SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.
Social Engineering
Not rigid
DAC - Discretionary Access Control
Prevent - Recover - Detect
2. The ability to adjust access control to the exact amount of permission necessary is called ______________.
Macro
Granularity
Privacy violations
128
3. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Acceptance - Transfer - Mitigate
Cisco
Detective
Macro
4. The IDEA algorithm (used in PGP) is _______ bits long.
128
Layer 3 - Host to Host
NT Audit events
Macro
5. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.
Hoaxes
Assignment
Environmental
Fixed length
6. An attempt to break an encryption algorithm is called _____________.
Unix / Linux based security tools?
0-1023
Cryptanalysis
Host based - network based
7. _______________ supply AV engines with false information to avoid detection
Off site in a climate controlled area
Buffer Overflow
Test virus
Stealth viruses
8. In a Public Key Infrastructure (PKI) - what is the role of a directory server?
To make user certificates available to others
NT Audit events
Confidentiality
Email
9. Allows File owners to determine access rights.
SYN Flooding
Protection of data from unauthorized users
Decentralized access control
Cramming
10. MD5 is a ___________ algorithm
Fixed length
One way hash
Passwords
Cramming
11. Accounting - Authentication - and ____________ are the AAAs of information security.
Accountability
Stealth viruses
Authorization
Logic bombs
12. HTTP - FTP - SMTP reside at which layer of the OSI model?
Assignment
run applications as generic accounts with little or no privileges.
Layer 7 - Application
PGP
13. Main goals of an information security program
Layer 7 - Application
Configuration Control
A PGP Signed message
Confidentiality - Availability -Integrity of data
14. Types of firewalls: Packet Filtering - Application Proxy - and _________________.
Buffer Overflow
Stateful Inspection
One way hash
A PGP Signed message
15. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.
Less secure
Password audit
Detective
Environmental
16. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Users can gain access to any resource upon request (assuming they have proper permissions)
Biometrics
0-1023
product development life cycle
17. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Assignment
Directive
Sued for privacy violations
CRACK
18. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?
Mobile
SLE - Single Loss Expectancy
RSA
DSS - Digital Signature Standard
19. ___________________ is responsible for creating security policies and for communicating those policies to system users.
product development life cycle
ISO
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
C2
20. What security principle is based on the division of job responsibilities - designed to prevent fraud?
Information Security policies
Separation of Duties
Business enabler
Intrusion Detection System
21. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down
a good password policy
Decentralized access control
Residual risk
Ethernet
22. Layer 4 of the OSI model corresponds to which layer of the DoD model?
Confidentiality - Availability -Integrity of data
IPSEC
product development life cycle
Layer 3 - Host to Host
23. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Configuration Control
Not rigid
Depcrypting
Buffer Overflow
24. Smart cards are a secure alternative to which weak security mechanism?
Passwords
Layer 3 - Host to Host
Quantitative analysis
To make user certificates available to others
25. __________ is the most famous Unix password cracking tool.
Macro
CRACK
Available service ports
SET
26. There are 5 classes of IP addresses available - but only 3 classes are in common use today
PGP
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
Authorization
Social Engineering
27. Logon and Logoff - Use of User Rights - Security Policy Change
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
NT Audit events
Ethernet
One way hash
28. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.
0-1023
All
Buffer Overflow
Mobile
29. ______________ is a Unix security scanning tool developed at Texas A&M university.
TIGER
Cramming
Less secure
Quantitative analysis
30. One method that can reduce exposure to malicious code is to ___________________
run applications as generic accounts with little or no privileges.
Depcrypting
Risk assessment
Layer 7 - Application
31. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______
Passfilt.dll
Phreaks
Warning Banner
DAC - Discretionary Access Control
32. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Personal Firewall - IDS - host based - Antivirus
SLE - Single Loss Expectancy
Main goal of a risk management program
Gathering digital evidence
33. RSA is not based on a ________
Privacy violations
Symmetric algorithm
X.509
Sniffer
34. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
NFS
Off site in a climate controlled area
Users can gain access to any resource upon request (assuming they have proper permissions)
35. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
C2
SLE - Single Loss Expectancy
Man In The Middle
Payload
36. Stealth viruses live in memory while __________ are written to disk
SYN Flooding
Data Classification
TIGER
Logic bombs
37. Public keys are used for encrypting messages and private keys are used for __________messages.
Passfilt.dll
SSL
Depcrypting
Business enabler
38. Which organization(s) are responsible for the timely distribution of information security intelligence data?
DAC - Discretionary Access Control
Hackers and crackers
128
CERT - SANS - CERIAS - COAST
39. ____________ is a file system that was poorly designed and has numerous security flaws.
run applications as generic accounts with little or no privileges.
Logic bombs
Verisign - Microsoft - Dell
NFS
40. IKE - Internet Key Exchange is often used in conjunction with what security standard?
Salami attack
Hackers and crackers
Passfilt.dll
IPSEC
41. They specifically target telephone networks
CHAP
Phreaks
Confidentiality - Availability -Integrity of data
Mobile
42. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy
128
Sniffer
Information
Warning Banner
43. Contain - Recover - Review - Identify - Prepare
IPSEC
DSS - Digital Signature Standard
Steps in handling incidents
Mobile
44. Wiretapping is an example of a ________.
Acceptance - Transfer - Mitigate
Cryptanalysis
Passive network attack
Business enabler
45. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
128
Layer 7 - Application
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Social Engineering
46. It is difficult to prosecute a computer criminal if _________ are not deployed
Privacy violations
Warning banners
Verisign - Microsoft - Dell
TIGER
47. Cable modems are ___________than DSL connections
Privacy violations
Intrusion Detection System
Less secure
Also
48. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Fixed length
Detective
Passfilt.dll
Log files
49. Ways to deal with risk.
Acceptance - Transfer - Mitigate
To make user certificates available to others
Risk Equation
Assignment
50. A boot sector virus goes to work when what event takes place?
Reboot or system startup
CRACK
Environmental
CHAP
