SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Accounting - Authentication - and ____________ are the AAAs of information security.
Presentation Layer - L6
CRACK
A PGP Signed message
Authorization
2. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Mobile
Polymorphic
Unix / Linux based security tools?
Password audit
3. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Privacy violations
Intrusion Detection System
IDEA algorithm
A PGP Signed message
4. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Information Security policies
DSS - Digital Signature Standard
Cryptanalysis
Detective
5. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Steps in handling incidents
A PGP Signed message
Preserve electronic evidence and protect it from any alteration
Stateful Inspection
6. Remote Access Dial-in User Service
C2
RADIUS
IPSEC
Sniffer
7. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Depcrypting
Intentions of the perpetrator
Social Engineering
Configuration Control
8. Today - ______________ are almost as serious as security violations
CHAP
Ethernet
RADIUS
Privacy violations
9. Public keys are used for encrypting messages and private keys are used for __________messages.
Cisco
Macro
Privacy violations
Depcrypting
10. A standardized list of the most common security weaknesses and exploits is the __________.
CVE - Common Vulnerabilities and Exposures
a good password policy
Data Hiding
DSS - Digital Signature Standard
11. Wiretapping is an example of a ________.
Presentation Layer - L6
Residual risk
Reboot or system startup
Passive network attack
12. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Authorization
Buffer Overflow
Passfilt.dll
Intrusion Detection System
13. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Preserve electronic evidence and protect it from any alteration
Separation of Duties
Ethernet
14. DES - Data Encryption standard has a 128 bit key and is ________
Passfilt.dll
Not very difficult to break.
Risk assessment
Also
15. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
CRACK
Risk assessment
modems
16. Which layer of the OSI model handles encryption?
Verisign - Microsoft - Dell
Hackers and crackers
Presentation Layer - L6
PGP
17. MD5 is a ___________ algorithm
Stealth viruses
Cryptanalysis
Authentication
One way hash
18. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Quantitative analysis
Also
Cisco
128
19. RSA is not based on a ________
Symmetric algorithm
C2
128
Off site in a climate controlled area
20. Which of the following is NOT and encryption algorithm?
CRACK
Cryptanalysis
Logic bombs
SSL
21. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Gathering digital evidence
Privacy violations
All
Social Engineering
22. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Fixed length
Ethernet
TIGER
Biometrics
23. Cable modems are ___________than DSL connections
Host based - network based
Preserve electronic evidence and protect it from any alteration
Virus definition downloads and system virus scans
Less secure
24. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Certificate
Risk assessment
a good password policy
Directive
25. ________ is the authoritative entity which lists port assignments
IANA
MAC - Mandatory Access Control
Reboot or system startup
Social Engineering
26. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Password audit
Buffer Overflow
Assignment
Payload
27. __________ is the most famous Unix password cracking tool.
Stealth viruses
CRACK
Cisco
Layer 7 - Application
28. Allows File owners to determine access rights.
Decentralized access control
A PGP Signed message
Cramming
RADIUS
29. Examples of One- Time Password technology
S/Key - OPIE
Layer 3 - Host to Host
Passfilt.dll
Warning banners
30. A true network security audit does include an audit for _____________
modems
Information
128
Less secure
31. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Confidentiality
Ethernet
Data Classification
Sniffer
32. ___________________ is responsible for creating security policies and for communicating those policies to system users.
One way hash
ISO
CERT - SANS - CERIAS - COAST
Warning Banner
33. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Environmental
Biometrics
SET
34. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Detective
To make user certificates available to others
Authentication
35. What is the main difference between computer abuse and computer crime?
To make user certificates available to others
Business enabler
Preserve electronic evidence and protect it from any alteration
Intentions of the perpetrator
36. Data being delivered from the source to the intended receiver without being altered
Confidentiality - Availability -Integrity of data
run applications as generic accounts with little or no privileges.
Protection of data from unauthorized users
Test virus
37. The __________ is the most dangerous part of a virus program.
Sued for privacy violations
Payload
Buffer Overflow
Wild
38. Smart cards are a secure alternative to which weak security mechanism?
Passwords
Off site in a climate controlled area
Not very difficult to break.
Confidentiality
39. Companies can now be __________ just as easily as they can be sued for security compromises.
Presentation Layer - L6
Hackers and crackers
Not very difficult to break.
Sued for privacy violations
40. Digital Certificates use which protocol?
IDEA algorithm
DSS - Digital Signature Standard
Sued for privacy violations
X.509
41. ______________ is a major component of an overall risk management program.
Macro
Risk assessment
Sniffer
NT Audit events
42. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
NFS
Depcrypting
Warning Banner
Protection of data from unauthorized users
43. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Information Security policies
Depcrypting
Confidentiality - Availability -Integrity of data
Log files
44. It is difficult to prosecute a computer criminal if _________ are not deployed
Detective
Phreaks
Warning banners
MAC - Mandatory Access Control
45. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Residual risk
CERT - SANS - CERIAS - COAST
Layer 3 - Host to Host
Preserve electronic evidence and protect it from any alteration
46. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Main goal of a risk management program
Preserve electronic evidence and protect it from any alteration
Verisign - Microsoft - Dell
Directive
47. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SET
SLE - Single Loss Expectancy
Cryptanalysis
Privacy violations
48. To help managers find the correct cost balance between risks and countermeasures
Layer 7 - Application
involves only computer to computer transactions
Main goal of a risk management program
Hackers and crackers
49. A one way hash converts a string of random length into a _______________ encrypted string.
Cisco
Directive
Quantitative analysis
Fixed length
50. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
0-1023
Risk assessment
CRACK