SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Honey pot
Well-known ports
CORBA
Clipping levels
2. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Clipper Chip
SYN Flood
Fences
CIA
3. A war dialing utility
Software librarian
Packet Sniffing
Toneloc
FAR/FRR/CER
4. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Job rotation
Vulnerability analysis tools
Brute force
NAT
5. The real cost of acquiring/maintaining/developing a system
Asset Value
l0pht
Twisted pair
SLE (Single Loss Expectancy or Exposure)
6. Chief Information Officer
Script
Inference
Finger printing
CIO
7. Reasonable doubt
Fraud
Accreditation
Burden of Proof
Virtual Memory/Pagefile.sys
8. Method of authenticating to a system. Something that you supply and something you know.
Username/password
Format 7 times
Diffie-Hellman
Change management
9. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Attenuation
Trademark
Base-64
Compiler
10. CISSPs subscribe to a code of ethics for building up the security profession
Code of ethics
RAM (Random-access memory)
Hearsay Evidence
Toneloc
11. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Hot Site
Authorization creep
Salami Slicing
Penetration testing
12. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
VLANs
Owner
Brewer-Nash model
Expert systems
13. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
COOP
Incentive programs
TCSEC
Motion detector
14. Using ICMP to diagram a network
Probing
ARO (Annualized Rate of Occurrence)
TCB
DAD
15. Data storage formats and equipment that allow the stored data to be accessed in any order
Senior Management
Fraud
RAM (Random-access memory)
CIO
16. White hat l0pht
Bugtraq
Bastion hosts
Coax
Closed network
17. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
ISDN (Integrated Services Digital Network)
Debug
Aggregation
Open network
18. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Hearsay Evidence
Social engineering
DDOS
Encryption
19. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Private Addressing
Multipartite
Certification
Accreditation
20. The art of breaking code. Testing the strength of an algorithm.
Schema
BIOS
Cryptanalysis
Change management
21. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
IRC
OEP
Substitution
ROM (Read-only memory)
22. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
FAR/FRR/CER
Multipartite
Sniffing
Rijndael
23. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Embezzlement
Firewall types
Kerberos
Base-64
24. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Malware
Service packs
Logic bomb
Classes of IP networks
25. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Data remanence
Honey pot
AES (Advanced Encryption Standard)
Object Oriented Programming
26. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Masquerade
Risk Mitigation
ActiveX Object Linking and Embedding
DNS cache poisoning
27. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Format 7 times
AES (Advanced Encryption Standard)
Tort
Tailgating / Piggybacking
28. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Digest
Hacker
Code of ethics
Trap Door
29. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
Open network
Format 7 times
VLANs
Tailgating / Piggybacking
30. Continuation of Operations Plan
COOP
Substitution
TCP Wrappers
Probing
31. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Cyphertext only
Inference
Hoax
User
32. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Out of band
Risk Transferring
Qualitative
Security Perimeter
33. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
ActiveX Object Linking and Embedding
Polymorphic
Authentication
Social engineering
34. When two or more processes are linked and execute multiple programs simultaneously
Multiprocessing
Phreaker
Stream cipher
Crosstalk
35. Common Object Request Broker Architecture.
CORBA
Switches / Bridges
CIA
Artificial Neural Networks (ANN)
36. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Detective - Preventive - Corrective
Teardrop
Illegal/Unethical
Due Care
37. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
l0pht
Risk Analysis
Fraggle
ARO (Annualized Rate of Occurrence)
38. A network that uses proprietary protocols
Closed network
Brute force
Cold Site
Noise & perturbation
39. Random Number Base
Switches / Bridges
Polymorphism
Nonce
Code of ethics
40. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
MitM
Rolling hot sites
Patriot Act
Finger printing
41. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Patent
DNS cache poisoning
Quality Assurance
User
42. An instance of a scripting language
Code of ethics
CEO
BIOS
Script
43. These can be used to verify that public keys belong to certain individuals.
Clipper Chip
Digital certificates
Asset Value
Back door/ trap door/maintenance hook
44. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Incentive programs
Probing
TACACS (Terminal access controller access control system)
Bastion hosts
45. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Telnet
DNS cache poisoning
CIRT
Detective - Preventive - Corrective
46. To not be legal (as far as law is concerned) or ethical
Honey pot
Illegal/Unethical
Passive attacks
Fire extinguisher
47. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
War dialing
Schema
ROT-13
CIRT
48. Assuming someone's session who is unaware of what you are doing
Session Hijacking
Diffie-Hellman
PAP (Password Authentication Protocol)
SSL/TLS
49. Component Object Model.
COM
Separation of duties
CIO
BIA
50. The output of a hash function is a digest.
War driving
ROT-13
Digest
Asset Value
