SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Format 7 times
Buffer overflow
Key Escrow
Hacker
2. Reasonable doubt
Phreaker
Risk Mitigation
Burden of Proof
Aggregation
3. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Illegal/Unethical
Acceptable use
Inference
Rolling hot sites
4. Motive - Opportunity - and Means. These deal with crime.
Scanning
Multiprocessing
Throughput of a Biometric System
MOM
5. Internet Relay Chat.
IRC
Degausser
Well-known ports
MOM
6. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
EF (Exposure Factor)
SSO (Single sign-on)
DAD
Polymorphism
7. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Kerberos
War driving
Entrapment
Birthday attack
8. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
Dictionary Attack
ROM (Read-only memory)
CCTV
Clipping levels
9. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Tailgating / Piggybacking
CGI (The Common Gateway Interface)
TCP Wrappers
Spoofing
10. These can be used to verify that public keys belong to certain individuals.
Dumpster diving
Digital certificates
Classes of IP networks
Base-64
11. The ability to have more than one thread associated with a process
Multithreading
Enticement
User
ARO (Annualized Rate of Occurrence)
12. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
SESAME
Asset Value
Bugtraq
Throughput of a Biometric System
13. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Detective - Preventive - Corrective
Bastion hosts
Wiretapping
Worm
14. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Embezzlement
TCB
Bugtraq
Block cipher
15. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Content dependant
DCOM
OSI Model
Halon
16. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Risk Management
Senior Management
Software
Masquerade
17. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
FAR/FRR/CER
Teardrop
Macro
DOS
18. Disclosure - Alteration - Destruction. These things break the CIA triad
Echelon
DAD
Rolling hot sites
Finger printing
19. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Probing
Clipping levels
Content dependant
Birthday attack
20. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Code of ethics
l0pht
Job rotation
RAM (Random-access memory)
21. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Multiprocessing
Authentication
CRC (Cyclic Redundancy Check)
Embezzlement
22. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Aggregation
Twisted pair
ROT-13
SSL/TLS
23. Assuming someone's session who is unaware of what you are doing
Session Hijacking
Diffie-Hellman
Base-64
/etc/passwd
24. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Expert System
Raid 0 - 1 - 3 - 5
Active attacks
Packet Sniffing
25. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Debug
Certification
Kerberos
Caesar Cipher
26. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Software development lifecycle
OSI Model
Transposition
Logic bomb
27. The practice of obtaining confidential information by manipulation of legitimate users.
Social engineering
Biometric profile
Private Addressing
OEP
28. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Separation of duties
Schema
Brute Force
Dictionary Attack
29. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
Enticement
TCP Wrappers
Skipjack
30. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
Bastion hosts
Due Care
Username/password
31. A network that uses proprietary protocols
Multiprocessing
Masquerade
Closed network
Bastion hosts
32. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Keystroke logging
Macro
Sabotage
ARP (Address Resolution Protocol)
33. Occupant Emergency Plan - Employees are the most important!
Authentication
Identification
IAB
OEP
34. Confidentiality - Integrity - and Availability
CIA
Biometrics
Asymmetric
COM
35. A mechanism by which connections to TCP services on a system are allowed or disallowed
Passive attacks
/etc/passwd
TCP Wrappers
Session Hijacking
36. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Fire extinguisher
TCP Wrappers
Biometric profile
Joke
37. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
SSL/TLS
Non-repudiation
Birthday attack
Hubs
38. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Java
Noise & perturbation
Telnet
Packet Sniffing
39. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Risk Mitigation
Virtual Memory/Pagefile.sys
Granularity
Sniffing
40. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Risk Analysis
Boot-sector Virus
Risk Acceptance
Out of band
41. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
RADIUS (Remote authentication dial-in user service)
DOS
Man trap
Brute force
42. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Worm
Digital signing
Content dependant
Two-Factor Authentication
43. Accepting all packets
Script kiddies
Rolling hot sites
Embezzlement
Promiscuous mode
44. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
Artificial Neural Networks (ANN)
VLANs
Owner
Fire extinguisher
45. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Aggregation
Call tree
Base-64
Routers
46. Must be in place for you to use a biometric system
Classes of IP networks
Biometric profile
SSH
Username/password
47. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Hearsay Evidence
Call tree
Software
Two-Factor Authentication
48. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
WAP (Wireless Application Protocol)
Covert channels
Finger printing
Risk Analysis
49. Defines the objects and their attributes that exist in a database.
Guards
SLE (Single Loss Expectancy or Exposure)
Illegal/Unethical
Schema
50. The art of breaking code. Testing the strength of an algorithm.
Cryptanalysis
CEO
MOM
Classes of IP networks