SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. One method that can reduce exposure to malicious code is to ___________________
PGP
Intrusion Detection System
run applications as generic accounts with little or no privileges.
Personal Firewall - IDS - host based - Antivirus
2. A one way hash converts a string of random length into a _______________ encrypted string.
Certificate
Macro
Fixed length
Payload
3. Which layer of the OSI model handles encryption?
Users can gain access to any resource upon request (assuming they have proper permissions)
Presentation Layer - L6
Passfilt.dll
SET
4. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
C2
Polymorphic
Ethernet
Salami attack
5. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Not rigid
CHAP
Salami attack
CRACK
6. So far - no one has been able to crack the ____________ with Brute Force.
S/Key - OPIE
X.509
IDEA algorithm
Password audit
7. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
CHAP
Multi-partite viruses
Payload
Environmental
8. Digital Certificates use which protocol?
Gathering digital evidence
Confidentiality
X.509
Authorization
9. Name two types of Intrusion Detection Systems
run applications as generic accounts with little or no privileges.
S/Key - OPIE
Host based - network based
DAC - Discretionary Access Control
10. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
To make user certificates available to others
Data Hiding
Cryptanalysis
A PGP Signed message
11. ____ members of the staff need to be educated in disaster recovery procedures.
Logic bombs
All
IPSEC
NT Audit events
12. Public keys are used for encrypting messages and private keys are used for __________messages.
Certificate
Depcrypting
Ethernet
Data Classification
13. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Passwords
Social Engineering
Macro
Assignment
14. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Intrusion Detection System
Depcrypting
Polymorphic
Intentions of the perpetrator
15. Data being delivered from the source to the intended receiver without being altered
To make user certificates available to others
Stealth viruses
Protection of data from unauthorized users
PGP
16. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Available service ports
Gathering digital evidence
C2
Password audit
17. The ultimate goal of a computer forensics specialist is to ___________________.
Cryptanalysis
Not rigid
Confidentiality - Availability -Integrity of data
Preserve electronic evidence and protect it from any alteration
18. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
RSA
Directive
Hackers and crackers
Salami attack
19. Countermeasures' main objectives
Data Classification
Prevent - Recover - Detect
Email
SSL
20. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Detective
CERT - SANS - CERIAS - COAST
Salami attack
21. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Cisco
All
C2
Personal Firewall - IDS - host based - Antivirus
22. Main goals of an information security program
Confidentiality - Availability -Integrity of data
Also
Certificate
Information
23. It is difficult to prosecute a computer criminal if _________ are not deployed
Quantitative analysis
Hoaxes
Warning banners
Wild
24. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
PGP
Cramming
0-1023
Gathering digital evidence
25. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Certificate
RSA
Man In The Middle
Salami attack
26. ________ is the authoritative entity which lists port assignments
Macro
Polymorphic
Presentation Layer - L6
IANA
27. The __________ is the most dangerous part of a virus program.
Cryptanalysis
Confidentiality - Availability -Integrity of data
Payload
NT Audit events
28. These should be done on a weekly basis
Buffer Overflow
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Virus definition downloads and system virus scans
Test virus
29. Which range defines 'well known ports?'
Personal Firewall - IDS - host based - Antivirus
RADIUS
C2
0-1023
30. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Quantitative analysis
Separation of Duties
SSL
Biometrics
31. DES - Data Encryption standard has a 128 bit key and is ________
Mobile
Passfilt.dll
Not very difficult to break.
CVE - Common Vulnerabilities and Exposures
32. Information security policies are a ___________________.
Layer 3 - Host to Host
Business enabler
Host based - network based
Biometrics
33. Contain - Recover - Review - Identify - Prepare
Phreaks
Warning Banner
NT Audit events
Steps in handling incidents
34. An attempt to break an encryption algorithm is called _____________.
Macro
A PGP Signed message
Cryptanalysis
128
35. Cable modems are ___________than DSL connections
Password audit
Less secure
Depcrypting
MAC - Mandatory Access Control
36. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Authentication
Email
All
Confidentiality - Availability -Integrity of data
37. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Separation of Duties
Fixed length
Social Engineering
Information Security policies
38. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
CRACK
run applications as generic accounts with little or no privileges.
To make user certificates available to others
X.509
39. Which of the following is NOT and encryption algorithm?
Acceptance - Transfer - Mitigate
Assignment
SSL
Layer 7 - Application
40. The most secure method for storing backup tapes is?
Intrusion Detection System
Less secure
Off site in a climate controlled area
Available service ports
41. Which organization(s) are responsible for the timely distribution of information security intelligence data?
CERT - SANS - CERIAS - COAST
RSA
Quantitative analysis
Test virus
42. Remote Access Dial-in User Service
Hoaxes
To make user certificates available to others
RADIUS
Privacy violations
43. _______________ supply AV engines with false information to avoid detection
Authentication
Stealth viruses
Personal Firewall - IDS - host based - Antivirus
Presentation Layer - L6
44. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
SSL
Data Classification
Ethernet
Quantitative analysis
45. Stealth viruses live in memory while __________ are written to disk
Payload
CRACK
Reboot or system startup
Logic bombs
46. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Configuration Control
ISO
Data Hiding
Passive network attack
47. A standardized list of the most common security weaknesses and exploits is the __________.
CVE - Common Vulnerabilities and Exposures
Buffer Overflow
Passive network attack
Granularity
48. ______________ is a major component of an overall risk management program.
Acceptance - Transfer - Mitigate
Risk assessment
Information
Gathering digital evidence
49. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
RADIUS
SLE - Single Loss Expectancy
Log files
Risk assessment
50. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
All
Mobile
IANA
Cramming