SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Authorization creep
Hardware
TCB
Risk Management
2. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Key Escrow
Copyright
CHAP
Tort
3. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
IAB
Quantitative
Risk Analysis
Expert systems
4. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
TCP Wrappers
Two-Factor Authentication
Active attacks
Data remanence
5. Emanations from one wire coupling with another wire
Crosstalk
Privacy Act of 1974
Passive attacks
Dogs
6. Must be in place for you to use a biometric system
Rijndael
Patriot Act
Certification
Biometric profile
7. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
Caesar Cipher
Multiprocessing
WTLS (Wireless Transport Layer Security)
Diffie-Hellman
8. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Hackers
Virtual machine
PKI
UUEncode
9. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Worm
Hackers
ActiveX Object Linking and Embedding
CCTV
10. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Spoofing
IRC
ROT-13
Masquerade
11. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Well-known ports
Caesar Cipher
Toneloc
DHCP
12. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Worm
Promiscuous mode
SESAME
Hot Site
13. When two or more processes are linked and execute multiple programs simultaneously
Multiprocessing
Acceptable use
Java
Data Mart
14. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Risk Acceptance
Security Awareness Training
Key Escrow
Authorization creep
15. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Privacy Act of 1974
Covert channels
Format 7 times
ActiveX Object Linking and Embedding
16. In the broadest sense - a fraud is a deception made for personal gain
TEMPEST
FAR/FRR/CER
Compiler
Fraud
17. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Teardrop
SLE (Single Loss Expectancy or Exposure)
Covert channels
Cyphertext only
18. Assuming someone's session who is unaware of what you are doing
Separation of duties
Session Hijacking
Granularity
ARO (Annualized Rate of Occurrence)
19. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
TCSEC
Hash
Tokens
Open network
20. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Teardrop
Smurf
TEMPEST
Dumpster diving
21. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
ROT-13
EF (Exposure Factor)
Two-Factor Authentication
Motion detector
22. Ethernet - Cat5 - Twisted to allow for longer runs.
Twisted pair
Encryption
Polymorphic
COOP
23. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Attenuation
Privacy Act of 1974
Dictionary Attack
Guards
24. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Logic bomb
Echelon
Software librarian
Tokens
25. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Risk Management
Granularity
Replay
Clipper Chip
26. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Clipping levels
Phreaker
Software development lifecycle
Classes of IP networks
27. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Cryptanalysis
Risk Mitigation
TCP Wrappers
Symmetric
28. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Java
OSI Model
Promiscuous mode
Keystroke logging
29. Network device that operates at layer 1. Concentrator.
Phreaker
Quantitative
Hubs
Spoofing
30. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
COOP
Risk Mitigation
Risk Analysis
CD-Rom
31. Network devices that operate at layer 3. This device separates broadcast domains.
Routers
PAP (Password Authentication Protocol)
Cold Site
Debug
32. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Macro
OSI Model
Hearsay Evidence
Asymmetric
33. Encompasses Risk Analysis and Risk Mitigation
Hackers
Risk Management
Biometrics
Non-repudiation
34. Continuation of Operations Plan
Security Awareness Training
Dictionary Attack
COOP
Custodian
35. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Patent
Throughput of a Biometric System
Software
Raid 0 - 1 - 3 - 5
36. This is an open international standard for applications that use wireless communications.
BIOS
Smurf
Substitution
WAP (Wireless Application Protocol)
37. Signal degradation as it moves farther from its source
Macro
Attenuation
Routers
Change management
38. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
VPN (Virtual Private Network)
Entrapment
Scanning
Exit interview
39. Transferring your risk to someone else - typically an insurance company
Telnet
Toneloc
Software librarian
Risk Transferring
40. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Compiler
Clipper Chip
Warm Site
Substitution
41. Chief Information Officer
Call tree
Patriot Act
Bugtraq
CIO
42. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
ALE (Annualized Loss Expectancy)
Brewer-Nash model
Rijndael
Authorization creep
43. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Logic bomb
/etc/passwd
Spoofing
Incentive programs
44. In a separation of duties model - this is where code is checked in and out
TCSEC
Software librarian
Security through obscurity
Digital certificates
45. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
CORBA
TCB
Digital certificates
TCSEC
46. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Senior Management
Encryption
Common criteria
Hoax
47. Accepting all packets
Reciprocal agreement
Patriot Act
Promiscuous mode
Technical - Administrative - Physical
48. Repeats the signal. It amplifies the signal before sending it on.
SSH
CIA
Decentralized
Repeaters
49. Enticing people to hit your honeypot to see how they try to access your system.
Enticement
FAR/FRR/CER
Patriot Act
Scanning
50. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Technical - Administrative - Physical
Fiber optic
DAD
Two-Factor Authentication
