SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Teardrop
DHCP
Motion detector
Finger printing
2. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
CGI (The Common Gateway Interface)
Dumpster diving
Classes of IP networks
Fraud
3. In cryptography - it is a block cipher
ALE (Annualized Loss Expectancy)
Transposition
Private Addressing
Skipjack
4. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
SESAME
Fraggle
SYN Flood
SSO (Single sign-on)
5. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Virtual Memory/Pagefile.sys
Sniffing
Schema
SSO (Single sign-on)
6. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Object Oriented Programming
Session Hijacking
Risk Analysis
Quantitative
7. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
RAM (Random-access memory)
Embezzlement
Logic bomb
DCOM
8. Entails planning and system actions to ensure that a project is following good quality management practices
Digital signing
Substitution
Quality Assurance
Hackers
9. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Trademark
Common criteria
Finger printing
Biometric profile
10. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Privacy Act of 1974
TACACS (Terminal access controller access control system)
Rijndael
Incentive programs
11. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Virtual Memory/Pagefile.sys
AES (Advanced Encryption Standard)
OLE
Scanning
12. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Owner
Call tree
Debug
Technical - Administrative - Physical
13. Common Object Request Broker Architecture.
CORBA
Phreaker
Aggregation
Identification
14. A military standard defining controls for emanation protection
BIOS
TEMPEST
Two-Factor Authentication
Owner
15. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Acceptable use
Certification
Schema
ActiveX Object Linking and Embedding
16. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Quality Assurance
AES (Advanced Encryption Standard)
Degausser
Incentive programs
17. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Diffie-Hellman
Guards
Tokens
Format 7 times
18. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Risk Mitigation
Change management
MitM
Brute Force
19. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Throughput of a Biometric System
Replay
Substitution
Penetration testing
20. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Telnet
Change management
Software
Biometrics
21. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Dictionary Attack
TACACS (Terminal access controller access control system)
Trademark
Back door/ trap door/maintenance hook
22. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
DNS cache poisoning
Clipper Chip
Reciprocal agreement
SESAME
23. The ability to have more than one thread associated with a process
Authorization creep
Hearsay Evidence
Multithreading
DMZ
24. Dynamic Host Configuration Protocol.
Tort
Key Escrow
DHCP
Tailgating / Piggybacking
25. The intercepting of conversations by unintended recipients
Eavesdropping
Patent
Kerberos
Rijndael
26. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Routers
Hubs
OSI Model
Switches / Bridges
27. A site that has some equipment in place - and can be up within days
Warm Site
ARP (Address Resolution Protocol)
Worm
Twisted pair
28. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Detective - Preventive - Corrective
Risk Transferring
DMZ
Eavesdropping
29. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
BIOS
Session Hijacking
Penetration testing
Passive attacks
30. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Dogs
Bastion hosts
TCP Wrappers
Java
31. Confidentiality - Integrity - and Availability
CIA
Finger printing
Digital signing
ROM (Read-only memory)
32. A network that uses proprietary protocols
TCP Wrappers
Closed network
Open network
Transposition
33. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Penetration testing
OSI Model
Rijndael
Trademark
34. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Normalization
Carnivore
Digest
Separation of duties
35. Internet Architecture Board. This board is responsible for protecting the Internet.
COOP
IAB
RAM (Random-access memory)
Nonce
36. In the broadest sense - a fraud is a deception made for personal gain
Fraud
Data remanence
Encryption
Acceptable use
37. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Separation of duties
Virtual Memory/Pagefile.sys
CHAP
Eavesdropping
38. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Authorization
Well-known ports
Call tree
OSI Model
39. Basic Input/Output System
Covert channels
Diffie-Hellman
Man trap
BIOS
40. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
EF (Exposure Factor)
Multitasking
Wiretapping
Worm
41. A hidden communications channel on a system that allows for the bypassing of the system security policy
Hackers
Risk Transferring
Covert channels
Well-known ports
42. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
SSL/TLS
Multipartite
Mandatory vacation
Closed network
43. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Debug
Privacy Act of 1974
Skipjack
Transposition
44. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Accreditation
Multitasking
Hearsay Evidence
Echelon
45. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Polymorphic
Teardrop
Clipper Chip
Twisted pair
46. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Birthday attack
Private Addressing
SSO (Single sign-on)
Clipper Chip
47. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
ISDN (Integrated Services Digital Network)
Multitasking
Teardrop
Due Care
48. Ethernet - Cat5 - Twisted to allow for longer runs.
Virtual Memory/Pagefile.sys
Logic bomb
Burden of Proof
Twisted pair
49. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
War driving
Script
Risk Acceptance
Packet Sniffing
50. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
ARO (Annualized Rate of Occurrence)
Polymorphism
Artificial Neural Networks (ANN)
Wiretapping