SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The most secure method for storing backup tapes is?
Environmental
Risk assessment
Off site in a climate controlled area
Layer 7 - Application
2. Which of the concepts best describes Availability in relation to computer resources?
X.509
NT Audit events
Users can gain access to any resource upon request (assuming they have proper permissions)
Information Security policies
3. These should be done on a weekly basis
Environmental
0-1023
Virus definition downloads and system virus scans
Business enabler
4. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Presentation Layer - L6
Warning banners
Residual risk
Certificate
5. The ultimate goal of a computer forensics specialist is to ___________________.
Preserve electronic evidence and protect it from any alteration
Main goal of a risk management program
Reboot or system startup
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
6. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
DAC - Discretionary Access Control
Passive network attack
Confidentiality
SYN Flooding
7. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
A PGP Signed message
CHAP
TIGER
Off site in a climate controlled area
8. HTTP - FTP - SMTP reside at which layer of the OSI model?
DAC - Discretionary Access Control
run applications as generic accounts with little or no privileges.
Sued for privacy violations
Layer 7 - Application
9. MD5 is a ___________ algorithm
Less secure
One way hash
Hoaxes
product development life cycle
10. Main goals of an information security program
Confidentiality - Availability -Integrity of data
Accountability
DAC - Discretionary Access Control
Intrusion Detection System
11. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Directive
Data Hiding
C2
involves only computer to computer transactions
12. Countermeasures address security concerns in this category
To make user certificates available to others
run applications as generic accounts with little or no privileges.
Information
Prevent - Recover - Detect
13. They specifically target telephone networks
Off site in a climate controlled area
product development life cycle
Phreaks
RSA
14. Stealth viruses live in memory while __________ are written to disk
Passfilt.dll
Logic bombs
Hackers and crackers
Biometrics
15. Macintosh computers are _____ at risk for receiving viruses.
Acceptance - Transfer - Mitigate
Also
Users can gain access to any resource upon request (assuming they have proper permissions)
Biometrics
16. ___________________ is responsible for creating security policies and for communicating those policies to system users.
IDEA algorithm
Prevent - Recover - Detect
One way hash
ISO
17. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Less secure
Authentication
Cryptanalysis
Macro
18. A ______________ is an electronically generated record that ties a user's ID to their public key.
Certificate
Less secure
Multi-partite viruses
Environmental
19. This free (for personal use) program is used to encrypt and decrypt emails.
modems
PGP
Log files
Virus definition downloads and system virus scans
20. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
IANA
ISO
Steps in handling incidents
RSA
21. To help managers find the correct cost balance between risks and countermeasures
Main goal of a risk management program
All
Certificate
Not rigid
22. A formula used in Quantitative risk analysis
Passwords
SLE - Single Loss Expectancy
Available service ports
Symmetric algorithm
23. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Not very difficult to break.
Biometrics
RSA
128
24. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
ISO
Data Classification
Man In The Middle
SYN Flooding
25. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
SSL
Configuration Control
Users can gain access to any resource upon request (assuming they have proper permissions)
Prevent - Recover - Detect
26. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
Data Classification
SET
Prevent - Recover - Detect
Payload
27. _______________ supply AV engines with false information to avoid detection
Off site in a climate controlled area
Information Security policies
Stealth viruses
Layer 7 - Application
28. __________ is a tool used by network administrators to capture packets from a network.
MAC - Mandatory Access Control
Sniffer
Risk Equation
Cramming
29. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Layer 3 - Host to Host
Cramming
Fixed length
Residual risk
30. A type of virus that resides in a Word or Excel document is called a ___________ virus?
IANA
Macro
Assignment
Prevent - Recover - Detect
31. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
One way hash
Business enabler
0-1023
Information Security policies
32. It is difficult to prosecute a computer criminal if _________ are not deployed
Not rigid
SYN Flooding
Warning banners
product development life cycle
33. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
DSS - Digital Signature Standard
Information Security policies
PGP
Risk assessment
34. A true network security audit does include an audit for _____________
S/Key - OPIE
modems
CHAP
RSA
35. ______________ relates to the concept of protecting data from unauthorized users.
RADIUS
Confidentiality
Payload
Hoaxes
36. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Environmental
Reboot or system startup
Unix / Linux based security tools?
CERT - SANS - CERIAS - COAST
37. Logon and Logoff - Use of User Rights - Security Policy Change
Logic bombs
Users can gain access to any resource upon request (assuming they have proper permissions)
NT Audit events
Confidentiality
38. The ability to identify and audit a user and his / her actions is known as ____________.
One way hash
MAC - Mandatory Access Control
Accountability
Buffer Overflow
39. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Gathering digital evidence
Protection of data from unauthorized users
Information
All
40. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Polymorphic
A PGP Signed message
Certificate
Salami attack
41. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Users can gain access to any resource upon request (assuming they have proper permissions)
Assignment
Layer 3 - Host to Host
A PGP Signed message
42. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
Data Classification
Business enabler
Privacy violations
43. Companies can now be __________ just as easily as they can be sued for security compromises.
Mobile
Log files
0-1023
Sued for privacy violations
44. Allows File owners to determine access rights.
Decentralized access control
TIGER
One way hash
Social Engineering
45. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
C2
Buffer Overflow
a good password policy
Certificate
46. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
SLE - Single Loss Expectancy
SSL
Intrusion Detection System
product development life cycle
47. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
SYN Flooding
Authorization
Passfilt.dll
48. Digital Certificates use which protocol?
A PGP Signed message
X.509
Prevent - Recover - Detect
Also
49. Identifying specific attempts to penetrate systems is the function of the _______________.
Not very difficult to break.
run applications as generic accounts with little or no privileges.
IPSEC
Intrusion Detection System
50. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
To make user certificates available to others
Authorization
ISO
Cryptanalysis