Test your basic knowledge |

SSCP: Systems Security Certified Practitioner

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.






2. Identifying specific attempts to penetrate systems is the function of the _______________.






3. A true network security audit does include an audit for _____________






4. __________ is the most famous Unix password cracking tool.






5. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.






6. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.






7. ___________________ viruses change the code order of the strain each time they replicate to another machine.






8. Logon and Logoff - Use of User Rights - Security Policy Change






9. Accounting - Authentication - and ____________ are the AAAs of information security.






10. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.






11. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.






12. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.






13. Code Review - Certification - Accreditation - Functional Design Review - System Test Review






14. MD5 is a ___________ algorithm






15. These should be done on a weekly basis






16. Public keys are used for encrypting messages and private keys are used for __________messages.






17. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?






18. RSA is not based on a ________






19. So far - no one has been able to crack the ____________ with Brute Force.






20. Smart cards are a secure alternative to which weak security mechanism?






21. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis






22. ___________________ is responsible for creating security policies and for communicating those policies to system users.






23. Wiretapping is an example of a ________.






24. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.






25. The ability to adjust access control to the exact amount of permission necessary is called ______________.






26. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.






27. The most secure method for storing backup tapes is?






28. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.






29. A ______________ is an electronically generated record that ties a user's ID to their public key.






30. Companies can now be __________ just as easily as they can be sued for security compromises.






31. ______________ is a Unix security scanning tool developed at Texas A&M university.






32. ____________ is a file system that was poorly designed and has numerous security flaws.






33. An attempt to break an encryption algorithm is called _____________.






34. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.






35. A formula used in Quantitative risk analysis






36. This free (for personal use) program is used to encrypt and decrypt emails.






37. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.






38. The ability to identify and audit a user and his / her actions is known as ____________.






39. Contain - Recover - Review - Identify - Prepare






40. Examples of One- Time Password technology






41. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.






42. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.






43. Which of the following is NOT and encryption algorithm?






44. In a Public Key Infrastructure (PKI) - what is the role of a directory server?






45. Although they are accused of being one in the same - _______________ are two distinctly different groups with different goals pertaining to computers.






46. ________ is the authoritative entity which lists port assignments






47. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?






48. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic






49. A Security Reference Monitor relates to which DoD security standard?






50. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.