SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Entails planning and system actions to ensure that a project is following good quality management practices
Biometrics
Quality Assurance
Multiprocessing
Scanning
2. The user
Technical - Administrative - Physical
User
Switches / Bridges
Back door/ trap door/maintenance hook
3. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
War dialing
PAP (Password Authentication Protocol)
Risk Mitigation
Owner
4. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Fences
Bugtraq
Separation of duties
TEMPEST
5. Dynamic Host Configuration Protocol.
SESAME
Script kiddies
NAT
DHCP
6. A RFC standard. A mechanism for performing commands on a remote system
Telnet
Salami Slicing
Decentralized
OSI Model
7. Also known as a tunnel)
VPN (Virtual Private Network)
Halon
Tort
SSL/TLS
8. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Clipper Chip
Spoofing
Non-repudiation
Username/password
9. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Encryption
PKI
Replay
ARP (Address Resolution Protocol)
10. Data storage formats and equipment that allow the stored data to be accessed in any order
CIO
Carnivore
Centralized
RAM (Random-access memory)
11. Occupant Emergency Plan - Employees are the most important!
RADIUS (Remote authentication dial-in user service)
Hot Site
PKI
OEP
12. Chief Executive Officer
CEO
Smurf
Finger printing
Base-64
13. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Data remanence
Reciprocal agreement
Software librarian
Noise & perturbation
14. The practice of obtaining confidential information by manipulation of legitimate users.
Two-Factor Authentication
Social engineering
SSH
Digital signing
15. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Encryption
Embezzlement
Acceptable use
Common criteria
16. A mechanism by which connections to TCP services on a system are allowed or disallowed
Birthday attack
Buffer overflow
TEMPEST
TCP Wrappers
17. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Keystroke logging
Worm
Birthday attack
SSO (Single sign-on)
18. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
PAP (Password Authentication Protocol)
Trade Secret
EF (Exposure Factor)
Eavesdropping
19. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Cyphertext only
Kerberos
Base-64
Enticement
20. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Cryptanalysis
Decentralized
Granularity
DMZ
21. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Carnivore
Copyright
PAP (Password Authentication Protocol)
Software
22. Making individuals accountable for their actions on a system typically through the use of auditing
Digest
Routers
Replay
Accountability
23. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Security Perimeter
Fraggle
CIA
Honey pot
24. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
TCB
Format 7 times
Service packs
Birthday attack
25. A network that uses proprietary protocols
Closed network
Qualitative
Non-repudiation
Job rotation
26. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Entrapment
Fiber optic
/etc/passwd
Call tree
27. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
DHCP
Change management
Security kernel
Cold Site
28. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
CIO
Echelon
Halon
SLE (Single Loss Expectancy or Exposure)
29. The person that controls access to the data
Accreditation
Private Addressing
Custodian
Compiler
30. White hat l0pht
Asymmetric
Bugtraq
Checksum
SYN Flood
31. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Quality Assurance
CIRT
Tokens
War driving
32. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Bugtraq
Embezzlement
Java
Malware
33. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Expert System
Separation of duties
Polymorphism
TEMPEST
34. A network entity that provides a single entrance / exit point to the Internet.
Bastion hosts
Promiscuous mode
Digital signing
WAP (Wireless Application Protocol)
35. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Hackers
Acceptable use
AES (Advanced Encryption Standard)
Risk Management
36. A system designed to stop piggybacking.
Patriot Act
DHCP
Cold Site
Man trap
37. Encompasses Risk Analysis and Risk Mitigation
Normalization
Risk Management
Macro
CCTV
38. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Crosstalk
Closed network
Echelon
Due Diligence
39. Animals with teeth. Not as discriminate as guards
Man trap
Trade Secret
Dogs
SSH
40. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Out of band
Tokens
Diffie-Hellman
Non-repudiation
41. In a separation of duties model - this is where code is checked in and out
Expert systems
Software librarian
Callback Security/Call Forwarding
Trade Secret
42. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
TCSEC
Honey pot
SSL/TLS
OSI Model
43. Network device that operates at layer 1. Concentrator.
SESAME
ROM (Read-only memory)
Hubs
ARO (Annualized Rate of Occurrence)
44. When security is managed at many different points in an organization
Toneloc
Decentralized
Schema
Normalization
45. The art of breaking code. Testing the strength of an algorithm.
Fraud
Java
Cryptanalysis
Patent
46. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
ARO (Annualized Rate of Occurrence)
Patriot Act
Multiprocessing
Entrapment
47. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Termination procedures
Digital signing
TACACS (Terminal access controller access control system)
Rijndael
48. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Kerberos
Carnivore
Brewer-Nash model
TCB
49. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Teardrop
OSI Model
Hardware
Clipping levels
50. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Worm
Firmware
Format 7 times
Exit interview
