SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
DAD
ISDN (Integrated Services Digital Network)
Brute force
Due Diligence
2. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Owner
Social engineering
SLE (Single Loss Expectancy or Exposure)
Finger scanning
3. Chief Information Officer
CIO
Enticement
Toneloc
DAD
4. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
War driving
Key Escrow
AES (Advanced Encryption Standard)
5. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Macro
Joke
Data remanence
Copyright
6. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Patent
Logic bomb
ROM (Read-only memory)
Buffer overflow
7. When one key of a two-key pair has more encryption pattern than the other
EF (Exposure Factor)
Asymmetric
TACACS (Terminal access controller access control system)
Tort
8. In the broadest sense - a fraud is a deception made for personal gain
CGI (The Common Gateway Interface)
Honey pot
Fraud
Active attacks
9. Setting up the user to access the honeypot for reasons other than the intent to harm.
Malware
Entrapment
Motion detector
Social engineering
10. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Nonce
Rijndael
Security kernel
Content dependant
11. Motive - Opportunity - and Means. These deal with crime.
SYN Flood
Trade Secret
Java
MOM
12. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Wiretapping
Masquerade
Kerberos
SLE (Single Loss Expectancy or Exposure)
13. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Throughput of a Biometric System
ActiveX Object Linking and Embedding
Digest
Authentication
14. Component Object Model.
Bastion hosts
Honey pot
COM
Mandatory vacation
15. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Change management
Service packs
Checksum
DAD
16. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Masquerade
Risk Mitigation
Out of band
SSL/TLS
17. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Senior Management
Checksum
DOS
Risk Acceptance
18. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Software development lifecycle
Due Care
Packet Sniffing
CIO
19. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
OLE
Brewer-Nash model
Call tree
MitM
20. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
DHCP
Expert systems
TCB
Key Escrow
21. The person that controls access to the data
Wiretapping
Custodian
Keystroke logging
DDOS
22. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Fraggle
Call tree
Checksum
DNS cache poisoning
23. Internet Relay Chat.
Asset Value
VLANs
TCSEC
IRC
24. A network that uses standard protocols (TCP/IP)
Cryptanalysis
Fiber optic
Trademark
Open network
25. Using ICMP to diagram a network
BIA
CRC (Cyclic Redundancy Check)
Probing
Data Mart
26. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Multithreading
Firewall types
Risk Analysis
Cyphertext only
27. Once authenticated - the level of access you have to a system
Authorization
Fences
Hot Site
Worm
28. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Passive attacks
Multiprocessing
Trade Secret
Masquerade
29. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Dumpster diving
CORBA
Security kernel
UUEncode
30. Good for distance - longer than 100M
Security through obscurity
Expert System
Decentralized
Coax
31. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Technical - Administrative - Physical
Toneloc
Echelon
Checksum
32. Access control method for database based on the content of the database to provide granular access
IAB
Raid 0 - 1 - 3 - 5
CGI (The Common Gateway Interface)
Content dependant
33. Repeats the signal. It amplifies the signal before sending it on.
Debug
DMZ
Repeaters
Multipartite
34. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Cryptanalysis
Security Perimeter
Acceptable use
Fire extinguisher
35. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Authorization
Common criteria
Authorization creep
MitM
36. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
OEP
Bugtraq
Symmetric
DAD
37. A network entity that provides a single entrance / exit point to the Internet.
Coax
Code of ethics
Bastion hosts
Illegal/Unethical
38. The intercepting of conversations by unintended recipients
Back door/ trap door/maintenance hook
Risk Acceptance
Eavesdropping
DAD
39. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Accountability
Digital certificates
Privacy Act of 1974
Enticement
40. A mechanism by which connections to TCP services on a system are allowed or disallowed
TCP Wrappers
SQL (Structured Query Language)
Kerberos
Data remanence
41. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
CHAP
Hash
TCP Wrappers
Clipping levels
42. The practice of obtaining confidential information by manipulation of legitimate users.
Social engineering
Finger printing
CCTV
TCB
43. Someone who hacks
Hacker
Hoax
CCTV
Brewer-Nash model
44. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Aggregation
Fraud
Senior Management
Format 7 times
45. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Schema
/etc/passwd
SESAME
Audit Trail
46. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Custodian
Acceptable use
Well-known ports
Joke
47. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Eavesdropping
Mandatory vacation
Motion detector
Software development lifecycle
48. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Normalization
CGI (The Common Gateway Interface)
Hearsay Evidence
Private Addressing
49. Disclosure - Alteration - Destruction. These things break the CIA triad
Risk Transferring
DAD
WTLS (Wireless Transport Layer Security)
MitM
50. The output of a hash function is a digest.
Sabotage
Acceptable use
TCP Wrappers
Digest
