SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
RADIUS (Remote authentication dial-in user service)
Toneloc
l0pht
Caesar Cipher
2. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
MOM
Penetration testing
COOP
Decentralized
3. Defines the objects and their attributes that exist in a database.
SSO (Single sign-on)
Schema
Buffer overflow
CRC (Cyclic Redundancy Check)
4. Continuation of Operations Plan
Firewall types
Technical - Administrative - Physical
OLE
COOP
5. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Dictionary Attack
Hash
Cryptanalysis
Dumpster diving
6. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
Raid 0 - 1 - 3 - 5
IRC
Noise & perturbation
VLANs
7. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Hearsay Evidence
Aggregation
Checksum
Change management
8. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
ActiveX Object Linking and Embedding
Trademark
Keystroke logging
Promiscuous mode
9. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Polymorphic
ISDN (Integrated Services Digital Network)
FAR/FRR/CER
Closed network
10. Access control method for database based on the content of the database to provide granular access
Senior Management
Content dependant
Compiler
TACACS (Terminal access controller access control system)
11. 'If you cant see it - its secure'. Bad policy to live by.
Security through obscurity
FAR/FRR/CER
Polymorphism
Checksum
12. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
MOM
Certification
Diffie-Hellman
ALE (Annualized Loss Expectancy)
13. The frequency with which a threat is expected to occur.
Compiler
Noise & perturbation
ARO (Annualized Rate of Occurrence)
ARP (Address Resolution Protocol)
14. An attempt to trick the system into believing that something false is real
Digest
Hoax
Centralized
SSH
15. Basic Input/Output System
MitM
BIOS
Repeaters
Job rotation
16. Software designed to infiltrate or damage a computer system - without the owner's consent.
Private Addressing
Malware
Digest
Call tree
17. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
DHCP
Symmetric
Inference
Masquerade
18. A mechanism by which connections to TCP services on a system are allowed or disallowed
Hackers
Script
TCP Wrappers
OSI Model
19. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Transposition
Symmetric
Replay
Acceptable use
20. In a separation of duties model - this is where code is checked in and out
Honey pot
Software librarian
BIOS
Risk Mitigation
21. Confidentiality - Integrity - and Availability
SESAME
Covert channels
CIA
Normalization
22. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
ARP (Address Resolution Protocol)
VPN (Virtual Private Network)
ISDN (Integrated Services Digital Network)
Polymorphic
23. Someone who hacks
Hacker
Clipper Chip
ARP (Address Resolution Protocol)
ARO (Annualized Rate of Occurrence)
24. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
BIA
Trojan horses
Biometric profile
EF (Exposure Factor)
25. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Keystroke logging
Call tree
Virtual machine
Sabotage
26. Must be in place for you to use a biometric system
Cyphertext only
Biometric profile
/etc/passwd
Tokens
27. Ethernet - Cat5 - Twisted to allow for longer runs.
Open network
Fraud
Sabotage
Twisted pair
28. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Social engineering
FAR/FRR/CER
Multitasking
Polymorphic
29. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
RADIUS (Remote authentication dial-in user service)
Twisted pair
Quantitative
Brute force
30. The practice of obtaining confidential information by manipulation of legitimate users.
Termination procedures
Social engineering
Acceptable use
Software development lifecycle
31. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Degausser
Digest
CHAP
Risk Analysis
32. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Key Escrow
Active attacks
Authentication
Rolling hot sites
33. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Mandatory vacation
WTLS (Wireless Transport Layer Security)
Vulnerability analysis tools
CORBA
34. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
OEP
Raid 0 - 1 - 3 - 5
Active attacks
Authentication
35. Encompasses Risk Analysis and Risk Mitigation
Twisted pair
Senior Management
BIA
Risk Management
36. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
SSL/TLS
Software
CRC (Cyclic Redundancy Check)
Macro
37. Disclosure - Alteration - Destruction. These things break the CIA triad
Common criteria
Active attacks
DAD
Script kiddies
38. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Macro
Cold Site
RADIUS (Remote authentication dial-in user service)
Identification
39. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Technical - Administrative - Physical
TCSEC
Risk Analysis
Callback Security/Call Forwarding
40. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Copyright
Routers
ARP (Address Resolution Protocol)
VPN (Virtual Private Network)
41. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Wiretapping
Honey pot
Throughput of a Biometric System
Accreditation
42. Emanations from one wire coupling with another wire
DAD
COOP
Crosstalk
Debug
43. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Exit interview
Content dependant
Risk Mitigation
RAM (Random-access memory)
44. Enticing people to hit your honeypot to see how they try to access your system.
Skipjack
Trademark
Privacy Act of 1974
Enticement
45. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
CIA
l0pht
Hot Site
46. Also known as a tunnel)
Tokens
Motion detector
Senior Management
VPN (Virtual Private Network)
47. The intercepting of conversations by unintended recipients
Masquerade
TCSEC
Eavesdropping
Spoofing
48. The art of breaking code. Testing the strength of an algorithm.
Risk Acceptance
Fraud
Cryptanalysis
Attenuation
49. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Wiretapping
Substitution
Decentralized
Patriot Act
50. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Session Hijacking
Degausser
Username/password
Diffie-Hellman