SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
SSCP: Systems Security Certified Practitioner
Start Test
Study First
Subjects
:
certifications
,
sscp
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Digital Certificates use which protocol?
X.509
Wild
Mobile
Detective
2. Identifying specific attempts to penetrate systems is the function of the _______________.
Users can gain access to any resource upon request (assuming they have proper permissions)
A PGP Signed message
Intrusion Detection System
All
3. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?
Passfilt.dll
Directive
PGP
Authentication
4. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.
CHAP
Wild
MAC - Mandatory Access Control
NT Audit events
5. __________ is the most famous Unix password cracking tool.
All
Symmetric algorithm
CRACK
Reboot or system startup
6. Which layer of the OSI model handles encryption?
Presentation Layer - L6
Data Classification
Gathering digital evidence
Not very difficult to break.
7. Countermeasures' main objectives
Prevent - Recover - Detect
Authorization
Protection of data from unauthorized users
TIGER
8. ___________________ viruses change the code order of the strain each time they replicate to another machine.
Users can gain access to any resource upon request (assuming they have proper permissions)
X.509
All
Polymorphic
9. ____________ is a file system that was poorly designed and has numerous security flaws.
NFS
Users can gain access to any resource upon request (assuming they have proper permissions)
Warning banners
To make user certificates available to others
10. Smart cards are a secure alternative to which weak security mechanism?
TIGER
Cryptanalysis
X.509
Passwords
11. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?
Salami attack
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Sued for privacy violations
Unix / Linux based security tools?
12. Vulnerability x Threat = RISK is an example of the _______________.
Less secure
Biometrics
Test virus
Risk Equation
13. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?
Warning banners
Man In The Middle
Sniffer
Off site in a climate controlled area
14. Organizations that can be a valid Certificate Authority (CA)
CHAP
Multi-partite viruses
Macro
Verisign - Microsoft - Dell
15. The ultimate goal of a computer forensics specialist is to ___________________.
Polymorphic
Preserve electronic evidence and protect it from any alteration
Hackers and crackers
Cisco
16. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.
Presentation Layer - L6
DAC - Discretionary Access Control
Passwords
Macro
17. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.
Data Classification
Email
Layer 7 - Application
CERT - SANS - CERIAS - COAST
18. Which major vendor adopted TACACS into its product line as a form of AAA architecture?
Cisco
Off site in a climate controlled area
a good password policy
Information Security policies
19. ________ is the authoritative entity which lists port assignments
X.509
IANA
CHAP
Stealth viruses
20. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.
NFS
Less secure
C2
Data Hiding
21. Examples of One- Time Password technology
S/Key - OPIE
Protection of data from unauthorized users
Symmetric algorithm
Class A: 1-126 - Class B: 128-191 - Class C: 192-223
22. They specifically target telephone networks
Not rigid
Phreaks
Stateful Inspection
Email
23. An intrusion detection system is an example of what type of countermeasure?
Passwords
Warning banners
Sued for privacy violations
Detective
24. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?
Intentions of the perpetrator
Email
Configuration Control
Symmetric algorithm
25. Companies can now be __________ just as easily as they can be sued for security compromises.
Confidentiality
Sued for privacy violations
Stateful Inspection
Users can gain access to any resource upon request (assuming they have proper permissions)
26. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition
Protection of data from unauthorized users
Biometrics
Log files
Fixed length
27. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?
Steps in handling incidents
CHAP
Password audit
Information
28. This free (for personal use) program is used to encrypt and decrypt emails.
PGP
NFS
Information Security policies
Payload
29. Main goals of an information security program
Salami attack
Preserve electronic evidence and protect it from any alteration
Confidentiality - Availability -Integrity of data
Users can gain access to any resource upon request (assuming they have proper permissions)
30. These should be done on a weekly basis
Directive
Payload
Gathering digital evidence
Virus definition downloads and system virus scans
31. There are 65536 _________
Quantitative analysis
Available service ports
Business enabler
DSS - Digital Signature Standard
32. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.
Passive network attack
Hoaxes
Logic bombs
Prevent - Recover - Detect
33. Remote Access Dial-in User Service
Quantitative analysis
Layer 3 - Host to Host
NFS
RADIUS
34. Public keys are used for encrypting messages and private keys are used for __________messages.
SLE - Single Loss Expectancy
Verisign - Microsoft - Dell
C2
Depcrypting
35. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.
Log files
Risk assessment
Passwords
RSA
36. Cable modems are ___________than DSL connections
DSS - Digital Signature Standard
Less secure
Configuration Control
SLE - Single Loss Expectancy
37. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis
Gathering digital evidence
Passive network attack
Social Engineering
Intrusion Detection System
38. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?
Information
Ethernet
X.509
Cramming
39. The most secure method for storing backup tapes is?
Hoaxes
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
SSL
Off site in a climate controlled area
40. Macintosh computers are _____ at risk for receiving viruses.
Buffer Overflow
Phreaks
Also
run applications as generic accounts with little or no privileges.
41. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.
Directive
Fixed length
0-1023
Host based - network based
42. Committing computer crimes in such small doses that they almost go unnoticed.
Separation of Duties
Payload
Layers 5 - 6 - & 7 - Session - Presentation - and Application Layers
Salami attack
43. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?
A PGP Signed message
Protection of data from unauthorized users
Polymorphic
Stateful Inspection
44. Combine both boot and file virus behavior
Multi-partite viruses
Environmental
SYN Flooding
Logic bombs
45. A Security Reference Monitor relates to which DoD security standard?
Salami attack
Biometrics
SLE - Single Loss Expectancy
C2
46. One method that can reduce exposure to malicious code is to ___________________
Accountability
Directive
Prevent - Recover - Detect
run applications as generic accounts with little or no privileges.
47. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.
involves only computer to computer transactions
CRACK
C2
Data Classification
48. HTTP - FTP - SMTP reside at which layer of the OSI model?
A PGP Signed message
Layer 7 - Application
NT Audit events
Cramming
49. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.
Acceptance - Transfer - Mitigate
Not rigid
run applications as generic accounts with little or no privileges.
Detective
50. So far - no one has been able to crack the ____________ with Brute Force.
IDEA algorithm
Host based - network based
modems
Passive network attack
