SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. __________ is the most famous Unix password cracking tool.
CRACK
Off site in a climate controlled area
Environmental
Layer 7 - Application
2. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Biometrics
PGP
Log files
Decentralized access control
3. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Fixed length
Cisco
Decentralized access control
Warning banners
4. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
To make user certificates available to others
Test virus
Logic bombs
Social Engineering
5. A one way hash converts a string of random length into a _______________ encrypted string.
Authorization
Fixed length
Sued for privacy violations
Decentralized access control
6. Code Review - Certification - Accreditation - Functional Design Review - System Test Review
Users can gain access to any resource upon request (assuming they have proper permissions)
ISO
Unix / Linux based security tools?
product development life cycle
7. The __________ is the most dangerous part of a virus program.
Warning banners
Payload
Available service ports
Wild
8. Which organization(s) are responsible for the timely distribution of information security intelligence data?
SSL
Intentions of the perpetrator
Less secure
CERT - SANS - CERIAS - COAST
9. To help managers find the correct cost balance between risks and countermeasures
Wild
Main goal of a risk management program
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Configuration Control
10. Wiretapping is an example of a ________.
Gathering digital evidence
Passive network attack
Data Hiding
Macro
11. A Security Reference Monitor relates to which DoD security standard?
ISO
X.509
C2
Data Classification
12. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Test virus
RADIUS
Configuration Control
Symmetric algorithm
13. DES - Data Encryption standard has a 128 bit key and is ________
Not rigid
Man In The Middle
Detective
Not very difficult to break.
14. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
Privacy violations
A PGP Signed message
C2
NT Audit events
15. ______________ is a Unix security scanning tool developed at Texas A&M university.
TIGER
involves only computer to computer transactions
C2
SSL
16. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
Also
Off site in a climate controlled area
Detective
a good password policy
17. HTTP - FTP - SMTP reside at which layer of the OSI model?
Wild
Data Hiding
Social Engineering
Layer 7 - Application
18. ____ members of the staff need to be educated in disaster recovery procedures.
All
Environmental
Information
Polymorphic
19. Which of the following is NOT and encryption algorithm?
SSL
Warning Banner
DAC - Discretionary Access Control
Passive network attack
20. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.
Gathering digital evidence
Test virus
Fixed length
CRACK
21. Information security policies are a ___________________.
Password audit
Layer 7 - Application
Host based - network based
Business enabler
22. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Decentralized access control
Polymorphic
Quantitative analysis
Hackers and crackers
23. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.
Salami attack
Payload
Not very difficult to break.
Buffer Overflow
24. One method that can reduce exposure to malicious code is to ___________________
SYN Flooding
run applications as generic accounts with little or no privileges.
Mobile
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
25. The most secure method for storing backup tapes is?
Personal Firewall - IDS - host based - Antivirus
NT Audit events
Off site in a climate controlled area
All
26. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?
Privacy violations
a good password policy
Protection of data from unauthorized users
Residual risk
27. _______________ supply AV engines with false information to avoid detection
Assignment
product development life cycle
Stealth viruses
Not rigid
28. Countermeasures address security concerns in this category
Information
Intrusion Detection System
Layer 3 - Host to Host
Assignment
29. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Confidentiality
Not rigid
Less secure
Password audit
30. __________ is a tool used by network administrators to capture packets from a network.
Cramming
Configuration Control
Sniffer
Data Hiding
31. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
Warning Banner
Business enabler
RSA
Privacy violations
32. This free (for personal use) program is used to encrypt and decrypt emails.
Unix / Linux based security tools?
C2
Environmental
PGP
33. Logon and Logoff - Use of User Rights - Security Policy Change
Reboot or system startup
Wild
NT Audit events
Cryptanalysis
34. Accounting - Authentication - and ____________ are the AAAs of information security.
Certificate
Stealth viruses
Authorization
CRACK
35. A formula used in Quantitative risk analysis
Configuration Control
SLE - Single Loss Expectancy
To make user certificates available to others
Preserve electronic evidence and protect it from any alteration
36. Allows File owners to determine access rights.
Unix / Linux based security tools?
RADIUS
product development life cycle
Decentralized access control
37. Main goals of an information security program
Ethernet
Main goal of a risk management program
Confidentiality - Availability -Integrity of data
Intentions of the perpetrator
38. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Privacy violations
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
TIGER
MAC - Mandatory Access Control
39. Smart cards are a secure alternative to which weak security mechanism?
Passwords
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Social Engineering
Environmental
40. Stealth viruses live in memory while __________ are written to disk
Logic bombs
DAC - Discretionary Access Control
Also
Gathering digital evidence
41. S/MIME was developed for the protection of what communication mechanism(s)?
Privacy violations
MAC - Mandatory Access Control
product development life cycle
Email
42. They specifically target telephone networks
modems
NT Audit events
Phreaks
Passwords
43. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
Hoaxes
CERT - SANS - CERIAS - COAST
To make user certificates available to others
IANA
44. A type of virus that resides in a Word or Excel document is called a ___________ virus?
Macro
Personal Firewall - IDS - host based - Antivirus
Passfilt.dll
modems
45. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.
ISO
Information Security policies
Cramming
Cryptanalysis
46. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Environmental
IDEA algorithm
Layer 7 - Application
X.509
47. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Business enabler
Macro
CRACK
Layer 3 - Host to Host
48. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN
Unix / Linux based security tools?
Fixed length
Verisign - Microsoft - Dell
Buffer Overflow
49. MD5 is a ___________ algorithm
Information Security policies
128
Certificate
One way hash
50. Examples of One- Time Password technology
S/Key - OPIE
Biometrics
Configuration Control
Risk assessment
