Test your basic knowledge |

SSCP: Systems Security Certified Practitioner

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Unclassified - Private - Confidential - Secret - Top Secret - and Internal Use Only are levels of ________________.






2. Layer 4 of the OSI model corresponds to which layer of the DoD model?






3. There are 6 types of security control practices. ___________ controls are management policies - procedures - and guidelines that usually effect the entire system. These types of controls deal with system auditing and usability.






4. There are 5 classes of IP addresses available - but only 3 classes are in common use today






5. There are 65536 _________






6. An intrusion detection system is an example of what type of countermeasure?






7. __________ is a tool used by network administrators to capture packets from a network.






8. Countermeasures address security concerns in this category






9. A formula used in Quantitative risk analysis






10. A one way hash converts a string of random length into a _______________ encrypted string.






11. This free (for personal use) program is used to encrypt and decrypt emails.






12. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.






13. Which range defines 'well known ports?'






14. A true network security audit does include an audit for _____________






15. A type of virus that resides in a Word or Excel document is called a ___________ virus?






16. Stealth viruses live in memory while __________ are written to disk






17. ______________ relates to the concept of protecting data from unauthorized users.






18. Contracting with an insurance company to cover losses due to information security breaches is known as risk __________.






19. DES - Data Encryption standard has a 128 bit key and is ________






20. What type of software can be used to prevent - detect (and possibly correct) malicious activities on a system?






21. _________ is a form of Denial of Service attack which interrupts the TCP three way handshake and leaves half open connections.






22. When ________________it is very important to do document the chain of evidence by taking good notes and perform a bit-level back up of the data before analysis






23. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down






24. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.






25. IKE - Internet Key Exchange is often used in conjunction with what security standard?






26. Examples of One- Time Password technology






27. The most secure method for storing backup tapes is?






28. This is more time consuming - numeric values - based on Annualized Loss Expectancy (ALE) formulas






29. Security incidents fall into a number of categories such as accidental - deliberate - and ____________.






30. Public keys are used for encrypting messages and private keys are used for __________messages.






31. Companies can now be __________ just as easily as they can be sued for security compromises.






32. ________ is a protocol developed by Visa and MasterCard to protect electronic transactions.






33. Identifying specific attempts to penetrate systems is the function of the _______________.






34. Digital Certificates use which protocol?






35. Main goals of an information security program






36. Which major vendor adopted TACACS into its product line as a form of AAA architecture?






37. ____ members of the staff need to be educated in disaster recovery procedures.






38. Organizations that can be a valid Certificate Authority (CA)






39. So far - no one has been able to crack the ____________ with Brute Force.






40. Trend Analysis involves analyzing historical ___________ files in order to look for patterns of abuse or misuse.






41. Macintosh computers are _____ at risk for receiving viruses.






42. In a Public Key Infrastructure (PKI) - what is the role of a directory server?






43. It is difficult to prosecute a computer criminal if _________ are not deployed






44. These should be done on a weekly basis






45. HTTP - FTP - SMTP reside at which layer of the OSI model?






46. Intentionally embedding secret data into a picture or some form of media is known as Steganographyor data ___________.






47. Tiger - TCP Wrappers - TripWire - LogCheck - SATAN






48. Wiretapping is an example of a ________.






49. ____________ is a file system that was poorly designed and has numerous security flaws.






50. What is the main difference between computer abuse and computer crime?