SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Detective - Preventive - Corrective
Telnet
Worm
COM
2. Object Linking and Embedding. The ability of an object to be embedded into another object.
ARO (Annualized Rate of Occurrence)
VLANs
Due Care
OLE
3. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Termination procedures
Substitution
Object Oriented Programming
Compiler
4. Must be in place for you to use a biometric system
Rolling hot sites
Trademark
Biometric profile
Common criteria
5. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Rolling hot sites
VPN (Virtual Private Network)
Clipper Chip
Non-repudiation
6. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic bomb
Digest
Brute force
Spoofing
7. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Expert systems
Skipjack
Replay
Degausser
8. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Risk Management
AES (Advanced Encryption Standard)
SSH
Hubs
9. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Hearsay Evidence
Masquerade
Inference
Object Oriented Programming
10. Entails planning and system actions to ensure that a project is following good quality management practices
DAD
Quality Assurance
Tailgating / Piggybacking
/etc/passwd
11. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Switches / Bridges
DMZ
Trojan horses
Crosstalk
12. Also civil law
Closed network
Tort
Custodian
Well-known ports
13. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
PKI
Content dependant
Cold Site
Privacy Act of 1974
14. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Sniffing
Expert systems
Biometrics
ALE (Annualized Loss Expectancy)
15. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Security Perimeter
Toneloc
Encryption
Smurf
16. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Certification
Dictionary Attack
Hubs
Authentication
17. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Content dependant
Birthday attack
Script kiddies
War driving
18. These can be used to verify that public keys belong to certain individuals.
Digital certificates
WTLS (Wireless Transport Layer Security)
Illegal/Unethical
Tort
19. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Multiprocessing
Hackers
Noise & perturbation
Code of ethics
20. A network that uses standard protocols (TCP/IP)
Senior Management
Open network
CIO
Toneloc
21. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Passive attacks
Data Mart
Boot-sector Virus
SSO (Single sign-on)
22. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Call tree
SSH
CGI (The Common Gateway Interface)
TEMPEST
23. Public Key Infrastructure
Authorization
War driving
PKI
Repeaters
24. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Content dependant
Fraggle
Object Oriented Programming
WAP (Wireless Application Protocol)
25. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Debug
Classes of IP networks
Cryptanalysis
Symmetric
26. Jumping into dumpsters to retrieve information about someone/something/a company
Cold Site
Illegal/Unethical
Owner
Dumpster diving
27. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Crosstalk
Technical - Administrative - Physical
Dictionary Attack
DOS
28. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Authorization creep
Hash
Asymmetric
Guards
29. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Dogs
Risk Transferring
COM
Degausser
30. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
MitM
Echelon
Man trap
ARP (Address Resolution Protocol)
31. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Nonce
Classes of IP networks
Fraggle
Finger scanning
32. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
CIRT
Software librarian
Brute force
CHAP
33. Transferring your risk to someone else - typically an insurance company
Degausser
Bastion hosts
DMZ
Risk Transferring
34. The ability to have more than one thread associated with a process
Security Awareness Training
Multithreading
Brute Force
Boot-sector Virus
35. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
CD-Rom
Due Care
User
Embezzlement
36. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Non-repudiation
Fire extinguisher
Diffie-Hellman
Patriot Act
37. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Classes of IP networks
ARP (Address Resolution Protocol)
Security kernel
Sniffing
38. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Twisted pair
Enticement
MitM
DNS cache poisoning
39. Using ICMP to diagram a network
Probing
Clipping levels
Vulnerability analysis tools
Sniffing
40. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Masquerade
Trap Door
Decentralized
Telnet
41. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Polymorphic
Hubs
BIOS
OSI Model
42. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Substitution
Carnivore
Username/password
Smurf
43. Personal - Network - and Application
Buffer overflow
Asset Value
Firewall types
Separation of duties
44. Common Object Request Broker Architecture.
CORBA
Halon
Attenuation
CD-Rom
45. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Phreaker
Non-repudiation
Dumpster diving
FAR/FRR/CER
46. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
Session Hijacking
Hackers
Covert channels
47. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
Checksum
Acceptable use
Rolling hot sites
48. The output of a hash function is a digest.
Clipper Chip
Digest
Change management
Technical - Administrative - Physical
49. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Hearsay Evidence
Smart cards
Brute force
Dogs
50. Dynamic Host Configuration Protocol.
Twisted pair
Copyright
DHCP
Hot Site