Test your basic knowledge |

SSCP: Systems Security Certified Practitioner

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. ________ is the authoritative entity which lists port assignments






2. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?






3. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.






4. Which of the following is NOT and encryption algorithm?






5. Vulnerability x Threat = RISK is an example of the _______________.






6. Layer 4 of the OSI model corresponds to which layer of the DoD model?






7. DES - Data Encryption standard has a 128 bit key and is ________






8. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.






9. ____________ is a file system that was poorly designed and has numerous security flaws.






10. Which major vendor adopted TACACS into its product line as a form of AAA architecture?






11. Committing computer crimes in such small doses that they almost go unnoticed.






12. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.






13. Macintosh computers are _____ at risk for receiving viruses.






14. Countermeasures' main objectives






15. ____ members of the staff need to be educated in disaster recovery procedures.






16. It is difficult to prosecute a computer criminal if _________ are not deployed






17. An intrusion detection system is an example of what type of countermeasure?






18. One method that can reduce exposure to malicious code is to ___________________






19. An attempt to break an encryption algorithm is called _____________.






20. Examples of One- Time Password technology






21. Organizations that can be a valid Certificate Authority (CA)






22. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.






23. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.






24. Which layer of the OSI model handles encryption?






25. There are 5 classes of IP addresses available - but only 3 classes are in common use today






26. _______________ supply AV engines with false information to avoid detection






27. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy






28. So far - no one has been able to crack the ____________ with Brute Force.






29. Name two types of Intrusion Detection Systems






30. Identifying specific attempts to penetrate systems is the function of the _______________.






31. Types of firewalls: Packet Filtering - Application Proxy - and _________________.






32. What is the main difference between computer abuse and computer crime?






33. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.






34. Digital Certificates use which protocol?






35. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic






36. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.






37. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.






38. Main goals of an information security program






39. Information security policies are a ___________________.






40. Which organization(s) are responsible for the timely distribution of information security intelligence data?






41. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?






42. A type of virus that resides in a Word or Excel document is called a ___________ virus?






43. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.






44. S/MIME was developed for the protection of what communication mechanism(s)?






45. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.






46. A ______________ is an electronically generated record that ties a user's ID to their public key.






47. To help managers find the correct cost balance between risks and countermeasures






48. Accounting - Authentication - and ____________ are the AAAs of information security.






49. A Security Reference Monitor relates to which DoD security standard?






50. Which of the concepts best describes Availability in relation to computer resources?