SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
0-1023
Confidentiality - Availability -Integrity of data
Assignment
Detective
2. A one way hash converts a string of random length into a _______________ encrypted string.
Granularity
Fixed length
CVE - Common Vulnerabilities and Exposures
Users can gain access to any resource upon request (assuming they have proper permissions)
3. ____ members of the staff need to be educated in disaster recovery procedures.
RSA
All
Ethernet
Intrusion Detection System
4. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
NT Audit events
NFS
product development life cycle
5. Smart cards are a secure alternative to which weak security mechanism?
SLE - Single Loss Expectancy
Passwords
Residual risk
Social Engineering
6. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Information Security policies
product development life cycle
Sued for privacy violations
RSA
7. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Warning banners
Unix / Linux based security tools?
128
A PGP Signed message
8. Ways to deal with risk.
Stateful Inspection
Acceptance - Transfer - Mitigate
Certificate
Separation of Duties
9. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Confidentiality
Configuration Control
DSS - Digital Signature Standard
Layer 3 - Host to Host
10. Which range defines 'well known ports?'
0-1023
A PGP Signed message
Passive network attack
Host based - network based
11. DES - Data Encryption standard has a 128 bit key and is ________
Also
Protection of data from unauthorized users
Preserve electronic evidence and protect it from any alteration
Not very difficult to break.
12. The most secure method for storing backup tapes is?
Steps in handling incidents
128
Passfilt.dll
Off site in a climate controlled area
13. Stealth viruses live in memory while __________ are written to disk
Warning banners
Logic bombs
Users can gain access to any resource upon request (assuming they have proper permissions)
IANA
14. There are 65536 _________
Unix / Linux based security tools?
Available service ports
Log files
CRACK
15. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Multi-partite viruses
Buffer Overflow
S/Key - OPIE
Macro
16. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
CHAP
Stealth viruses
Ethernet
Cramming
17. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
product development life cycle
A PGP Signed message
a good password policy
Layer 7 - Application
18. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
S/Key - OPIE
Less secure
Residual risk
Sniffer
19. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Wild
Test virus
Passive network attack
Payload
20. A ______________ is an electronically generated record that ties a user's ID to their public key.
Users can gain access to any resource upon request (assuming they have proper permissions)
Certificate
Ethernet
Mobile
21. Macintosh computers are _____ at risk for receiving viruses.
Also
Passive network attack
Main goal of a risk management program
Social Engineering
22. This free (for personal use) program is used to encrypt and decrypt emails.
X.509
Directive
PGP
SLE - Single Loss Expectancy
23. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Cramming
Confidentiality
Polymorphic
Quantitative analysis
24. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
a good password policy
Sniffer
Hoaxes
Accountability
25. _______________ supply AV engines with false information to avoid detection
Unix / Linux based security tools?
Decentralized access control
Available service ports
Stealth viruses
26. An attempt to break an encryption algorithm is called _____________.
Intentions of the perpetrator
Cryptanalysis
Business enabler
Preserve electronic evidence and protect it from any alteration
27. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
CRACK
Polymorphic
Sniffer
28. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Acceptance - Transfer - Mitigate
All
Man In The Middle
Layer 3 - Host to Host
29. One method that can reduce exposure to malicious code is to ___________________
Off site in a climate controlled area
run applications as generic accounts with little or no privileges.
Layer 7 - Application
Verisign - Microsoft - Dell
30. What security principle is based on the division of job responsibilities - designed to prevent fraud?
RSA
Separation of Duties
Polymorphic
Reboot or system startup
31. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Detective
Fixed length
Decentralized access control
CERT - SANS - CERIAS - COAST
32. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
CVE - Common Vulnerabilities and Exposures
SET
Authorization
product development life cycle
33. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Buffer Overflow
To make user certificates available to others
CHAP
Presentation Layer - L6
34. A standardized list of the most common security weaknesses and exploits is the __________.
Confidentiality
Symmetric algorithm
Mobile
CVE - Common Vulnerabilities and Exposures
35. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
a good password policy
0-1023
Data Classification
CHAP
36. Today - ______________ are almost as serious as security violations
Wild
IDEA algorithm
Less secure
Privacy violations
37. ________ is the authoritative entity which lists port assignments
IANA
Multi-partite viruses
Risk Equation
RSA
38. A true network security audit does include an audit for _____________
RADIUS
128
Quantitative analysis
modems
39. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
CVE - Common Vulnerabilities and Exposures
involves only computer to computer transactions
SLE - Single Loss Expectancy
0-1023
40. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
Salami attack
0-1023
Password audit
41. Accounting - Authentication - and ____________ are the AAAs of information security.
IDEA algorithm
Cramming
Passwords
Authorization
42. Combine both boot and file virus behavior
Salami attack
Multi-partite viruses
128
RADIUS
43. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Man In The Middle
Configuration Control
Stealth viruses
Presentation Layer - L6
44. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas
Granularity
Residual risk
Virus definition downloads and system virus scans
Quantitative analysis
45. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
Acceptance - Transfer - Mitigate
ISO
Not very difficult to break.
46. Identifying specific attempts to penetrate systems is the function of the _______________.
Depcrypting
Intrusion Detection System
Logic bombs
Configuration Control
47. Digital Certificates use which protocol?
Unix / Linux based security tools?
Prevent - Recover - Detect
Warning banners
X.509
48. A Security Reference Monitor relates to which DoD security standard?
Steps in handling incidents
C2
NFS
Cisco
49. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
SYN Flooding
Buffer Overflow
CERT - SANS - CERIAS - COAST
Steps in handling incidents
50. Organizations that can be a valid Certificate Authority (CA)
Warning banners
Steps in handling incidents
Detective
Verisign - Microsoft - Dell
