SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which of the following is NOT and encryption algorithm?
NT Audit events
IDEA algorithm
Less secure
SSL
2. ____ members of the staff need to be educated in disaster recovery procedures.
All
DAC - Discretionary Access Control
Man In The Middle
Layer 7 - Application
3. Which range defines 'well known ports?'
0-1023
A PGP Signed message
Stateful Inspection
Cramming
4. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
Intentions of the perpetrator
CERT - SANS - CERIAS - COAST
Data Classification
5. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Test virus
Quantitative analysis
Mobile
Hoaxes
6. A formula used in Quantitative risk analysis
Symmetric algorithm
Protection of data from unauthorized users
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
SLE - Single Loss Expectancy
7. Smart cards are a secure alternative to which weak security mechanism?
Social Engineering
Main goal of a risk management program
Passwords
All
8. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Payload
Personal Firewall - IDS - host based - Antivirus
Less secure
Symmetric algorithm
9. Countermeasures' main objectives
Host based - network based
Prevent - Recover - Detect
Payload
Reboot or system startup
10. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SET
Man In The Middle
Symmetric algorithm
Acceptance - Transfer - Mitigate
11. Name two types of Intrusion Detection Systems
Sued for privacy violations
Authorization
Cryptanalysis
Host based - network based
12. HTTP - FTP - SMTP reside at which layer of the OSI model?
Passive network attack
Hoaxes
Layer 7 - Application
CERT - SANS - CERIAS - COAST
13. These should be done on a weekly basis
Social Engineering
Virus definition downloads and system virus scans
involves only computer to computer transactions
DSS - Digital Signature Standard
14. Remote Access Dial-in User Service
RADIUS
Not very difficult to break.
Acceptance - Transfer - Mitigate
Gathering digital evidence
15. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
ISO
RADIUS
Certificate
16. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Less secure
Social Engineering
RSA
Not very difficult to break.
17. Information security policies are a ___________________.
Business enabler
Log files
Hoaxes
Symmetric algorithm
18. A one way hash converts a string of random length into a _______________ encrypted string.
Fixed length
Cisco
DAC - Discretionary Access Control
Macro
19. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Users can gain access to any resource upon request (assuming they have proper permissions)
Also
Cramming
Less secure
20. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Depcrypting
Hoaxes
Intentions of the perpetrator
Protection of data from unauthorized users
21. ______________ relates to the concept of protecting data from unauthorized users.
Confidentiality
RSA
Quantitative analysis
IDEA algorithm
22. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
SYN Flooding
Hackers and crackers
To make user certificates available to others
Intentions of the perpetrator
23. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Prevent - Recover - Detect
ISO
CVE - Common Vulnerabilities and Exposures
Users can gain access to any resource upon request (assuming they have proper permissions)
24. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Directive
Mobile
Cryptanalysis
Certificate
25. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Warning Banner
Password audit
Granularity
RADIUS
26. S/MIME was developed for the protection of what communication mechanism(s)?
run applications as generic accounts with little or no privileges.
Email
Prevent - Recover - Detect
Off site in a climate controlled area
27. RSA is not based on a ________
TIGER
128
Available service ports
Symmetric algorithm
28. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
Passwords
Prevent - Recover - Detect
Also
29. Allows File owners to determine access rights.
modems
Decentralized access control
Passfilt.dll
Confidentiality - Availability -Integrity of data
30. A standardized list of the most common security weaknesses and exploits is the __________.
CVE - Common Vulnerabilities and Exposures
involves only computer to computer transactions
MAC - Mandatory Access Control
Cisco
31. The ultimate goal of a computer forensics specialist is to ___________________.
Cramming
Preserve electronic evidence and protect it from any alteration
Passwords
Social Engineering
32. ________ is the authoritative entity which lists port assignments
Reboot or system startup
Configuration Control
IANA
Residual risk
33. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Fixed length
Users can gain access to any resource upon request (assuming they have proper permissions)
CHAP
34. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Sniffer
Payload
Password audit
Configuration Control
35. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
0-1023
Authentication
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Information Security policies
36. There are 65536 _________
All
Risk assessment
Available service ports
Assignment
37. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Environmental
Sniffer
To make user certificates available to others
Separation of Duties
38. Companies can now be __________ just as easily as they can be sued for security compromises.
Password audit
Sued for privacy violations
Salami attack
Directive
39. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
RADIUS
Email
Directive
Buffer Overflow
40. Cable modems are ___________than DSL connections
Residual risk
Log files
Passive network attack
Less secure
41. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
All
Payload
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Buffer Overflow
42. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
SYN Flooding
Prevent - Recover - Detect
IANA
Residual risk
43. Vulnerability x Threat = RISK is an example of the _______________.
TIGER
Assignment
Main goal of a risk management program
Risk Equation
44. To help managers find the correct cost balance between risks and countermeasures
Gathering digital evidence
Multi-partite viruses
Residual risk
Main goal of a risk management program
45. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Accountability
Not rigid
CRACK
Biometrics
46. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Warning Banner
Sniffer
Biometrics
Macro
47. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Information Security policies
Certificate
To make user certificates available to others
Symmetric algorithm
48. Ways to deal with risk.
Acceptance - Transfer - Mitigate
Not very difficult to break.
SYN Flooding
a good password policy
49. Combine both boot and file virus behavior
RADIUS
Multi-partite viruses
Unix / Linux based security tools?
Accountability
50. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Assignment
0-1023
A PGP Signed message
Layer 3 - Host to Host
