Test your basic knowledge |

SSCP: Systems Security Certified Practitioner

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What security principle is based on the division of job responsibilities - designed to prevent fraud?






2. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.






3. Each password must have a combination of upper case - lower case - numbers and special characters - 6 character minimum password length - This rule is enforced by ______






4. A type of virus that resides in a Word or Excel document is called a ___________ virus?






5. So far - no one has been able to crack the ____________ with Brute Force.






6. In a Public Key Infrastructure (PKI) - what is the role of a directory server?






7. __________ is a tool used by network administrators to capture packets from a network.






8. An intrusion detection system is an example of what type of countermeasure?






9. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.






10. Examples of One- Time Password technology






11. Layer 4 of the OSI model corresponds to which layer of the DoD model?






12. It is difficult to prosecute a computer criminal if _________ are not deployed






13. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?






14. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?






15. ______________ is a major component of an overall risk management program.






16. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?






17. This free (for personal use) program is used to encrypt and decrypt emails.






18. The ultimate goal of a computer forensics specialist is to ___________________.






19. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.






20. Today - ______________ are almost as serious as security violations






21. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.






22. Which of the following is NOT and encryption algorithm?






23. ___________________ viruses change the code order of the strain each time they replicate to another machine.






24. Name two types of Intrusion Detection Systems






25. ____________ is a file system that was poorly designed and has numerous security flaws.






26. Which range defines 'well known ports?'






27. A Security Reference Monitor relates to which DoD security standard?






28. To help managers find the correct cost balance between risks and countermeasures






29. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.






30. Types of firewalls: Packet Filtering - Application Proxy - and _________________.






31. A ______________ is an electronically generated record that ties a user's ID to their public key.






32. Identifying specific attempts to penetrate systems is the function of the _______________.






33. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.






34. ____ members of the staff need to be educated in disaster recovery procedures.






35. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?






36. The ability to identify and audit a user and his / her actions is known as ____________.






37. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN






38. Companies can now be __________ just as easily as they can be sued for security compromises.






39. One method that can reduce exposure to malicious code is to ___________________






40. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.






41. MD5 is a ___________ algorithm






42. __________ is the most famous Unix password cracking tool.






43. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.






44. Vulnerability x Threat = RISK is an example of the _______________.






45. Contain - Recover - Review - Identify - Prepare






46. These should be done on a weekly basis






47. Which organization(s) are responsible for the timely distribution of information security intelligence data?






48. ________ is the authoritative entity which lists port assignments






49. Which major vendor adopted TACACS into its product line as a form of AAA architecture?






50. DES - Data Encryption standard has a 128 bit key and is ________