Test your basic knowledge |

SSCP: Systems Security Certified Practitioner

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?






2. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?






3. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?






4. The PAP protocol sends passwords in clear text - while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic






5. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.






6. It is difficult to prosecute a computer criminal if _________ are not deployed






7. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy






8. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.






9. A true network security audit does include an audit for _____________






10. Organizations that can be a valid Certificate Authority (CA)






11. What is the main difference between computer abuse and computer crime?






12. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?






13. ___________________ viruses change the code order of the strain each time they replicate to another machine.






14. EICAR is an example of a _____________ used to test AV products without introducing a live virus into the network.






15. One method that can reduce exposure to malicious code is to ___________________






16. The __________ is the most dangerous part of a virus program.






17. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?






18. Data being delivered from the source to the intended receiver without being altered






19. Wiretapping is an example of a ________.






20. What security principle is based on the division of job responsibilities - designed to prevent fraud?






21. A formula used in Quantitative risk analysis






22. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?






23. ______________ relates to the concept of protecting data from unauthorized users.






24. ________ is the authoritative entity which lists port assignments






25. ___________________ is responsible for creating security policies and for communicating those policies to system users.






26. Remote Access Dial-in User Service






27. Countermeasures address security concerns in this category






28. The ultimate goal of a computer forensics specialist is to ___________________.






29. Logon and Logoff - Use of User Rights - Security Policy Change






30. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.






31. Combine both boot and file virus behavior






32. HTTP - FTP - SMTP reside at which layer of the OSI model?






33. ____ members of the staff need to be educated in disaster recovery procedures.






34. The ability to adjust access control to the exact amount of permission necessary is called ______________.






35. ____________ is used in mission critical systems and applications to lock down information based on sensitivity levels (Confidential - Top Secret - etc.






36. __________________ will have weird characters printed at the beginning or end of an email message - what would it be anindication of?






37. Although it is considered a low tech attack ____________ is still a very effective way of gaining unauthorized access to network systems.






38. Accounting - Authentication - and ____________ are the AAAs of information security.






39. There are 5 classes of IP addresses available - but only 3 classes are in common use today






40. Types of firewalls: Packet Filtering - Application Proxy - and _________________.






41. Vulnerability x Threat = RISK is an example of the _______________.






42. An attempt to break an encryption algorithm is called _____________.






43. Public keys are used for encrypting messages and private keys are used for __________messages.






44. This free (for personal use) program is used to encrypt and decrypt emails.






45. __________ is the most famous Unix password cracking tool.






46. A ______________ is an electronically generated record that ties a user's ID to their public key.






47. ____________ is a file system that was poorly designed and has numerous security flaws.






48. A type of virus that resides in a Word or Excel document is called a ___________ virus?






49. In a Public Key Infrastructure (PKI) - what is the role of a directory server?






50. Cable modems are ___________than DSL connections