SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
a good password policy
Polymorphic
Risk assessment
Mobile
2. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
product development life cycle
Biometrics
ISO
Residual risk
3. Cable modems are ___________than DSL connections
Less secure
Passfilt.dll
Confidentiality
Risk assessment
4. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Stealth viruses
Authentication
Cramming
Social Engineering
5. An attempt to break an encryption algorithm is called _____________.
TIGER
Cryptanalysis
Hoaxes
NT Audit events
6. Remote Access Dial-in User Service
RADIUS
Ethernet
Users can gain access to any resource upon request (assuming they have proper permissions)
Reboot or system startup
7. RSA is not based on a ________
Ethernet
S/Key - OPIE
RADIUS
Symmetric algorithm
8. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Protection of data from unauthorized users
Certificate
Password audit
Acceptance - Transfer - Mitigate
9. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
SLE - Single Loss Expectancy
Less secure
ISO
10. Main goals of an information security program
Confidentiality - Availability -Integrity of data
Wild
Man In The Middle
Host based - network based
11. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Phreaks
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Biometrics
Privacy violations
12. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Acceptance - Transfer - Mitigate
DAC - Discretionary Access Control
involves only computer to computer transactions
Confidentiality - Availability -Integrity of data
13. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
SSL
Business enabler
All
Man In The Middle
14. Which of the following is NOT and encryption algorithm?
run applications as generic accounts with little or no privileges.
Privacy violations
SSL
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
15. Countermeasures address security concerns in this category
Prevent - Recover - Detect
Information
Cisco
Mobile
16. The IDEA algorithm (used in PGP) is _______ bits long.
Wild
Virus definition downloads and system virus scans
Separation of Duties
128
17. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Cryptanalysis
Authorization
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Stateful Inspection
18. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
involves only computer to computer transactions
CERT - SANS - CERIAS - COAST
Not very difficult to break.
Wild
19. S/MIME was developed for the protection of what communication mechanism(s)?
Warning Banner
Ethernet
Email
Environmental
20. DES - Data Encryption standard has a 128 bit key and is ________
Protection of data from unauthorized users
Hackers and crackers
Warning Banner
Not very difficult to break.
21. MD5 is a ___________ algorithm
One way hash
Presentation Layer - L6
Authentication
128
22. ________ is the authoritative entity which lists port assignments
Warning banners
Payload
IANA
Configuration Control
23. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Main goal of a risk management program
Less secure
ISO
Quantitative analysis
24. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
Business enabler
Residual risk
Main goal of a risk management program
25. Name two types of Intrusion Detection Systems
Confidentiality
Host based - network based
Stateful Inspection
Data Hiding
26. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Mobile
Information Security policies
Test virus
DSS - Digital Signature Standard
27. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
Directive
CRACK
Data Classification
28. An intrusion detection system is an example of what type of countermeasure?
Symmetric algorithm
Detective
Fixed length
Data Hiding
29. What is the main difference between computer abuse and computer crime?
Off site in a climate controlled area
Phreaks
Intentions of the perpetrator
Data Hiding
30. The __________ is the most dangerous part of a virus program.
DAC - Discretionary Access Control
Payload
Fixed length
CVE - Common Vulnerabilities and Exposures
31. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Password audit
Verisign - Microsoft - Dell
IPSEC
Hoaxes
32. There are 65536 _________
Available service ports
Stealth viruses
CVE - Common Vulnerabilities and Exposures
Authorization
33. Contain - Recover - Review - Identify - Prepare
Layer 3 - Host to Host
Steps in handling incidents
Warning banners
Certificate
34. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
TIGER
Confidentiality - Availability -Integrity of data
product development life cycle
A PGP Signed message
35. These should be done on a weekly basis
A PGP Signed message
Privacy violations
Virus definition downloads and system virus scans
Warning banners
36. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Payload
Man In The Middle
Layer 3 - Host to Host
X.509
37. Public keys are used for encrypting messages and private keys are used for __________messages.
Depcrypting
Phreaks
IANA
Environmental
38. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
Personal Firewall - IDS - host based - Antivirus
CRACK
Not rigid
39. Today - ______________ are almost as serious as security violations
Macro
Privacy violations
Password audit
SSL
40. ______________ is a Unix security scanning tool developed at Texas A&M university.
CHAP
Social Engineering
Off site in a climate controlled area
TIGER
41. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Risk Equation
a good password policy
modems
All
42. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Multi-partite viruses
Cramming
Unix / Linux based security tools?
Email
43. Combine both boot and file virus behavior
Available service ports
C2
Multi-partite viruses
Password audit
44. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Assignment
DAC - Discretionary Access Control
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Payload
45. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Cramming
involves only computer to computer transactions
Protection of data from unauthorized users
Polymorphic
46. IKE - Internet Key Exchange is often used in conjunction with what security standard?
CVE - Common Vulnerabilities and Exposures
IPSEC
Not rigid
Accountability
47. They specifically target telephone networks
Phreaks
Main goal of a risk management program
Social Engineering
TIGER
48. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
modems
Test virus
Not rigid
SSL
49. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Intentions of the perpetrator
Granularity
SLE - Single Loss Expectancy
Layer 3 - Host to Host
50. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Stateful Inspection
Configuration Control
Macro
Layer 7 - Application
