SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Vulnerability x Threat = RISK is an example of the _______________.
Reboot or system startup
Unix / Linux based security tools?
Macro
Risk Equation
2. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Users can gain access to any resource upon request (assuming they have proper permissions)
Cramming
Risk Equation
Host based - network based
3. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Authentication
X.509
Logic bombs
SSL
4. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
product development life cycle
Symmetric algorithm
Warning Banner
5. A standardized list of the most common security weaknesses and exploits is the __________.
CVE - Common Vulnerabilities and Exposures
Information
CHAP
a good password policy
6. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Mobile
Sniffer
Host based - network based
Main goal of a risk management program
7. DES - Data Encryption standard has a 128 bit key and is ________
Intrusion Detection System
Not very difficult to break.
a good password policy
RSA
8. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
SET
Passfilt.dll
Decentralized access control
Fixed length
9. ____________ is a file system that was poorly designed and has numerous security flaws.
Also
DSS - Digital Signature Standard
NFS
Prevent - Recover - Detect
10. Identifying specific attempts to penetrate systems is the function of the _______________.
DSS - Digital Signature Standard
Intrusion Detection System
SLE - Single Loss Expectancy
IPSEC
11. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
C2
Log files
Warning Banner
Certificate
12. ____ members of the staff need to be educated in disaster recovery procedures.
Buffer Overflow
Wild
One way hash
All
13. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Hackers and crackers
CRACK
Users can gain access to any resource upon request (assuming they have proper permissions)
Assignment
14. An intrusion detection system is an example of what type of countermeasure?
Warning banners
Stealth viruses
Detective
Authorization
15. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Presentation Layer - L6
ISO
Test virus
S/Key - OPIE
16. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Warning banners
a good password policy
Not rigid
Directive
17. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Not rigid
Polymorphic
Social Engineering
Available service ports
18. A formula used in Quantitative risk analysis
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Information Security policies
run applications as generic accounts with little or no privileges.
SLE - Single Loss Expectancy
19. A true network security audit does include an audit for _____________
modems
Salami attack
All
Passive network attack
20. Information security policies are a ___________________.
Business enabler
One way hash
Macro
MAC - Mandatory Access Control
21. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
0-1023
Stateful Inspection
PGP
Granularity
22. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
A PGP Signed message
Stealth viruses
Available service ports
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
23. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Passive network attack
Polymorphic
MAC - Mandatory Access Control
Detective
24. _______________ supply AV engines with false information to avoid detection
Confidentiality - Availability -Integrity of data
Stealth viruses
Detective
run applications as generic accounts with little or no privileges.
25. The IDEA algorithm (used in PGP) is _______ bits long.
IDEA algorithm
128
Sniffer
RADIUS
26. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Mobile
RSA
Man In The Middle
Layer 3 - Host to Host
27. Which of the concepts best describes Availability in relation to computer resources?
Password audit
Users can gain access to any resource upon request (assuming they have proper permissions)
Passfilt.dll
Fixed length
28. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Buffer Overflow
involves only computer to computer transactions
Decentralized access control
Data Classification
29. Combine both boot and file virus behavior
Passwords
Data Hiding
Multi-partite viruses
Configuration Control
30. They specifically target telephone networks
Polymorphic
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Phreaks
One way hash
31. Contain - Recover - Review - Identify - Prepare
SLE - Single Loss Expectancy
Privacy violations
Steps in handling incidents
Information Security policies
32. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Cramming
Phreaks
IPSEC
Confidentiality - Availability -Integrity of data
33. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Residual risk
Phreaks
SSL
ISO
34. S/MIME was developed for the protection of what communication mechanism(s)?
Stealth viruses
CHAP
Confidentiality - Availability -Integrity of data
Email
35. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Also
Social Engineering
Intentions of the perpetrator
36. Which range defines 'well known ports?'
PGP
0-1023
Authorization
product development life cycle
37. Which of the following is NOT and encryption algorithm?
Also
SSL
Stealth viruses
128
38. HTTP - FTP - SMTP reside at which layer of the OSI model?
Depcrypting
Sniffer
Confidentiality - Availability -Integrity of data
Layer 7 - Application
39. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
DAC - Discretionary Access Control
Less secure
run applications as generic accounts with little or no privileges.
Prevent - Recover - Detect
40. __________ is the most famous Unix password cracking tool.
Users can gain access to any resource upon request (assuming they have proper permissions)
A PGP Signed message
CRACK
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
41. Wiretapping is an example of a ________.
Passive network attack
product development life cycle
Directive
Business enabler
42. Countermeasures address security concerns in this category
Main goal of a risk management program
Verisign - Microsoft - Dell
Information
Data Hiding
43. ___________________ is responsible for creating security policies and for communicating those policies to system users.
Not rigid
Social Engineering
CHAP
ISO
44. A one way hash converts a string of random length into a _______________ encrypted string.
CHAP
Fixed length
Ethernet
Main goal of a risk management program
45. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
product development life cycle
involves only computer to computer transactions
Log files
Wild
46. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Directive
NFS
Cramming
Cisco
47. A Security Reference Monitor relates to which DoD security standard?
IDEA algorithm
0-1023
Salami attack
C2
48. To help managers find the correct cost balance between risks and countermeasures
Not rigid
Main goal of a risk management program
Sniffer
Buffer Overflow
49. These should be done on a weekly basis
One way hash
Virus definition downloads and system virus scans
Presentation Layer - L6
SYN Flooding
50. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Host based - network based
Test virus
Biometrics
Wild
