SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Which range defines 'well known ports?'
NT Audit events
0-1023
Directive
Depcrypting
2. One method that can reduce exposure to malicious code is to ___________________
Off site in a climate controlled area
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Mobile
run applications as generic accounts with little or no privileges.
3. Countermeasures address security concerns in this category
SSL
Information
Payload
Layer 7 - Application
4. Ways to deal with risk.
Also
Confidentiality - Availability -Integrity of data
product development life cycle
Acceptance - Transfer - Mitigate
5. Examples of One- Time Password technology
To make user certificates available to others
SYN Flooding
S/Key - OPIE
Information
6. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
All
Email
Accountability
Authentication
7. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Users can gain access to any resource upon request (assuming they have proper permissions)
Data Classification
S/Key - OPIE
Unix / Linux based security tools?
8. Countermeasures' main objectives
C2
X.509
Prevent - Recover - Detect
Social Engineering
9. Remote Access Dial-in User Service
Hoaxes
RADIUS
Phreaks
Data Classification
10. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Warning banners
Confidentiality
Buffer Overflow
product development life cycle
11. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Off site in a climate controlled area
DAC - Discretionary Access Control
Risk assessment
a good password policy
12. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Layer 7 - Application
CRACK
Warning Banner
RSA
13. Organizations that can be a valid Certificate Authority (CA)
Verisign - Microsoft - Dell
Available service ports
Personal Firewall - IDS - host based - Antivirus
involves only computer to computer transactions
14. Main goals of an information security program
Fixed length
Confidentiality - Availability -Integrity of data
CRACK
Verisign - Microsoft - Dell
15. Allows File owners to determine access rights.
Cramming
Decentralized access control
Environmental
Information Security policies
16. _______________ supply AV engines with false information to avoid detection
Stealth viruses
Less secure
C2
0-1023
17. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
SLE - Single Loss Expectancy
Certificate
Configuration Control
Log files
18. An intrusion detection system is an example of what type of countermeasure?
Virus definition downloads and system virus scans
Detective
Intentions of the perpetrator
IPSEC
19. The __________ is the most dangerous part of a virus program.
Assignment
Payload
Steps in handling incidents
Logic bombs
20. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Personal Firewall - IDS - host based - Antivirus
CERT - SANS - CERIAS - COAST
PGP
DSS - Digital Signature Standard
21. A ______________ is an electronically generated record that ties a user's ID to their public key.
Depcrypting
CVE - Common Vulnerabilities and Exposures
Password audit
Certificate
22. Data being delivered from the source to the intended receiver without being altered
Confidentiality
Multi-partite viruses
Log files
Protection of data from unauthorized users
23. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
TIGER
Warning banners
IPSEC
Information Security policies
24. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Logic bombs
Confidentiality - Availability -Integrity of data
Verisign - Microsoft - Dell
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
25. Contain - Recover - Review - Identify - Prepare
Assignment
Steps in handling incidents
Biometrics
Social Engineering
26. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
RADIUS
Cisco
IANA
Passfilt.dll
27. A one way hash converts a string of random length into a _______________ encrypted string.
Intrusion Detection System
Gathering digital evidence
Fixed length
Passive network attack
28. __________ is a tool used by network administrators to capture packets from a network.
A PGP Signed message
Acceptance - Transfer - Mitigate
Sniffer
Separation of Duties
29. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Macro
CVE - Common Vulnerabilities and Exposures
IPSEC
Depcrypting
30. The most secure method for storing backup tapes is?
0-1023
Layer 3 - Host to Host
Off site in a climate controlled area
RSA
31. These should be done on a weekly basis
Cisco
Virus definition downloads and system virus scans
DAC - Discretionary Access Control
Man In The Middle
32. __________ is the most famous Unix password cracking tool.
One way hash
CRACK
CHAP
PGP
33. S/MIME was developed for the protection of what communication mechanism(s)?
Email
Configuration Control
PGP
Quantitative analysis
34. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?
Less secure
Personal Firewall - IDS - host based - Antivirus
Stealth viruses
Steps in handling incidents
35. Which of the following is NOT and encryption algorithm?
SSL
Protection of data from unauthorized users
Confidentiality
Authentication
36. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Confidentiality - Availability -Integrity of data
Business enabler
Hoaxes
SSL
37. Today - ______________ are almost as serious as security violations
Buffer Overflow
Privacy violations
Data Classification
Detective
38. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
Accountability
MAC - Mandatory Access Control
S/Key - OPIE
Passfilt.dll
39. Name two types of Intrusion Detection Systems
Also
Host based - network based
Fixed length
Information Security policies
40. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Data Hiding
Social Engineering
Warning Banner
Risk assessment
41. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Also
0-1023
C2
Mobile
42. Identifying specific attempts to penetrate systems is the function of the _______________.
Man In The Middle
Intrusion Detection System
Personal Firewall - IDS - host based - Antivirus
Configuration Control
43. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic
Quantitative analysis
CHAP
Separation of Duties
run applications as generic accounts with little or no privileges.
44. ___________________ viruses change the code order of the strain each time they replicate to another machine.
PGP
Verisign - Microsoft - Dell
Directive
Polymorphic
45. Macintosh computers are _____ at risk for receiving viruses.
Assignment
Also
X.509
modems
46. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
Stateful Inspection
NT Audit events
SLE - Single Loss Expectancy
47. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Host based - network based
Data Hiding
Assignment
Residual risk
48. The IDEA algorithm (used in PGP) is _______ bits long.
DAC - Discretionary Access Control
product development life cycle
run applications as generic accounts with little or no privileges.
128
49. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Risk Equation
Salami attack
Gathering digital evidence
Password audit
50. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Biometrics
Confidentiality
a good password policy
Users can gain access to any resource upon request (assuming they have proper permissions)