SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. S/MIME was developed for the protection of what communication mechanism(s)?
Cisco
Email
NFS
Layer 3 - Host to Host
2. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Personal Firewall - IDS - host based - Antivirus
Acceptance - Transfer - Mitigate
Protection of data from unauthorized users
Not very difficult to break.
3. ______________ is a Unix security scanning tool developed at Texas A&M university.
TIGER
Authorization
A PGP Signed message
Preserve electronic evidence and protect it from any alteration
4. The __________ is the most dangerous part of a virus program.
Biometrics
Directive
Business enabler
Payload
5. DES - Data Encryption standard has a 128 bit key and is ________
Decentralized access control
Not very difficult to break.
Sniffer
Phreaks
6. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Hackers and crackers
Environmental
modems
DSS - Digital Signature Standard
7. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Polymorphic
Biometrics
Hoaxes
Ethernet
8. A Security Reference Monitor relates to which DoD security standard?
Separation of Duties
Gathering digital evidence
Depcrypting
C2
9. Which organization(s) are responsible for the timely distribution of information security intelligence data?
RSA
CERT - SANS - CERIAS - COAST
Accountability
Configuration Control
10. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Presentation Layer - L6
Data Hiding
Test virus
Buffer Overflow
11. Ways to deal with risk.
Acceptance - Transfer - Mitigate
Phreaks
DSS - Digital Signature Standard
CRACK
12. Data being delivered from the source to the intended receiver without being altered
Salami attack
NFS
Unix / Linux based security tools?
Protection of data from unauthorized users
13. Stealth viruses live in memory while __________ are written to disk
Accountability
Logic bombs
IPSEC
Virus definition downloads and system virus scans
14. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Test virus
RSA
Man In The Middle
Data Classification
15. Examples of One- Time Password technology
S/Key - OPIE
MAC - Mandatory Access Control
Passfilt.dll
Buffer Overflow
16. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Presentation Layer - L6
Not rigid
C2
Decentralized access control
17. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
SLE - Single Loss Expectancy
Assignment
CERT - SANS - CERIAS - COAST
Decentralized access control
18. Which range defines 'well known ports?'
0-1023
Social Engineering
modems
RSA
19. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Stateful Inspection
Information Security policies
Host based - network based
C2
20. Digital Certificates use which protocol?
Authentication
NFS
Fixed length
X.509
21. So far - no one has been able to crack the ____________ with Brute Force.
Multi-partite viruses
IDEA algorithm
CRACK
Protection of data from unauthorized users
22. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
IDEA algorithm
Payload
Off site in a climate controlled area
Data Hiding
23. An intrusion detection system is an example of what type of countermeasure?
Log files
Business enabler
Reboot or system startup
Detective
24. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Presentation Layer - L6
Reboot or system startup
Buffer Overflow
Polymorphic
25. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
ISO
Passfilt.dll
Data Classification
Confidentiality - Availability -Integrity of data
26. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Phreaks
Reboot or system startup
Residual risk
Intrusion Detection System
27. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Authentication
RSA
Intrusion Detection System
product development life cycle
28. Macintosh computers are _____ at risk for receiving viruses.
Symmetric algorithm
Also
Risk assessment
Intentions of the perpetrator
29. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Depcrypting
Warning Banner
Business enabler
SYN Flooding
30. These should be done on a weekly basis
Virus definition downloads and system virus scans
PGP
a good password policy
CERT - SANS - CERIAS - COAST
31. Remote Access Dial-in User Service
RADIUS
TIGER
Layer 7 - Application
Information Security policies
32. ______________ relates to the concept of protecting data from unauthorized users.
A PGP Signed message
Quantitative analysis
X.509
Confidentiality
33. What is the main difference between computer abuse and computer crime?
Data Classification
SSL
Intentions of the perpetrator
Symmetric algorithm
34. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Log files
DAC - Discretionary Access Control
Macro
Residual risk
35. Main goals of an information security program
Confidentiality - Availability -Integrity of data
Not rigid
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Quantitative analysis
36. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Man In The Middle
involves only computer to computer transactions
Also
Depcrypting
37. A standardized list of the most common security weaknesses and exploits is the __________.
Test virus
Layer 7 - Application
Macro
CVE - Common Vulnerabilities and Exposures
38. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Buffer Overflow
Protection of data from unauthorized users
Presentation Layer - L6
Off site in a climate controlled area
39. HTTP - FTP - SMTP reside at which layer of the OSI model?
product development life cycle
Layer 7 - Application
IPSEC
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
40. Identifying specific attempts to penetrate systems is the function of the _______________.
Available service ports
Intrusion Detection System
Passive network attack
CHAP
41. The ultimate goal of a computer forensics specialist is to ___________________.
Preserve electronic evidence and protect it from any alteration
Phreaks
Authorization
Test virus
42. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
CVE - Common Vulnerabilities and Exposures
SYN Flooding
Available service ports
Quantitative analysis
43. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Man In The Middle
Biometrics
run applications as generic accounts with little or no privileges.
Less secure
44. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Biometrics
NT Audit events
Sued for privacy violations
Log files
45. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Man In The Middle
involves only computer to computer transactions
Cisco
Certificate
46. A ______________ is an electronically generated record that ties a user's ID to their public key.
Certificate
Logic bombs
Unix / Linux based security tools?
128
47. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Wild
Phreaks
ISO
48. ________ is the authoritative entity which lists port assignments
Stateful Inspection
IANA
Acceptance - Transfer - Mitigate
DSS - Digital Signature Standard
49. Vulnerability x Threat = RISK is an example of the _______________.
Risk Equation
CRACK
Authorization
Depcrypting
50. Smart cards are a secure alternative to which weak security mechanism?
Password audit
Polymorphic
Cisco
Passwords
