Test your basic knowledge |

SSCP: Systems Security Certified Practitioner

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.






2. The ability to adjust access control to the exact amount of permission necessary is called ______________.






3. Which major vendor adopted TACACS into its product line as a form of AAA architecture?






4. The IDEA algorithm (used in PGP) is _______ bits long.






5. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.






6. An attempt to break an encryption algorithm is called _____________.






7. _______________ supply AV engines with false information to avoid detection






8. In a Public Key Infrastructure (PKI) - what is the role of a directory server?






9. Allows File owners to determine access rights.






10. MD5 is a ___________ algorithm






11. Accounting - Authentication - and ____________ are the AAAs of information security.






12. HTTP - FTP - SMTP reside at which layer of the OSI model?






13. Main goals of an information security program






14. Types of firewalls: Packet Filtering - Application Proxy - and _________________.






15. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.






16. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition






17. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.






18. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?






19. ___________________ is responsible for creating security policies and for communicating those policies to system users.






20. What security principle is based on the division of job responsibilities - designed to prevent fraud?






21. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down






22. Layer 4 of the OSI model corresponds to which layer of the DoD model?






23. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?






24. Smart cards are a secure alternative to which weak security mechanism?






25. __________ is the most famous Unix password cracking tool.






26. There are 5 classes of IP addresses available - but only 3 classes are in common use today






27. Logon and Logoff - Use of User Rights - Security Policy Change






28. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.






29. ______________ is a Unix security scanning tool developed at Texas A&M university.






30. One method that can reduce exposure to malicious code is to ___________________






31. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______






32. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis






33. RSA is not based on a ________






34. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.






35. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?






36. Stealth viruses live in memory while __________ are written to disk






37. Public keys are used for encrypting messages and private keys are used for __________messages.






38. Which organization(s) are responsible for the timely distribution of information security intelligence data?






39. ____________ is a file system that was poorly designed and has numerous security flaws.






40. IKE - Internet Key Exchange is often used in conjunction with what security standard?






41. They specifically target telephone networks






42. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy






43. Contain - Recover - Review - Identify - Prepare






44. Wiretapping is an example of a ________.






45. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?






46. It is difficult to prosecute a computer criminal if _________ are not deployed






47. Cable modems are ___________than DSL connections






48. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.






49. Ways to deal with risk.






50. A boot sector virus goes to work when what event takes place?