Test your basic knowledge |

SSCP: Systems Security Certified Practitioner

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Smart cards are a secure alternative to which weak security mechanism?






2. A formula used in Quantitative risk analysis






3. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.






4. One method that can reduce exposure to malicious code is to ___________________






5. Today - ______________ are almost as serious as security violations






6. An intrusion detection system is an example of what type of countermeasure?






7. ___________________ is responsible for creating security policies and for communicating those policies to system users.






8. Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?






9. So far - no one has been able to crack the ____________ with Brute Force.






10. A Security Reference Monitor relates to which DoD security standard?






11. What is the main difference between computer abuse and computer crime?






12. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?






13. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.






14. The ability to identify and audit a user and his / her actions is known as ____________.






15. A ______________ is an electronically generated record that ties a user's ID to their public key.






16. Data being delivered from the source to the intended receiver without being altered






17. Companies can now be __________ just as easily as they can be sued for security compromises.






18. Macintosh computers are _____ at risk for receiving viruses.






19. ______________ relates to the concept of protecting data from unauthorized users.






20. Public keys are used for encrypting messages and private keys are used for __________messages.






21. Which major vendor adopted TACACS into its product line as a form of AAA architecture?






22. What security principle is based on the division of job responsibilities - designed to prevent fraud?






23. ___________________ viruses change the code order of the strain each time they replicate to another machine.






24. Logon and Logoff - Use of User Rights - Security Policy Change






25. Information security policies are a ___________________.






26. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down






27. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?






28. The __________ is the most dangerous part of a virus program.






29. PGP & PEM are programs that allow users to send encrypted messages to each other. What form of encryption do these programs use?






30. Allows File owners to determine access rights.






31. There are 65536 _________






32. The ability to adjust access control to the exact amount of permission necessary is called ______________.






33. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN






34. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition






35. RSA is not based on a ________






36. MD5 is a ___________ algorithm






37. Ways to deal with risk.






38. Which form of media is handled at the Physical Layer (Layer 1) of the OSI Reference Model?






39. It is difficult to prosecute a computer criminal if _________ are not deployed






40. Which organization(s) are responsible for the timely distribution of information security intelligence data?






41. What is the following paragraph an example of? <<ATTN: This system is for the use of authorized persons only. If you use this system without authority - or if you abuse your authority - then you are subject to having all of your activities on this sy






42. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?






43. Countermeasures' main objectives






44. In a Public Key Infrastructure (PKI) - what is the role of a directory server?






45. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.






46. ______________ is a Unix security scanning tool developed at Texas A&M university.






47. Contain - Recover - Review - Identify - Prepare






48. An attempt to break an encryption algorithm is called _____________.






49. Name two types of Intrusion Detection Systems






50. Types of firewalls: Packet Filtering - Application Proxy - and _________________.