SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The ability to adjust access control to the exact amount of permission necessary is called ______________.
To make user certificates available to others
Macro
Fixed length
Granularity
2. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Warning Banner
Unix / Linux based security tools?
Salami attack
Granularity
3. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
CRACK
Authentication
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Detective
4. ____ members of the staff need to be educated in disaster recovery procedures.
Personal Firewall - IDS - host based - Antivirus
Unix / Linux based security tools?
All
Sniffer
5. Information security policies are a ___________________.
C2
Configuration Control
Business enabler
Email
6. Main goals of an information security program
Confidentiality - Availability -Integrity of data
Passive network attack
Sued for privacy violations
Granularity
7. Ways to deal with risk.
MAC - Mandatory Access Control
CHAP
Acceptance - Transfer - Mitigate
Cisco
8. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Depcrypting
a good password policy
involves only computer to computer transactions
CERT - SANS - CERIAS - COAST
9. The ultimate goal of a computer forensics specialist is to ___________________.
Biometrics
Information
NT Audit events
Preserve electronic evidence and protect it from any alteration
10. Organizations that can be a valid Certificate Authority (CA)
CHAP
CVE - Common Vulnerabilities and Exposures
Verisign - Microsoft - Dell
Logic bombs
11. Remote Access Dial-in User Service
SLE - Single Loss Expectancy
CVE - Common Vulnerabilities and Exposures
RADIUS
Mobile
12. Cable modems are ___________than DSL connections
Biometrics
Granularity
Less secure
Business enabler
13. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
Available service ports
To make user certificates available to others
ISO
14. Public keys are used for encrypting messages and private keys are used for __________messages.
Protection of data from unauthorized users
Depcrypting
Directive
DAC - Discretionary Access Control
15. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
CHAP
Data Classification
Man In The Middle
RSA
16. So far - no one has been able to crack the ____________ with Brute Force.
IPSEC
Data Hiding
Hoaxes
IDEA algorithm
17. ____________ is a file system that was poorly designed and has numerous security flaws.
Not very difficult to break.
Data Hiding
NFS
SSL
18. ________ is the authoritative entity which lists port assignments
a good password policy
SLE - Single Loss Expectancy
DSS - Digital Signature Standard
IANA
19. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
Data Hiding
Not rigid
128
0-1023
20. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
TIGER
Warning banners
involves only computer to computer transactions
Configuration Control
21. _______________ supply AV engines with false information to avoid detection
Passfilt.dll
Stealth viruses
Also
Configuration Control
22. What security principle is based on the division of job responsibilities - designed to prevent fraud?
IDEA algorithm
Information Security policies
Separation of Duties
ISO
23. An attempt to break an encryption algorithm is called _____________.
Not very difficult to break.
Cryptanalysis
Information Security policies
Acceptance - Transfer - Mitigate
24. Which range defines 'well known ports?'
Also
Email
0-1023
C2
25. Digital Certificates use which protocol?
Main goal of a risk management program
X.509
Presentation Layer - L6
Payload
26. Data being delivered from the source to the intended receiver without being altered
Email
Information
Protection of data from unauthorized users
Confidentiality
27. __________ is the most famous Unix password cracking tool.
CRACK
Configuration Control
Not very difficult to break.
Directive
28. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Passfilt.dll
Also
Certificate
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
29. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
To make user certificates available to others
Unix / Linux based security tools?
Not very difficult to break.
30. A Security Reference Monitor relates to which DoD security standard?
Stateful Inspection
Certificate
C2
NFS
31. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
involves only computer to computer transactions
Host based - network based
A PGP Signed message
Log files
32. Which layer of the OSI model handles encryption?
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Directive
Presentation Layer - L6
Sniffer
33. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.
SET
Hackers and crackers
Preserve electronic evidence and protect it from any alteration
Payload
34. They specifically target telephone networks
modems
DAC - Discretionary Access Control
Multi-partite viruses
Phreaks
35. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Assignment
Password audit
CHAP
36. HTTP - FTP - SMTP reside at which layer of the OSI model?
0-1023
Layer 7 - Application
run applications as generic accounts with little or no privileges.
involves only computer to computer transactions
37. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
Passfilt.dll
Mobile
Virus definition downloads and system virus scans
Passive network attack
38. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
C2
DAC - Discretionary Access Control
Test virus
Cramming
39. A ______________ is an electronically generated record that ties a user's ID to their public key.
Cramming
Host based - network based
Steps in handling incidents
Certificate
40. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Buffer Overflow
Environmental
Off site in a climate controlled area
Hoaxes
41. It is difficult to prosecute a computer criminal if _________ are not deployed
Warning banners
One way hash
DAC - Discretionary Access Control
Logic bombs
42. A standardized list of the most common security weaknesses and exploits is the __________.
CVE - Common Vulnerabilities and Exposures
Reboot or system startup
Payload
Prevent - Recover - Detect
43. Smart cards are a secure alternative to which weak security mechanism?
Passwords
Accountability
CERT - SANS - CERIAS - COAST
Macro
44. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Main goal of a risk management program
SSL
CVE - Common Vulnerabilities and Exposures
Configuration Control
45. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Biometrics
Email
Protection of data from unauthorized users
CHAP
46. ______________ is a major component of an overall risk management program.
Available service ports
ISO
Risk assessment
Hackers and crackers
47. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.
Decentralized access control
involves only computer to computer transactions
Passive network attack
Cramming
48. Macintosh computers are _____ at risk for receiving viruses.
Wild
Host based - network based
Also
CRACK
49. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Warning banners
Not rigid
CRACK
Information
50. Companies can now be __________ just as easily as they can be sued for security compromises.
Hackers and crackers
Polymorphic
Sued for privacy violations
Passwords