Test your basic knowledge |

SSCP: Systems Security Certified Practitioner

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Instructions or code that executes on an end user's machine from a web browser is known as __________ code.






2. What term describes the amount of risk that remains after the countermeasures have been deployed and the vulnerabilities classified?






3. Cable modems are ___________than DSL connections






4. Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?






5. An attempt to break an encryption algorithm is called _____________.






6. Remote Access Dial-in User Service






7. RSA is not based on a ________






8. Consists of checking for Minimum password length - Password aging - Password Strength - Blank Passwords?






9. There are 5 classes of IP addresses available - but only 3 classes are in common use today






10. Main goals of an information security program






11. Used in ______________:Retinal Scanning - Fingerprints - Face Recognition - Voice Recognition






12. EDI (Electronic Data Interchange) differs from e- Commerce in that it ___________________.






13. The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?






14. Which of the following is NOT and encryption algorithm?






15. Countermeasures address security concerns in this category






16. The IDEA algorithm (used in PGP) is _______ bits long.






17. Types of firewalls: Packet Filtering - Application Proxy - and _________________.






18. A virus is considered to be 'in the ______ ' if it has been reported as replicating and causing harm to computers.






19. S/MIME was developed for the protection of what communication mechanism(s)?






20. DES - Data Encryption standard has a 128 bit key and is ________






21. MD5 is a ___________ algorithm






22. ________ is the authoritative entity which lists port assignments






23. ___________________ is responsible for creating security policies and for communicating those policies to system users.






24. Diffie Hellman - RSA - and ___________ are all examples of Public Key cryptography?






25. Name two types of Intrusion Detection Systems






26. _________________should be Written down - Clearly Communicated to all system users - Audited and revised periodically.






27. ______________ relates to the concept of protecting data from unauthorized users.






28. An intrusion detection system is an example of what type of countermeasure?






29. What is the main difference between computer abuse and computer crime?






30. The __________ is the most dangerous part of a virus program.






31. Unlike like viruses and worm - __________ are bogus messages that spread via email forwarding.






32. There are 65536 _________






33. Contain - Recover - Review - Identify - Prepare






34. Code Review - Certification - Accreditation - Functional Design Review - System Test Review






35. These should be done on a weekly basis






36. Layer 4 of the OSI model corresponds to which layer of the DoD model?






37. Public keys are used for encrypting messages and private keys are used for __________messages.






38. One method that can reduce exposure to malicious code is to ___________________






39. Today - ______________ are almost as serious as security violations






40. ______________ is a Unix security scanning tool developed at Texas A&M university.






41. Passwords: should be audited on a regular basis- should contain some form of your name or userid - should never be shared or written down






42. If your telephone company suddenly started billing you for caller ID and call forwarding without your permission - this practice is referred to as __________________.






43. Combine both boot and file virus behavior






44. ___________ - generally considered 'need to know' access is given based on permissions granted to the user.






45. ___________________ viruses change the code order of the strain each time they replicate to another machine.






46. IKE - Internet Key Exchange is often used in conjunction with what security standard?






47. They specifically target telephone networks






48. A security policy is a ___________ set of rules that must be followed explicitly in order to be effective.






49. The ability to adjust access control to the exact amount of permission necessary is called ______________.






50. Which auditing practice relates to the controlling of hardware - software - firmware - and documentation to insure it has not been improperly modified?