SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Closed Circuit Television
CRC (Cyclic Redundancy Check)
CCTV
Script
DOS
2. Network device that operates at layer 1. Concentrator.
Salami Slicing
Hubs
VLANs
Boot-sector Virus
3. A hidden communications channel on a system that allows for the bypassing of the system security policy
Back door/ trap door/maintenance hook
Checksum
Illegal/Unethical
Covert channels
4. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Illegal/Unethical
Hackers
Quantitative
Copyright
5. Enticing people to hit your honeypot to see how they try to access your system.
Key Escrow
Fraggle
Enticement
CHAP
6. A system designed to stop piggybacking.
DNS cache poisoning
Compiler
Common criteria
Man trap
7. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Quantitative
Multitasking
Worm
Hash
8. When one key of a two-key pair has more encryption pattern than the other
Asymmetric
VLANs
Owner
Open network
9. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Hash
Promiscuous mode
Replay
UUEncode
10. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Passive attacks
CRC (Cyclic Redundancy Check)
Honey pot
Session Hijacking
11. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
Spoofing
l0pht
ROM (Read-only memory)
DOS
12. A technique to eliminate data redundancy.
BIOS
Reciprocal agreement
Keystroke logging
Normalization
13. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Firewall types
CHAP
Carnivore
SSO (Single sign-on)
14. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Multitasking
Polymorphic
Hubs
Risk Analysis
15. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
CRC (Cyclic Redundancy Check)
Privacy Act of 1974
Finger printing
Non-repudiation
16. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Callback Security/Call Forwarding
Dogs
Vulnerability analysis tools
Risk Acceptance
17. Internet Architecture Board. This board is responsible for protecting the Internet.
IAB
SQL (Structured Query Language)
Cyphertext only
Teardrop
18. Providing verification to a system
Debug
ALE (Annualized Loss Expectancy)
Authentication
Inference
19. Component Object Model.
Copyright
Embezzlement
RADIUS (Remote authentication dial-in user service)
COM
20. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Teardrop
ALE (Annualized Loss Expectancy)
Boot-sector Virus
Digital certificates
21. Relating to quality or kind. This assigns a level of importance to something.
ARO (Annualized Rate of Occurrence)
Qualitative
Brute force
Security through obscurity
22. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Cookies
Biometrics
RADIUS (Remote authentication dial-in user service)
Sabotage
23. Method of authenticating to a system. Something that you supply and something you know.
Exit interview
Out of band
Username/password
DCOM
24. A site that has some equipment in place - and can be up within days
BIOS
Warm Site
SSH
Bastion hosts
25. A site that is ready physically but has no hardware in place - all it has is HVAC
Decentralized
SSH
Cold Site
Due Care
26. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
UUEncode
BIOS
Tokens
OSI Model
27. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Base-64
Echelon
Dumpster diving
Crosstalk
28. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Probing
Cryptanalysis
Due Diligence
ROM (Read-only memory)
29. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Active attacks
Bastion hosts
Privacy Act of 1974
AES (Advanced Encryption Standard)
30. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
Hacker
Raid 0 - 1 - 3 - 5
Symmetric
31. In the broadest sense - a fraud is a deception made for personal gain
Trade Secret
Fraud
Format 7 times
WAP (Wireless Application Protocol)
32. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Finger scanning
ARO (Annualized Rate of Occurrence)
IAB
RAM (Random-access memory)
33. 'If you cant see it - its secure'. Bad policy to live by.
Logic bomb
Job rotation
Hash
Security through obscurity
34. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Reciprocal agreement
Throughput of a Biometric System
Patent
Tort
35. Scanning the airwaves for radio transmissions
Honey pot
Noise & perturbation
Scanning
ActiveX Object Linking and Embedding
36. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Acceptable use
Non-repudiation
SSL/TLS
COM
37. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
SSH
Hearsay Evidence
Fraud
Encryption
38. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Covert channels
Encryption
Virtual machine
Risk Acceptance
39. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Firewall types
TACACS (Terminal access controller access control system)
CGI (The Common Gateway Interface)
DOS
40. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Sniffing
Phreaker
Java
DCOM
41. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Halon
Telnet
Hardware
Accountability
42. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
War dialing
Finger printing
TCSEC
Security kernel
43. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Burden of Proof
Asymmetric
Common criteria
Multithreading
44. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Spoofing
Two-Factor Authentication
Bastion hosts
Degausser
45. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
/etc/passwd
Hash
Buffer overflow
DAD
46. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Security Awareness Training
Debug
Symmetric
Compiler
47. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Warm Site
Brewer-Nash model
Firmware
Checksum
48. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Attenuation
Packet Sniffing
Risk Acceptance
Trap Door
49. Animals with teeth. Not as discriminate as guards
CRC (Cyclic Redundancy Check)
CCTV
Dogs
NAT
50. Rolling command center with UPS - satellite - uplink - power - etc.
Rolling hot sites
Symmetric
Quantitative
Spoofing