ethernet
SET
35. These should be done on a weekly basis
Reboot or system startup
Virus definition downloads and system virus scans
Passive network attack
Wild
36. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Log files
Reboot or system startup
run applications as generic accounts with little or no privileges.
Environmental
37. The ability to identify and audit a user and his / her actions is known as ____________.
Preserve electronic evidence and protect it from any alteration
Cryptanalysis
Layer 3 - Host to Host
Accountability
38. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
involves only computer to computer transactions
Wild
CRACK
Prevent - Recover - Detect
39. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Residual risk
PGP
Cramming
product development life cycle
40. Macintosh computers are _____ at risk for receiving viruses.
Detective
Wild
involves only computer to computer transactions
Also
41. Remote Access Dial-in User Service
Passwords
NT Audit events
RADIUS
Layer 3 - Host to Host
42. Which of the following is NOT and encryption algorithm?
Separation of Duties
Main goal of a risk management program
SSL
Hoaxes
43. RSA is not based on a ________
Symmetric algorithm
Intentions of the perpetrator
Privacy violations
Multi-partite viruses
44. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Passfilt.dll
Detective
Unix / Linux based security tools?
Log files
45. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Directive
Virus definition downloads and system virus scans
Prevent - Recover - Detect
MAC - Mandatory Access Control
46. Which organization(s) are responsible for the timely distribution of information security intelligence data?
CERT - SANS - CERIAS - COAST
Payload
Social Engineering
Multi-partite viruses
47. It is difficult to prosecute a computer criminal if _________ are not deployed
Passwords
CERT - SANS - CERIAS - COAST
Presentation Layer - L6
Warning banners
48. Allows File owners to determine access rights.
Fixed length
Assignment
Decentralized access control
Main goal of a risk management program
49. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Virus definition downloads and system virus scans
Risk Equation
Stealth viruses
DAC - Discretionary Access Control
50. _______________ supply AV engines with false information to avoid detection
Risk assessment
Stealth viruses
Salami attack
Fixed length
