SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
MitM
OLE
ALE (Annualized Loss Expectancy)
Code of ethics
2. Random Number Base
Nonce
Sabotage
Virtual machine
Dumpster diving
3. The art of breaking code. Testing the strength of an algorithm.
Incentive programs
IRC
Kerberos
Cryptanalysis
4. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Technical - Administrative - Physical
Boot-sector Virus
BIA
Security Perimeter
5. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Security Perimeter
Passive attacks
Certification
Exit interview
6. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Kerberos
Tailgating / Piggybacking
Java
Attenuation
7. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Username/password
Block cipher
Two-Factor Authentication
Brewer-Nash model
8. Chief Information Officer
DMZ
CIO
Tort
User
9. Providing verification to a system
Authentication
Multithreading
Fraggle
Debug
10. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
DCOM
Throughput of a Biometric System
Authorization creep
Multitasking
11. Access control method for database based on the content of the database to provide granular access
Hackers
Content dependant
EF (Exposure Factor)
Fences
12. Once authenticated - the level of access you have to a system
Authorization
Risk Mitigation
RADIUS (Remote authentication dial-in user service)
Firewall types
13. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Certification
Noise & perturbation
Firmware
Session Hijacking
14. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
/etc/passwd
Probing
TCSEC
DHCP
15. Component Object Model.
COM
Smurf
/etc/passwd
Authorization creep
16. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
OLE
Enticement
BIA
UUEncode
17. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Diffie-Hellman
Symmetric
OEP
Virtual Memory/Pagefile.sys
18. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Authorization creep
l0pht
Asymmetric
Exit interview
19. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Technical - Administrative - Physical
Granularity
Software librarian
Expert System
20. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Motion detector
Software
Change management
DAD
21. Be at least 8 foot tall and have three strands of barbed wire.
DDOS
Security Awareness Training
Checksum
Fences
22. Data storage formats and equipment that allow the stored data to be accessed in any order
Checksum
RAM (Random-access memory)
TCB
Code of ethics
23. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Detective - Preventive - Corrective
Hearsay Evidence
Well-known ports
/etc/passwd
24. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Schema
DCOM
Macro
Masquerade
25. The process of reducing your risks to an acceptable level based on your risk analysis
Acceptable use
Authentication
TCB
Risk Mitigation
26. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Birthday attack
Caesar Cipher
Smurf
Risk Acceptance
27. Signal degradation as it moves farther from its source
Tort
Attenuation
Macro
Embezzlement
28. Personal - Network - and Application
Digest
Firewall types
Risk Management
Spoofing
29. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Hacker
Expert System
ROT-13
Hearsay Evidence
30. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Smurf
Out of band
Object Oriented Programming
Authentication
31. Basic Input/Output System
CEO
DDOS
Accreditation
BIOS
32. Network device that operates at layer 1. Concentrator.
Script
Hubs
Inference
Hoax
33. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Multipartite
Active attacks
Diffie-Hellman
Format 7 times
34. Assuming someone's session who is unaware of what you are doing
Schema
Session Hijacking
Key Escrow
Echelon
35. Making individuals accountable for their actions on a system typically through the use of auditing
Raid 0 - 1 - 3 - 5
Digital signing
Accountability
Burden of Proof
36. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Cyphertext only
NAT
DDOS
Artificial Neural Networks (ANN)
37. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
BIA
Exit interview
Digital certificates
RAM (Random-access memory)
38. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Security Awareness Training
AES (Advanced Encryption Standard)
Multipartite
War dialing
39. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Guards
Polymorphic
Substitution
Session Hijacking
40. 'If you cant see it - its secure'. Bad policy to live by.
Security through obscurity
MitM
OSI Model
Risk Analysis
41. Public Key Infrastructure
PKI
Routers
CORBA
Authorization creep
42. Accepting all packets
SSO (Single sign-on)
Salami Slicing
Promiscuous mode
Switches / Bridges
43. CISSPs subscribe to a code of ethics for building up the security profession
Active attacks
Trap Door
Code of ethics
Guards
44. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Debug
TCB
Security kernel
Dogs
45. Repeats the signal. It amplifies the signal before sending it on.
Repeaters
IAB
Java
Echelon
46. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Security Awareness Training
Embezzlement
Detective - Preventive - Corrective
ROM (Read-only memory)
47. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Job rotation
TCSEC
Rolling hot sites
Guards
48. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
CHAP
DMZ
Fiber optic
BIOS
49. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Clipper Chip
Acceptable use
Crosstalk
Risk Acceptance
50. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Closed network
Finger printing
Vulnerability analysis tools
Switches / Bridges
