SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
Asymmetric
Boot-sector Virus
ROM (Read-only memory)
Digest
2. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Certification
ROM (Read-only memory)
NAT
ActiveX Object Linking and Embedding
3. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
BIOS
Technical - Administrative - Physical
DNS cache poisoning
Job rotation
4. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Encryption
Risk Mitigation
Wiretapping
Data remanence
5. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Mandatory vacation
Tokens
Detective - Preventive - Corrective
Carnivore
6. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
Object Oriented Programming
SSH
Logic bomb
7. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Private Addressing
SESAME
Hubs
OLE
8. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Entrapment
DDOS
Authentication
Aggregation
9. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Multithreading
DCOM
Carnivore
Firewall types
10. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Software
SQL (Structured Query Language)
SYN Flood
Salami Slicing
11. Closed Circuit Television
TCP Wrappers
Inference
Passive attacks
CCTV
12. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Polymorphism
Tokens
Embezzlement
Sabotage
13. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
BIA
VLANs
Hoax
Malware
14. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Script
Echelon
EF (Exposure Factor)
Object Oriented Programming
15. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Privacy Act of 1974
Enticement
Base-64
Multitasking
16. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Digital certificates
Base-64
Senior Management
Dogs
17. Someone who hacks
Asset Value
Authorization
Data Mart
Hacker
18. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Multipartite
Firewall types
Biometric profile
Patriot Act
19. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Covert channels
DCOM
Call tree
Asset Value
20. Chief Information Officer
Checksum
CIO
Cryptanalysis
Boot-sector Virus
21. A network that uses standard protocols (TCP/IP)
Object Oriented Programming
Hackers
PAP (Password Authentication Protocol)
Open network
22. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Due Diligence
Trojan horses
SQL (Structured Query Language)
CIRT
23. Repeats the signal. It amplifies the signal before sending it on.
Copyright
Substitution
WAP (Wireless Application Protocol)
Repeaters
24. Dialing fixed sets telephone numbers looking for open modem connections to machines
Penetration testing
War dialing
Telnet
Mandatory vacation
25. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Penetration testing
CHAP
Accountability
Transposition
26. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Entrapment
TACACS (Terminal access controller access control system)
Sniffing
Throughput of a Biometric System
27. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Smart cards
DNS cache poisoning
Clipper Chip
Non-repudiation
28. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Fire extinguisher
Trojan horses
Technical - Administrative - Physical
Skipjack
29. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
OSI Model
Custodian
Trade Secret
Cyphertext only
30. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Service packs
Custodian
Quality Assurance
OSI Model
31. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Audit Trail
Mandatory vacation
ARO (Annualized Rate of Occurrence)
Non-repudiation
32. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
Content dependant
Teardrop
Firewall types
33. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
SSH
EF (Exposure Factor)
Birthday attack
TCP Wrappers
34. In the broadest sense - a fraud is a deception made for personal gain
CIO
Promiscuous mode
Fraud
OLE
35. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Clipper Chip
Risk Analysis
OSI Model
Salami Slicing
36. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
CCTV
Software
Worm
Dogs
37. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Salami Slicing
Software
EF (Exposure Factor)
OSI Model
38. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Accountability
Call tree
Risk Mitigation
ROT-13
39. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Expert System
Hardware
NAT
RADIUS (Remote authentication dial-in user service)
40. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Object Oriented Programming
Hardware
Brewer-Nash model
Cryptanalysis
41. Jumping into dumpsters to retrieve information about someone/something/a company
SLE (Single Loss Expectancy or Exposure)
Format 7 times
DMZ
Dumpster diving
42. Object Linking and Embedding. The ability of an object to be embedded into another object.
RADIUS (Remote authentication dial-in user service)
OLE
Schema
Switches / Bridges
43. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Keystroke logging
DCOM
Risk Analysis
Brewer-Nash model
44. A technique to eliminate data redundancy.
Open network
Switches / Bridges
Normalization
RAM (Random-access memory)
45. Entails planning and system actions to ensure that a project is following good quality management practices
Quality Assurance
Audit Trail
Virtual Memory/Pagefile.sys
Qualitative
46. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
COM
SYN Flood
Telnet
Expert System
47. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Technical - Administrative - Physical
Key Escrow
Multipartite
Termination procedures
48. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Expert systems
Authorization creep
Debug
ROM (Read-only memory)
49. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
Accreditation
Fiber optic
EF (Exposure Factor)
Copyright
50. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Private Addressing
ROT-13
Brute Force
Code of ethics
