Test your basic knowledge |

SSCP: Systems Security Certified Practitioner

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______






2. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.






3. It is difficult to prosecute a computer criminal if _________ are not deployed






4. An intrusion detection system is an example of what type of countermeasure?






5. Countermeasures address security concerns in this category






6. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.






7. MD5 is a ___________ algorithm






8. Allows File owners to determine access rights.






9. A Security Reference Monitor relates to which DoD security standard?






10. Cable modems are ___________than DSL connections






11. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down






12. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.






13. DES - Data Encryption standard has a 128 bit key and is ________






14. In a Public Key Infrastructure (PKI) - what is the role of a directory server?






15. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas






16. Information security policies are a ___________________.






17. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.






18. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.






19. The ultimate goal of a computer forensics specialist is to ___________________.






20. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition






21. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis






22. Contain - Recover - Review - Identify - Prepare






23. Committing computer crimes in such small doses that they almost go unnoticed.






24. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.






25. ___________________ viruses change the code order of the strain each time they replicate to another machine.






26. Smart cards are a secure alternative to which weak security mechanism?






27. A formula used in Quantitative risk analysis






28. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN






29. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.






30. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.






31. What security principle is based on the division of job responsibilities - designed to prevent fraud?






32. __________ attacks capitalize on programming errors and can allow the originator to gain additional privileges on a machine.






33. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.






34. The most secure method for storing backup tapes is?






35. ____ members of the staff need to be educated in disaster recovery procedures.






36. Data being delivered from the source to the intended receiver without being altered






37. RSA is not based on a ________






38. Code Review - Certification - Accreditation - Functional Design Review - System Test Review






39. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?






40. They specifically target telephone networks






41. __________ is the most famous Unix password cracking tool.






42. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?






43. The ability to identify and audit a user and his / her actions is known as ____________.






44. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?






45. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.






46. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic






47. Which range defines 'well known ports?'






48. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.






49. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.






50. Name two types of Intrusion Detection Systems