SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
Business enabler
involves only computer to computer transactions
0-1023
Payload
2. Remote Access Dial-in User Service
DSS - Digital Signature Standard
RADIUS
Less secure
Macro
3. Which of the following is NOT and encryption algorithm?
SSL
Presentation Layer - L6
SET
DAC - Discretionary Access Control
4. Public keys are used for encrypting messages and private keys are used for __________messages.
Depcrypting
Cramming
RSA
SSL
5. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
SLE - Single Loss Expectancy
Social Engineering
Presentation Layer - L6
Intentions of the perpetrator
6. Countermeasures' main objectives
Mobile
Prevent - Recover - Detect
Cisco
Fixed length
7. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.
Hackers and crackers
Sued for privacy violations
A PGP Signed message
Host based - network based
8. A boot sector virus goes to work when what event takes place?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Reboot or system startup
Residual risk
Environmental
9. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
Unix / Linux based security tools?
Test virus
TIGER
Information Security policies
10. __________ is the most famous Unix password cracking tool.
CRACK
Also
Not rigid
Gathering digital evidence
11. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Hoaxes
Cisco
X.509
MAC - Mandatory Access Control
12. Macintosh computers are _____ at risk for receiving viruses.
SSL
Test virus
Also
Hoaxes
13. ________ is the authoritative entity which lists port assignments
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
IANA
Multi-partite viruses
Data Hiding
14. Name two types of Intrusion Detection Systems
Business enabler
Quantitative analysis
Host based - network based
Phreaks
15. Identifying specific attempts to penetrate systems is the function of the _______________.
Information
Fixed length
Accountability
Intrusion Detection System
16. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Assignment
Biometrics
Ethernet
IPSEC
17. ___________________ viruses change the code order of the strain each time they replicate to another machine.
RSA
Cisco
Polymorphic
Mobile
18. Wiretapping is an example of a ________.
Passive network attack
Less secure
Hoaxes
RSA
19. To help managers find the correct cost balance between risks and countermeasures
RSA
Ethernet
Confidentiality
Main goal of a risk management program
20. Companies can now be __________ just as easily as they can be sued for security compromises.
DSS - Digital Signature Standard
Buffer Overflow
Sued for privacy violations
Acceptance - Transfer - Mitigate
21. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Directive
DSS - Digital Signature Standard
Data Classification
Logic bombs
22. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.
Business enabler
IPSEC
Confidentiality - Availability -Integrity of data
SYN Flooding
23. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.
Wild
CERT - SANS - CERIAS - COAST
CHAP
Unix / Linux based security tools?
24. Contain - Recover - Review - Identify - Prepare
Steps in handling incidents
Phreaks
Symmetric algorithm
Passive network attack
25. There are 65536 _________
Off site in a climate controlled area
Risk Equation
To make user certificates available to others
Available service ports
26. What is the main difference between computer abuse and computer crime?
Intentions of the perpetrator
Stateful Inspection
Test virus
Intrusion Detection System
27. Accounting - Authentication - and ____________ are the AAAs of information security.
Reboot or system startup
Test virus
IDEA algorithm
Authorization
28. Which range defines 'well known ports?'
0-1023
RSA
Preserve electronic evidence and protect it from any alteration
Main goal of a risk management program
29. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
C2
SET
run applications as generic accounts with little or no privileges.
a good password policy
30. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
C2
Main goal of a risk management program
Passwords
Mobile
31. Which layer of the OSI model handles encryption?
Authorization
Presentation Layer - L6
Ethernet
SET
32. Data being delivered from the source to the intended receiver without being altered
Protection of data from unauthorized users
Layer 3 - Host to Host
Not very difficult to break.
RSA
33. A ______________ is an electronically generated record that ties a user's ID to their public key.
Certificate
CHAP
CRACK
Sued for privacy violations
34. The ability to identify and audit a user and his / her actions is known as ____________.
Accountability
Available service ports
RSA
Detective
35. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Warning banners
CRACK
C2
Cramming
36. Cable modems are ___________than DSL connections
Environmental
Virus definition downloads and system virus scans
Less secure
Biometrics
37. A type of virus that resides in a Word or Excel document is called a ___________ virus?
MAC - Mandatory Access Control
Authentication
Not very difficult to break.
Macro
38. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Separation of Duties
Authentication
Data Hiding
C2
39. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
RSA
Test virus
Hackers and crackers
Personal Firewall - IDS - host based - Antivirus
40. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Personal Firewall - IDS - host based - Antivirus
CERT - SANS - CERIAS - COAST
IPSEC
Authentication
41. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Presentation Layer - L6
Cryptanalysis
Buffer Overflow
Unix / Linux based security tools?
42. MD5 is a ___________ algorithm
C2
Cryptanalysis
CRACK
One way hash
43. Which organization(s) are responsible for the timely distribution of information security intelligence data?
Users can gain access to any resource upon request (assuming they have proper permissions)
Sniffer
product development life cycle
CERT - SANS - CERIAS - COAST
44. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?
S/Key - OPIE
Logic bombs
Gathering digital evidence
DSS - Digital Signature Standard
45. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Protection of data from unauthorized users
Off site in a climate controlled area
involves only computer to computer transactions
Not rigid
46. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
Data Classification
SYN Flooding
Personal Firewall - IDS - host based - Antivirus
47. ____ members of the staff need to be educated in disaster recovery procedures.
All
Ethernet
Cisco
One way hash
48. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Risk assessment
Configuration Control
product development life cycle
Polymorphic
49. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
0-1023
SET
Configuration Control
A PGP Signed message
50. ___________________ is responsible for creating security policies and for communicating those policies to system users.
PGP
Stealth viruses
Environmental
ISO