SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Chief Information Officer
CIO
Macro
Packet Sniffing
Risk Transferring
2. Signal degradation as it moves farther from its source
Degausser
DCOM
Attenuation
War driving
3. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Privacy Act of 1974
Wiretapping
Virtual Memory/Pagefile.sys
Digital certificates
4. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
DHCP
MitM
Mandatory vacation
Eavesdropping
5. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Termination procedures
IRC
Software development lifecycle
Well-known ports
6. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Separation of duties
Custodian
Hoax
Back door/ trap door/maintenance hook
7. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Encryption
Copyright
COM
ActiveX Object Linking and Embedding
8. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
OSI Model
SSL/TLS
Authentication
Hash
9. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Packet Sniffing
Risk Acceptance
Motion detector
Aggregation
10. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Substitution
l0pht
Worm
Private Addressing
11. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Patent
Transposition
AES (Advanced Encryption Standard)
Attenuation
12. The ability to have more than one thread associated with a process
Entrapment
Security Awareness Training
Multithreading
Switches / Bridges
13. Transferring your risk to someone else - typically an insurance company
Non-repudiation
Privacy Act of 1974
Risk Transferring
Active attacks
14. Using ICMP to diagram a network
Hot Site
Boot-sector Virus
Probing
Identification
15. Network Address Translation
Social engineering
PKI
NAT
Accountability
16. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Cyphertext only
Raid 0 - 1 - 3 - 5
War dialing
Virtual Memory/Pagefile.sys
17. Animals with teeth. Not as discriminate as guards
Common criteria
Dogs
ALE (Annualized Loss Expectancy)
DDOS
18. Accepting all packets
Content dependant
Attenuation
Promiscuous mode
Multitasking
19. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Cryptanalysis
Callback Security/Call Forwarding
BIA
Service packs
20. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Normalization
BIA
Trojan horses
Centralized
21. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Encryption
Nonce
Acceptable use
Script
22. In a separation of duties model - this is where code is checked in and out
CIO
Software librarian
Diffie-Hellman
Authorization creep
23. Emanations from one wire coupling with another wire
Worm
l0pht
Fire extinguisher
Crosstalk
24. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Quality Assurance
Username/password
Debug
Authorization
25. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Tokens
Hackers
Toneloc
Symmetric
26. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
RADIUS (Remote authentication dial-in user service)
Encryption
Twisted pair
Common criteria
27. Once authenticated - the level of access you have to a system
Aggregation
Authorization
Caesar Cipher
Risk Transferring
28. Must be in place for you to use a biometric system
Teardrop
Biometric profile
Covert channels
RAM (Random-access memory)
29. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Security Awareness Training
BIA
MOM
Job rotation
30. To not be legal (as far as law is concerned) or ethical
Illegal/Unethical
Base-64
Eavesdropping
Skipjack
31. Disclosure - Alteration - Destruction. These things break the CIA triad
DAD
Object Oriented Programming
BIOS
Scanning
32. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Degausser
Private Addressing
ALE (Annualized Loss Expectancy)
TCP Wrappers
33. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Two-Factor Authentication
SSH
Reciprocal agreement
Open network
34. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
Motion detector
Two-Factor Authentication
Hearsay Evidence
35. Basic Input/Output System
Hubs
Hearsay Evidence
BIOS
Brute force
36. A technique to eliminate data redundancy.
Session Hijacking
SYN Flood
ROM (Read-only memory)
Normalization
37. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
User
CRC (Cyclic Redundancy Check)
COOP
Symmetric
38. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Multitasking
Security kernel
DAD
Eavesdropping
39. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Granularity
WAP (Wireless Application Protocol)
RADIUS (Remote authentication dial-in user service)
Kerberos
40. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Skipjack
Risk Analysis
ALE (Annualized Loss Expectancy)
Security kernel
41. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Honey pot
DCOM
MitM
Well-known ports
42. The person that determines the permissions to files. The data owner.
Hardware
Normalization
Owner
Joke
43. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
WTLS (Wireless Transport Layer Security)
Virtual machine
RAM (Random-access memory)
Active attacks
44. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Service packs
Audit Trail
Routers
Probing
45. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Cyphertext only
Data remanence
Block cipher
Well-known ports
46. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Certification
Rijndael
Hardware
Non-repudiation
47. Data storage formats and equipment that allow the stored data to be accessed in any order
SSL/TLS
RAM (Random-access memory)
Sniffing
TCSEC
48. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Diffie-Hellman
Polymorphism
Noise & perturbation
Motion detector
49. A war dialing utility
Toneloc
CRC (Cyclic Redundancy Check)
Software development lifecycle
Virtual machine
50. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
Privacy Act of 1974
Certification
Active attacks