SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Reboot or system startup
Salami attack
Buffer Overflow
DAC - Discretionary Access Control
2. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Accountability
Confidentiality - Availability -Integrity of data
Biometrics
Risk Equation
3. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Warning Banner
MAC - Mandatory Access Control
Not rigid
Steps in handling incidents
4. A ______________ is an electronically generated record that ties a user's ID to their public key.
Mobile
Cramming
C2
Certificate
5. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Environmental
Buffer Overflow
Hackers and crackers
6. Data being delivered from the source to the intended receiver without being altered
DSS - Digital Signature Standard
Protection of data from unauthorized users
Warning Banner
IDEA algorithm
7. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
IPSEC
Sued for privacy violations
RSA
Available service ports
8. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
SLE - Single Loss Expectancy
Not rigid
Stateful Inspection
CVE - Common Vulnerabilities and Exposures
9. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Environmental
Verisign - Microsoft - Dell
Off site in a climate controlled area
SET
10. _______________ supply AV engines with false information to avoid detection
Environmental
Polymorphic
SLE - Single Loss Expectancy
Stealth viruses
11. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Polymorphic
Information Security policies
128
Man In The Middle
12. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Acceptance - Transfer - Mitigate
Business enabler
CERT - SANS - CERIAS - COAST
Steps in handling incidents
13. Examples of One- Time Password technology
Social Engineering
Cisco
Risk Equation
S/Key - OPIE
14. Information security policies are a ___________________.
Business enabler
Data Classification
A PGP Signed message
Stateful Inspection
15. Main goals of an information security program
Layer 7 - Application
Confidentiality - Availability -Integrity of data
Test virus
IPSEC
16. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Ethernet
Users can gain access to any resource upon request (assuming they have proper permissions)
SYN Flooding
Preserve electronic evidence and protect it from any alteration
17. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Test virus
Layer 3 - Host to Host
Passfilt.dll
Cryptanalysis
18. A standardized list of the most common security weaknesses and exploits is the __________.
Phreaks
Fixed length
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
CVE - Common Vulnerabilities and Exposures
19. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
modems
product development life cycle
CERT - SANS - CERIAS - COAST
IANA
20. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Residual risk
Privacy violations
SSL
Mobile
21. Which range defines 'well known ports?'
Wild
Virus definition downloads and system virus scans
Biometrics
0-1023
22. Contain - Recover - Review - Identify - Prepare
Cryptanalysis
Steps in handling incidents
RSA
Assignment
23. What is the main difference between computer abuse and computer crime?
Accountability
Intentions of the perpetrator
Layer 7 - Application
Virus definition downloads and system virus scans
24. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Residual risk
Passwords
All
Users can gain access to any resource upon request (assuming they have proper permissions)
25. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
RSA
Ethernet
Detective
MAC - Mandatory Access Control
26. ______________ is a major component of an overall risk management program.
Users can gain access to any resource upon request (assuming they have proper permissions)
IPSEC
Risk assessment
Verisign - Microsoft - Dell
27. Identifying specific attempts to penetrate systems is the function of the _______________.
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Not rigid
Presentation Layer - L6
Intrusion Detection System
28. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
Acceptance - Transfer - Mitigate
Man In The Middle
Layer 7 - Application
29. Digital Certificates use which protocol?
X.509
Sued for privacy violations
Man In The Middle
Business enabler
30. A Security Reference Monitor relates to which DoD security standard?
Sniffer
C2
Cramming
Authentication
31. Committing computer crimes in such small doses that they almost go unnoticed.
Warning banners
Salami attack
Multi-partite viruses
Sniffer
32. The ability to identify and audit a user and his / her actions is known as ____________.
Available service ports
Log files
Accountability
Biometrics
33. HTTP - FTP - SMTP reside at which layer of the OSI model?
Layer 7 - Application
Wild
CHAP
SET
34. Allows File owners to determine access rights.
Business enabler
Intrusion Detection System
Decentralized access control
Polymorphic
35. There are 65536 _________
Passwords
To make user certificates available to others
Prevent - Recover - Detect
Available service ports
36. MD5 is a ___________ algorithm
Phreaks
One way hash
SET
modems
37. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Log files
CVE - Common Vulnerabilities and Exposures
IPSEC
Assignment
38. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Gathering digital evidence
SET
involves only computer to computer transactions
SYN Flooding
39. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Passwords
Separation of Duties
To make user certificates available to others
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
40. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Hoaxes
Man In The Middle
Off site in a climate controlled area
Virus definition downloads and system virus scans
41. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
Main goal of a risk management program
Salami attack
Quantitative analysis
42. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
CERT - SANS - CERIAS - COAST
Business enabler
Social Engineering
Acceptance - Transfer - Mitigate
43. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Cisco
CHAP
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
involves only computer to computer transactions
44. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Directive
Off site in a climate controlled area
IANA
DAC - Discretionary Access Control
45. Name two types of Intrusion Detection Systems
Host based - network based
Authorization
Gathering digital evidence
IPSEC
46. An attempt to break an encryption algorithm is called _____________.
Cryptanalysis
Authorization
Risk Equation
Business enabler
47. Which of the following is NOT and encryption algorithm?
SSL
Cisco
ISO
Virus definition downloads and system virus scans
48. Public keys are used for encrypting messages and private keys are used for __________messages.
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Log files
X.509
Depcrypting
49. ____ members of the staff need to be educated in disaster recovery procedures.
Separation of Duties
Risk Equation
All
SYN Flooding
50. This free (for personal use) program is used to encrypt and decrypt emails.
Unix / Linux based security tools?
Test virus
128
PGP
