SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Distributed Component Object Model. Microsoft's implementation of CORBA.
DCOM
Separation of duties
Reciprocal agreement
CIA
2. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Data remanence
Clipping levels
Hackers
Symmetric
3. Assuming someone's session who is unaware of what you are doing
Session Hijacking
Certification
User
SLE (Single Loss Expectancy or Exposure)
4. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
CCTV
Wiretapping
ROT-13
Enticement
5. Jumping into dumpsters to retrieve information about someone/something/a company
ARP (Address Resolution Protocol)
Fire extinguisher
Dumpster diving
Fraggle
6. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
SLE (Single Loss Expectancy or Exposure)
Call tree
CD-Rom
Job rotation
7. An attempt to trick the system into believing that something false is real
Enticement
Open network
Transposition
Hoax
8. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Centralized
Active attacks
SSO (Single sign-on)
Symmetric
9. A sandbox. Emulates an operating environment.
Virtual machine
Bugtraq
Custodian
War dialing
10. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Honey pot
Vulnerability analysis tools
Accreditation
Asymmetric
11. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Smurf
TEMPEST
Motion detector
NAT
12. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Promiscuous mode
Closed network
Back door/ trap door/maintenance hook
Sabotage
13. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
EF (Exposure Factor)
Well-known ports
Polymorphic
DAD
14. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
PAP (Password Authentication Protocol)
Authorization creep
Vulnerability analysis tools
Accountability
15. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Privacy Act of 1974
Authentication
Birthday attack
Key Escrow
16. Threat to physical security.
Accountability
Cold Site
Sabotage
Hearsay Evidence
17. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Spoofing
ROM (Read-only memory)
Tort
Illegal/Unethical
18. Component Object Model.
Incentive programs
CORBA
COM
Encryption
19. More discriminate than dogs
Trojan horses
DNS cache poisoning
Guards
Technical - Administrative - Physical
20. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
Burden of Proof
Due Care
Multiprocessing
21. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Trade Secret
ActiveX Object Linking and Embedding
ARO (Annualized Rate of Occurrence)
Security through obscurity
22. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Privacy Act of 1974
PAP (Password Authentication Protocol)
Script kiddies
Kerberos
23. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Encryption
Motion detector
Separation of duties
Biometric profile
24. Network device that operates at layer 1. Concentrator.
Hubs
Expert System
Quantitative
CHAP
25. A network that uses standard protocols (TCP/IP)
Brewer-Nash model
Quantitative
Open network
Due Diligence
26. When one key of a two-key pair has more encryption pattern than the other
Asymmetric
ARO (Annualized Rate of Occurrence)
Artificial Neural Networks (ANN)
CEO
27. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Biometrics
Echelon
Patriot Act
Firewall types
28. A RFC standard. A mechanism for performing commands on a remote system
Authorization creep
Birthday attack
Telnet
Security Awareness Training
29. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Active attacks
Authorization
ALE (Annualized Loss Expectancy)
Fiber optic
30. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Classes of IP networks
IRC
Firewall types
Trademark
31. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
VLANs
Sabotage
Content dependant
Teardrop
32. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Nonce
Coax
Cookies
Crosstalk
33. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Brewer-Nash model
Hot Site
Certification
Sabotage
34. A site that has some equipment in place - and can be up within days
Warm Site
Classes of IP networks
Bastion hosts
Risk Management
35. A war dialing utility
Asymmetric
Warm Site
Toneloc
Embezzlement
36. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Phreaker
SQL (Structured Query Language)
Tokens
Two-Factor Authentication
37. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Hubs
Hardware
RADIUS (Remote authentication dial-in user service)
Twisted pair
38. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Senior Management
Dogs
RADIUS (Remote authentication dial-in user service)
Exit interview
39. The art of breaking code. Testing the strength of an algorithm.
Biometrics
Trap Door
Illegal/Unethical
Cryptanalysis
40. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
MOM
Multipartite
Digital certificates
Compiler
41. Accepting all packets
Buffer overflow
l0pht
Brute force
Promiscuous mode
42. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Warm Site
SQL (Structured Query Language)
Coax
Throughput of a Biometric System
43. Once authenticated - the level of access you have to a system
Hackers
Telnet
Authorization
COM
44. The intercepting of conversations by unintended recipients
SSL/TLS
Routers
Eavesdropping
TCP Wrappers
45. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
ROM (Read-only memory)
Data remanence
Job rotation
Packet Sniffing
46. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Centralized
Two-Factor Authentication
Due Diligence
Clipper Chip
47. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Degausser
Active attacks
Substitution
Phreaker
48. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Callback Security/Call Forwarding
Checksum
Dumpster diving
DCOM
49. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Aggregation
Replay
CIO
WAP (Wireless Application Protocol)
50. Same as a block cipher except that it is applied to a data stream one bit at a time
MOM
Debug
Firmware
Stream cipher
