SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
SET
PGP
Data Hiding
Salami attack
2. Ways to deal with risk.
Presentation Layer - L6
Acceptance - Transfer - Mitigate
SYN Flooding
Separation of Duties
3. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Virus definition downloads and system virus scans
Sniffer
Hoaxes
Passfilt.dll
4. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Mobile
Passfilt.dll
Less secure
Phreaks
5. Accounting - Authentication - and ____________ are the AAAs of information security.
Authorization
run applications as generic accounts with little or no privileges.
Environmental
Email
6. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
All
Personal Firewall - IDS - host based - Antivirus
Man In The Middle
Warning Banner
7. These should be done on a weekly basis
Prevent - Recover - Detect
Verisign - Microsoft - Dell
involves only computer to computer transactions
Virus definition downloads and system virus scans
8. ___________________ is responsible for creating security policies and for communicating those policies to system users.
TIGER
Virus definition downloads and system virus scans
ISO
Not very difficult to break.
9. _______________ supply AV engines with false information to avoid detection
Stealth viruses
Passwords
Fixed length
SYN Flooding
10. __________ is the most famous Unix password cracking tool.
Authentication
CRACK
TIGER
Wild
11. ______________ is a Unix security scanning tool developed at Texas A&M university.
Warning Banner
Stealth viruses
Authentication
TIGER
12. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Granularity
Buffer Overflow
Business enabler
Preserve electronic evidence and protect it from any alteration
13. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Social Engineering
X.509
Separation of Duties
involves only computer to computer transactions
14. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
DAC - Discretionary Access Control
Protection of data from unauthorized users
Not very difficult to break.
Warning Banner
15. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Granularity
Virus definition downloads and system virus scans
Polymorphic
DAC - Discretionary Access Control
16. Combine both boot and file virus behavior
Multi-partite viruses
S/Key - OPIE
0-1023
Passfilt.dll
17. A formula used in Quantitative risk analysis
SLE - Single Loss Expectancy
Available service ports
Personal Firewall - IDS - host based - Antivirus
MAC - Mandatory Access Control
18. Today - ______________ are almost as serious as security violations
Risk assessment
Privacy violations
Authorization
Quantitative analysis
19. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
CHAP
Personal Firewall - IDS - host based - Antivirus
Authentication
Gathering digital evidence
20. The __________ is the most dangerous part of a virus program.
involves only computer to computer transactions
IDEA algorithm
Payload
X.509
21. Committing computer crimes in such small doses that they almost go unnoticed.
Phreaks
SLE - Single Loss Expectancy
TIGER
Salami attack
22. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Email
Test virus
Residual risk
To make user certificates available to others
23. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Presentation Layer - L6
a good password policy
Stateful Inspection
Configuration Control
24. A ______________ is an electronically generated record that ties a user's ID to their public key.
Certificate
Assignment
Password audit
Passfilt.dll
25. Which of the concepts best describes Availability in relation to computer resources?
Gathering digital evidence
Users can gain access to any resource upon request (assuming they have proper permissions)
Privacy violations
SYN Flooding
26. Which layer of the OSI model handles encryption?
ISO
Protection of data from unauthorized users
Presentation Layer - L6
Sniffer
27. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Virus definition downloads and system virus scans
Gathering digital evidence
Steps in handling incidents
Polymorphic
28. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Password audit
Sued for privacy violations
Cryptanalysis
involves only computer to computer transactions
29. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Data Hiding
Accountability
One way hash
Log files
30. ____ members of the staff need to be educated in disaster recovery procedures.
Intrusion Detection System
CRACK
Not rigid
All
31. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Privacy violations
CRACK
Email
SET
32. Data being delivered from the source to the intended receiver without being altered
Gathering digital evidence
Quantitative analysis
involves only computer to computer transactions
Protection of data from unauthorized users
33. S/MIME was developed for the protection of what communication mechanism(s)?
Email
SLE - Single Loss Expectancy
Warning Banner
SSL
34. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Quantitative analysis
RADIUS
Data Classification
Stateful Inspection
35. There are 5 classes of IP addresses available - but only 3 classes are in common use today
Mobile
C2
Warning banners
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
36. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
Confidentiality
CVE - Common Vulnerabilities and Exposures
Steps in handling incidents
DSS - Digital Signature Standard
37. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Passive network attack
Risk assessment
a good password policy
Password audit
38. Stealth viruses live in memory while __________ are written to disk
involves only computer to computer transactions
Quantitative analysis
Logic bombs
Ethernet
39. The ultimate goal of a computer forensics specialist is to ___________________.
Decentralized access control
Layer 7 - Application
Preserve electronic evidence and protect it from any alteration
Virus definition downloads and system virus scans
40. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
CVE - Common Vulnerabilities and Exposures
PGP
SSL
Not rigid
41. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Data Hiding
RSA
Risk assessment
Logic bombs
42. The most secure method for storing backup tapes is?
Test virus
SYN Flooding
Hackers and crackers
Off site in a climate controlled area
43. An intrusion detection system is an example of what type of countermeasure?
Stateful Inspection
Detective
run applications as generic accounts with little or no privileges.
Test virus
44. A one way hash converts a string of random length into a _______________ encrypted string.
Not very difficult to break.
modems
Preserve electronic evidence and protect it from any alteration
Fixed length
45. MD5 is a ___________ algorithm
One way hash
IDEA algorithm
Buffer Overflow
Presentation Layer - L6
46. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Layer 3 - Host to Host
S/Key - OPIE
Not very difficult to break.
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
47. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Ethernet
A PGP Signed message
MAC - Mandatory Access Control
Intentions of the perpetrator
48. HTTP - FTP - SMTP reside at which layer of the OSI model?
C2
Gathering digital evidence
Macro
Layer 7 - Application
49. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Fixed length
product development life cycle
Preserve electronic evidence and protect it from any alteration
Data Hiding
50. To help managers find the correct cost balance between risks and countermeasures
Multi-partite viruses
Main goal of a risk management program
Risk assessment
Data Hiding
