SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ______________ is a major component of an overall risk management program.
Residual risk
ISO
Stateful Inspection
Risk assessment
2. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
SSL
Macro
MAC - Mandatory Access Control
Hoaxes
3. A standardized list of the most common security weaknesses and exploits is the __________.
Layer 3 - Host to Host
S/Key - OPIE
Preserve electronic evidence and protect it from any alteration
CVE - Common Vulnerabilities and Exposures
4. So far - no one has been able to crack the ____________ with Brute Force.
Assignment
NFS
IDEA algorithm
a good password policy
5. Stealth viruses live in memory while __________ are written to disk
Virus definition downloads and system virus scans
0-1023
Logic bombs
SYN Flooding
6. They specifically target telephone networks
SSL
Phreaks
Prevent - Recover - Detect
DSS - Digital Signature Standard
7. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Stealth viruses
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Host based - network based
involves only computer to computer transactions
8. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Log files
Not rigid
Environmental
product development life cycle
9. Macintosh computers are _____ at risk for receiving viruses.
SYN Flooding
Steps in handling incidents
Not very difficult to break.
Also
10. Wiretapping is an example of a ________.
Passive network attack
To make user certificates available to others
X.509
Protection of data from unauthorized users
11. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
X.509
Fixed length
Confidentiality - Availability -Integrity of data
Assignment
12. Logon and Logoff - Use of User Rights - Security Policy Change
Less secure
MAC - Mandatory Access Control
NT Audit events
SSL
13. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
RADIUS
S/Key - OPIE
Passfilt.dll
Configuration Control
14. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
S/Key - OPIE
Buffer Overflow
Cryptanalysis
modems
15. A formula used in Quantitative risk analysis
Log files
SLE - Single Loss Expectancy
Configuration Control
DAC - Discretionary Access Control
16. DES - Data Encryption standard has a 128 bit key and is ________
run applications as generic accounts with little or no privileges.
Intrusion Detection System
Not very difficult to break.
NT Audit events
17. Data being delivered from the source to the intended receiver without being altered
Protection of data from unauthorized users
IANA
Passwords
Detective
18. Countermeasures' main objectives
CVE - Common Vulnerabilities and Exposures
modems
Prevent - Recover - Detect
Data Classification
19. The ability to adjust access control to the exact amount of permission necessary is called ______________.
IDEA algorithm
Granularity
Personal Firewall - IDS - host based - Antivirus
Passwords
20. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Intentions of the perpetrator
To make user certificates available to others
A PGP Signed message
Warning banners
21. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
Logic bombs
Configuration Control
Reboot or system startup
22. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Stealth viruses
Main goal of a risk management program
Unix / Linux based security tools?
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
23. ___________________ is responsible for creating security policies and for communicating those policies to system users.
CERT - SANS - CERIAS - COAST
ISO
Main goal of a risk management program
Multi-partite viruses
24. Public keys are used for encrypting messages and private keys are used for __________messages.
Decentralized access control
Cryptanalysis
SET
Depcrypting
25. __________ is the most famous Unix password cracking tool.
Cryptanalysis
128
CRACK
Data Classification
26. One method that can reduce exposure to malicious code is to ___________________
Residual risk
run applications as generic accounts with little or no privileges.
Stealth viruses
Mobile
27. IKE - Internet Key Exchange is often used in conjunction with what security standard?
SLE - Single Loss Expectancy
IPSEC
Salami attack
Test virus
28. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Certificate
Off site in a climate controlled area
Mobile
To make user certificates available to others
29. Countermeasures address security concerns in this category
Information
128
NFS
Verisign - Microsoft - Dell
30. A boot sector virus goes to work when what event takes place?
Ethernet
Layer 3 - Host to Host
Social Engineering
Reboot or system startup
31. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Main goal of a risk management program
Polymorphic
run applications as generic accounts with little or no privileges.
Man In The Middle
32. ________ is the authoritative entity which lists port assignments
IANA
Authorization
Preserve electronic evidence and protect it from any alteration
TIGER
33. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Acceptance - Transfer - Mitigate
Directive
Confidentiality - Availability -Integrity of data
34. Digital Certificates use which protocol?
Intentions of the perpetrator
product development life cycle
IPSEC
X.509
35. These should be done on a weekly basis
Separation of Duties
Virus definition downloads and system virus scans
Off site in a climate controlled area
Detective
36. Examples of One- Time Password technology
S/Key - OPIE
Not very difficult to break.
Multi-partite viruses
Detective
37. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
Intentions of the perpetrator
Personal Firewall - IDS - host based - Antivirus
Information
38. There are 65536 _________
Warning banners
Available service ports
Polymorphic
Layer 7 - Application
39. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Off site in a climate controlled area
Log files
Reboot or system startup
Hackers and crackers
40. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Polymorphic
Information Security policies
A PGP Signed message
Protection of data from unauthorized users
41. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
NFS
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Authentication
Privacy violations
42. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Payload
Email
Gathering digital evidence
Verisign - Microsoft - Dell
43. An attempt to break an encryption algorithm is called _____________.
Stealth viruses
Cryptanalysis
Verisign - Microsoft - Dell
Cisco
44. Allows File owners to determine access rights.
RSA
Users can gain access to any resource upon request (assuming they have proper permissions)
ISO
Decentralized access control
45. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Data Hiding
Biometrics
RSA
Risk assessment
46. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
Stealth viruses
CRACK
Data Classification
47. The ultimate goal of a computer forensics specialist is to ___________________.
A PGP Signed message
Macro
Preserve electronic evidence and protect it from any alteration
NT Audit events
48. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Sued for privacy violations
Gathering digital evidence
Certificate
Stateful Inspection
49. Combine both boot and file virus behavior
Multi-partite viruses
Personal Firewall - IDS - host based - Antivirus
PGP
Payload
50. To help managers find the correct cost balance between risks and countermeasures
involves only computer to computer transactions
Steps in handling incidents
Mobile
Main goal of a risk management program
