SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Decentralized access control
Confidentiality
Accountability
Personal Firewall - IDS - host based - Antivirus
2. Companies can now be __________ just as easily as they can be sued for security compromises.
TIGER
Sued for privacy violations
IPSEC
NFS
3. Stealth viruses live in memory while __________ are written to disk
C2
S/Key - OPIE
Logic bombs
Decentralized access control
4. RSA is not based on a ________
Hackers and crackers
a good password policy
Symmetric algorithm
SLE - Single Loss Expectancy
5. To help managers find the correct cost balance between risks and countermeasures
Main goal of a risk management program
Granularity
Depcrypting
MAC - Mandatory Access Control
6. Allows File owners to determine access rights.
RADIUS
Decentralized access control
Privacy violations
NFS
7. An intrusion detection system is an example of what type of countermeasure?
Detective
Available service ports
Risk Equation
Sued for privacy violations
8. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Multi-partite viruses
Off site in a climate controlled area
Assignment
run applications as generic accounts with little or no privileges.
9. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Phreaks
CHAP
Intentions of the perpetrator
Assignment
10. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Warning Banner
Risk Equation
Passive network attack
Confidentiality - Availability -Integrity of data
11. A boot sector virus goes to work when what event takes place?
Layer 7 - Application
Reboot or system startup
Password audit
Mobile
12. A standardized list of the most common security weaknesses and exploits is the __________.
0-1023
IPSEC
CVE - Common Vulnerabilities and Exposures
Warning banners
13. ____________ is a file system that was poorly designed and has numerous security flaws.
All
Environmental
NFS
Stealth viruses
14. The most secure method for storing backup tapes is?
Information
Cryptanalysis
Configuration Control
Off site in a climate controlled area
15. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
Symmetric algorithm
product development life cycle
Presentation Layer - L6
16. Contain - Recover - Review - Identify - Prepare
To make user certificates available to others
Authentication
NT Audit events
Steps in handling incidents
17. Logon and Logoff - Use of User Rights - Security Policy Change
PGP
Biometrics
NT Audit events
Warning Banner
18. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Passwords
Authentication
Unix / Linux based security tools?
Gathering digital evidence
19. __________ is a tool used by network administrators to capture packets from a network.
Sniffer
S/Key - OPIE
Virus definition downloads and system virus scans
Symmetric algorithm
20. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Gathering digital evidence
Verisign - Microsoft - Dell
Passfilt.dll
21. This free (for personal use) program is used to encrypt and decrypt emails.
PGP
Passfilt.dll
modems
Hackers and crackers
22. _______________ supply AV engines with false information to avoid detection
Password audit
Steps in handling incidents
Business enabler
Stealth viruses
23. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Not very difficult to break.
NFS
Hackers and crackers
Symmetric algorithm
24. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Man In The Middle
Fixed length
CVE - Common Vulnerabilities and Exposures
A PGP Signed message
25. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Directive
SSL
DSS - Digital Signature Standard
Biometrics
26. What is the main difference between computer abuse and computer crime?
Authorization
Intentions of the perpetrator
A PGP Signed message
Environmental
27. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Polymorphic
Data Classification
Test virus
Separation of Duties
28. The __________ is the most dangerous part of a virus program.
Host based - network based
Information Security policies
Payload
Password audit
29. Combine both boot and file virus behavior
modems
Multi-partite viruses
S/Key - OPIE
Confidentiality
30. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Cramming
Test virus
Personal Firewall - IDS - host based - Antivirus
C2
31. A formula used in Quantitative risk analysis
SLE - Single Loss Expectancy
Stateful Inspection
Not rigid
0-1023
32. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SET
ISO
Granularity
involves only computer to computer transactions
33. Data being delivered from the source to the intended receiver without being altered
Information
Protection of data from unauthorized users
RSA
CHAP
34. Countermeasures address security concerns in this category
Log files
RADIUS
Information
a good password policy
35. A Security Reference Monitor relates to which DoD security standard?
C2
Data Hiding
Confidentiality - Availability -Integrity of data
Hackers and crackers
36. DES - Data Encryption standard has a 128 bit key and is ________
Email
RSA
Not very difficult to break.
Off site in a climate controlled area
37. Which of the concepts best describes Availability in relation to computer resources?
Users can gain access to any resource upon request (assuming they have proper permissions)
Confidentiality - Availability -Integrity of data
Test virus
Payload
38. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Buffer Overflow
Passfilt.dll
Presentation Layer - L6
Test virus
39. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Warning banners
Preserve electronic evidence and protect it from any alteration
RSA
Buffer Overflow
40. Today - ______________ are almost as serious as security violations
Configuration Control
Privacy violations
SET
Not very difficult to break.
41. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Wild
CHAP
Separation of Duties
Macro
42. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Confidentiality
Unix / Linux based security tools?
All
CVE - Common Vulnerabilities and Exposures
43. Identifying specific attempts to penetrate systems is the function of the _______________.
NFS
Intrusion Detection System
Assignment
Wild
44. MD5 is a ___________ algorithm
One way hash
SSL
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
a good password policy
45. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
A PGP Signed message
Configuration Control
DSS - Digital Signature Standard
46. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Steps in handling incidents
CHAP
SYN Flooding
Sued for privacy violations
47. Name two types of Intrusion Detection Systems
Accountability
Host based - network based
Detective
Assignment
48. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Presentation Layer - L6
X.509
Test virus
Polymorphic
49. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Phreaks
Multi-partite viruses
Residual risk
run applications as generic accounts with little or no privileges.
50. The IDEA algorithm (used in PGP) is _______ bits long.
Passfilt.dll
Users can gain access to any resource upon request (assuming they have proper permissions)
128
All