SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Acceptance - Transfer - Mitigate
Buffer Overflow
SET
S/Key - OPIE
2. Information security policies are a ___________________.
Business enabler
SET
Not very difficult to break.
Quantitative analysis
3. They specifically target telephone networks
Logic bombs
Verisign - Microsoft - Dell
Phreaks
Fixed length
4. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic
NFS
Gathering digital evidence
Depcrypting
5. Committing computer crimes in such small doses that they almost go unnoticed.
IANA
S/Key - OPIE
Residual risk
Salami attack
6. Ways to deal with risk.
Acceptance - Transfer - Mitigate
Unix / Linux based security tools?
Steps in handling incidents
Separation of Duties
7. Name two types of Intrusion Detection Systems
Cisco
Host based - network based
Payload
Separation of Duties
8. Stealth viruses live in memory while __________ are written to disk
Phreaks
SET
Logic bombs
Unix / Linux based security tools?
9. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Risk assessment
Warning Banner
Information Security policies
a good password policy
10. A one way hash converts a string of random length into a _______________ encrypted string.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
DAC - Discretionary Access Control
Separation of Duties
Fixed length
11. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Directive
Buffer Overflow
X.509
Gathering digital evidence
12. Which layer of the OSI model handles encryption?
NT Audit events
Presentation Layer - L6
One way hash
Unix / Linux based security tools?
13. Which range defines 'well known ports?'
Confidentiality
128
0-1023
Stateful Inspection
14. Today - ______________ are almost as serious as security violations
Presentation Layer - L6
Privacy violations
TIGER
Phreaks
15. Cable modems are ___________than DSL connections
Acceptance - Transfer - Mitigate
Less secure
Polymorphic
IDEA algorithm
16. Organizations that can be a valid Certificate Authority (CA)
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
ISO
Quantitative analysis
Verisign - Microsoft - Dell
17. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Stateful Inspection
IANA
a good password policy
Social Engineering
18. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Hoaxes
involves only computer to computer transactions
Not rigid
Gathering digital evidence
19. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
One way hash
Test virus
Decentralized access control
Warning banners
20. Combine both boot and file virus behavior
Detective
Hoaxes
Multi-partite viruses
SLE - Single Loss Expectancy
21. ______________ is a major component of an overall risk management program.
Man In The Middle
Risk assessment
Password audit
Environmental
22. An attempt to break an encryption algorithm is called _____________.
CRACK
Accountability
Cryptanalysis
CHAP
23. These should be done on a weekly basis
SLE - Single Loss Expectancy
Unix / Linux based security tools?
Users can gain access to any resource upon request (assuming they have proper permissions)
Virus definition downloads and system virus scans
24. Wiretapping is an example of a ________.
Passive network attack
Layer 3 - Host to Host
RADIUS
Acceptance - Transfer - Mitigate
25. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Verisign - Microsoft - Dell
Assignment
Personal Firewall - IDS - host based - Antivirus
Steps in handling incidents
26. A formula used in Quantitative risk analysis
Layer 7 - Application
SLE - Single Loss Expectancy
128
Sued for privacy violations
27. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Reboot or system startup
Mobile
Warning Banner
A PGP Signed message
28. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Password audit
Detective
Wild
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
29. ____ members of the staff need to be educated in disaster recovery procedures.
All
To make user certificates available to others
run applications as generic accounts with little or no privileges.
Accountability
30. ______________ is a Unix security scanning tool developed at Texas A&M university.
Reboot or system startup
Virus definition downloads and system virus scans
TIGER
Separation of Duties
31. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
DAC - Discretionary Access Control
CERT - SANS - CERIAS - COAST
Payload
32. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Sued for privacy violations
Off site in a climate controlled area
Unix / Linux based security tools?
Layer 7 - Application
33. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Password audit
SLE - Single Loss Expectancy
Assignment
Decentralized access control
34. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Information
Warning Banner
Layer 3 - Host to Host
Information Security policies
35. Companies can now be __________ just as easily as they can be sued for security compromises.
Quantitative analysis
Authorization
Sued for privacy violations
IANA
36. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Intrusion Detection System
Decentralized access control
Configuration Control
SET
37. To help managers find the correct cost balance between risks and countermeasures
Gathering digital evidence
Warning Banner
Logic bombs
Main goal of a risk management program
38. _______________ supply AV engines with false information to avoid detection
Prevent - Recover - Detect
Certificate
Stealth viruses
Decentralized access control
39. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Payload
CERT - SANS - CERIAS - COAST
Wild
Authorization
40. There are 65536 _________
Cramming
Available service ports
To make user certificates available to others
TIGER
41. Accounting - Authentication - and ____________ are the AAAs of information security.
Phreaks
Data Hiding
Authorization
Detective
42. S/MIME was developed for the protection of what communication mechanism(s)?
Social Engineering
Email
IANA
Virus definition downloads and system virus scans
43. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Cisco
Depcrypting
ISO
Warning banners
44. A standardized list of the most common security weaknesses and exploits is the __________.
CVE - Common Vulnerabilities and Exposures
Passive network attack
Polymorphic
Privacy violations
45. MD5 is a ___________ algorithm
DAC - Discretionary Access Control
PGP
RSA
One way hash
46. Layer 4 of the OSI model corresponds to which layer of the DoD model?
involves only computer to computer transactions
Macro
Layer 3 - Host to Host
DAC - Discretionary Access Control
47. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
IDEA algorithm
Biometrics
DSS - Digital Signature Standard
Assignment
48. The __________ is the most dangerous part of a virus program.
Logic bombs
Payload
RSA
DSS - Digital Signature Standard
49. So far - no one has been able to crack the ____________ with Brute Force.
Off site in a climate controlled area
Prevent - Recover - Detect
IDEA algorithm
DSS - Digital Signature Standard
50. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Ethernet
Hoaxes
S/Key - OPIE
Mobile
