SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Privacy Act of 1974
SSL/TLS
SESAME
Polymorphism
2. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Risk Analysis
Security through obscurity
Symmetric
WAP (Wireless Application Protocol)
3. The real cost of acquiring/maintaining/developing a system
Telnet
Virtual machine
Hearsay Evidence
Asset Value
4. Personal - Network - and Application
Firewall types
OSI Model
Keystroke logging
Throughput of a Biometric System
5. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
COM
Fraggle
DDOS
Fire extinguisher
6. Motivational tools for employee awareness to get them to report security flaws in an organization
SSO (Single sign-on)
Code of ethics
Incentive programs
ARO (Annualized Rate of Occurrence)
7. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Salami Slicing
CD-Rom
ALE (Annualized Loss Expectancy)
Guards
8. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Embezzlement
Tort
Multitasking
Noise & perturbation
9. Component Object Model.
Worm
Virtual machine
Block cipher
COM
10. Using ICMP to diagram a network
Probing
Crosstalk
Data Mart
War dialing
11. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Echelon
WAP (Wireless Application Protocol)
Two-Factor Authentication
Penetration testing
12. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Decentralized
Data remanence
Hearsay Evidence
Clipping levels
13. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Fraggle
Replay
Back door/ trap door/maintenance hook
SQL (Structured Query Language)
14. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Multitasking
Well-known ports
Symmetric
Data Mart
15. Network device that operates at layer 1. Concentrator.
Hubs
Centralized
CIRT
Teardrop
16. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
Virtual Memory/Pagefile.sys
Illegal/Unethical
Key Escrow
17. Access control method for database based on the content of the database to provide granular access
Risk Acceptance
Probing
Clipping levels
Content dependant
18. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Session Hijacking
Exit interview
Brute force
Embezzlement
19. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Man trap
Caesar Cipher
Security Perimeter
Hearsay Evidence
20. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Warm Site
Block cipher
TCB
Toneloc
21. In a separation of duties model - this is where code is checked in and out
COOP
Software librarian
AES (Advanced Encryption Standard)
Asset Value
22. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
OEP
Classes of IP networks
Sniffing
23. Encompasses Risk Analysis and Risk Mitigation
Risk Management
Software
ALE (Annualized Loss Expectancy)
Service packs
24. Computer Incident Response Team
WTLS (Wireless Transport Layer Security)
CIRT
Hardware
Throughput of a Biometric System
25. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Fences
AES (Advanced Encryption Standard)
TCSEC
War driving
26. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Worm
Artificial Neural Networks (ANN)
Due Care
Masquerade
27. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
ARP (Address Resolution Protocol)
Joke
Keystroke logging
SSL/TLS
28. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Hot Site
Active attacks
Noise & perturbation
Symmetric
29. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Smart cards
NAT
Private Addressing
SSH
30. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Data remanence
WAP (Wireless Application Protocol)
Boot-sector Virus
31. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Security Perimeter
Hackers
IAB
Out of band
32. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Multitasking
Change management
Teardrop
PAP (Password Authentication Protocol)
33. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Hash
Content dependant
Twisted pair
Senior Management
34. In the broadest sense - a fraud is a deception made for personal gain
Probing
ARO (Annualized Rate of Occurrence)
Fraud
Cold Site
35. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Debug
IAB
Tort
Fiber optic
36. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Sniffing
Replay
CIRT
PAP (Password Authentication Protocol)
37. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Script kiddies
Security kernel
Sniffing
Symmetric
38. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Enticement
Finger scanning
Throughput of a Biometric System
War driving
39. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Data remanence
UUEncode
Skipjack
Authorization creep
40. More discriminate than dogs
Multipartite
Repeaters
Guards
TCSEC
41. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
Guards
Polymorphic
Multitasking
42. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
ARP (Address Resolution Protocol)
Hot Site
Routers
ActiveX Object Linking and Embedding
43. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Worm
Mandatory vacation
Fire extinguisher
Inference
44. A technique to eliminate data redundancy.
ISDN (Integrated Services Digital Network)
Normalization
Firewall types
DNS cache poisoning
45. Someone who hacks
SSL/TLS
Hacker
Smurf
Artificial Neural Networks (ANN)
46. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
DMZ
Mandatory vacation
IRC
Cryptanalysis
47. A RFC standard. A mechanism for performing commands on a remote system
Normalization
VLANs
DNS cache poisoning
Telnet
48. Public Key Infrastructure
PKI
Biometrics
Warm Site
Eavesdropping
49. Network devices that operate at layer 3. This device separates broadcast domains.
Routers
Masquerade
PAP (Password Authentication Protocol)
Service packs
50. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
DDOS
Identification
CCTV
Active attacks
