SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
CCTV
Tailgating / Piggybacking
Sniffing
Logic bomb
2. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Caesar Cipher
Clipping levels
Probing
Packet Sniffing
3. Defines the objects and their attributes that exist in a database.
Macro
Schema
DAD
Bugtraq
4. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
BIA
ARO (Annualized Rate of Occurrence)
Script kiddies
Joke
5. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Decentralized
Block cipher
MitM
Technical - Administrative - Physical
6. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Covert channels
Common criteria
Teardrop
Session Hijacking
7. Network device that operates at layer 1. Concentrator.
Macro
Repeaters
Multiprocessing
Hubs
8. An instance of a scripting language
Virtual machine
Script
Trap Door
Private Addressing
9. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Dogs
UUEncode
Patriot Act
Twisted pair
10. Disclosure - Alteration - Destruction. These things break the CIA triad
Senior Management
DAD
Fences
FAR/FRR/CER
11. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
BIOS
Exit interview
Finger scanning
Substitution
12. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
OSI Model
Patriot Act
Out of band
Hoax
13. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
OLE
Hardware
ARP (Address Resolution Protocol)
14. A network entity that provides a single entrance / exit point to the Internet.
Risk Acceptance
Routers
Security Awareness Training
Bastion hosts
15. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Boot-sector Virus
Security Perimeter
VPN (Virtual Private Network)
Security kernel
16. Animals with teeth. Not as discriminate as guards
Risk Acceptance
Key Escrow
Sabotage
Dogs
17. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
COM
Patriot Act
Malware
18. The process of reducing your risks to an acceptable level based on your risk analysis
User
Risk Mitigation
Code of ethics
RAM (Random-access memory)
19. An attempt to trick the system into believing that something false is real
Separation of duties
ARP (Address Resolution Protocol)
Hoax
Symmetric
20. A network that uses standard protocols (TCP/IP)
Tort
Open network
Malware
Two-Factor Authentication
21. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Finger printing
Finger scanning
Software
Cryptanalysis
22. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
SSL/TLS
Hash
Rolling hot sites
Smart cards
23. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
CCTV
Passive attacks
Multipartite
Repeaters
24. The practice of obtaining confidential information by manipulation of legitimate users.
Social engineering
Accreditation
EF (Exposure Factor)
Diffie-Hellman
25. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
War dialing
Risk Analysis
EF (Exposure Factor)
Change management
26. Emanations from one wire coupling with another wire
DCOM
Risk Management
ROM (Read-only memory)
Crosstalk
27. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Multipartite
Hot Site
Debug
Risk Acceptance
28. Enticing people to hit your honeypot to see how they try to access your system.
Substitution
Enticement
Two-Factor Authentication
Active attacks
29. Distributed Component Object Model. Microsoft's implementation of CORBA.
Patriot Act
ROT-13
Expert System
DCOM
30. The act of identifying yourself. Providing your identity to a system
Security Awareness Training
SYN Flood
Identification
Software
31. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Multitasking
Motion detector
CIRT
Java
32. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Artificial Neural Networks (ANN)
Trademark
Hearsay Evidence
Callback Security/Call Forwarding
33. Also civil law
VPN (Virtual Private Network)
Motion detector
SSH
Tort
34. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
CORBA
Exit interview
Encryption
EF (Exposure Factor)
35. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
Brewer-Nash model
SSH
ISDN (Integrated Services Digital Network)
Certification
36. Internet Relay Chat.
l0pht
Code of ethics
IRC
Clipping levels
37. When security is managed at many different points in an organization
Crosstalk
Decentralized
RAM (Random-access memory)
ActiveX Object Linking and Embedding
38. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
Digital signing
Expert System
WAP (Wireless Application Protocol)
EF (Exposure Factor)
39. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Inference
War driving
OEP
Clipper Chip
40. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Detective - Preventive - Corrective
Privacy Act of 1974
Security Awareness Training
Multithreading
41. Scanning the airwaves for radio transmissions
Block cipher
Dumpster diving
Polymorphic
Scanning
42. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Clipping levels
Multiprocessing
CCTV
Two-Factor Authentication
43. White hat l0pht
Scanning
Centralized
Bugtraq
Debug
44. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
Trade Secret
EF (Exposure Factor)
Bugtraq
AES (Advanced Encryption Standard)
45. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
l0pht
User
Risk Acceptance
Checksum
46. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
ALE (Annualized Loss Expectancy)
Copyright
MOM
War driving
47. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Digital signing
Switches / Bridges
Brewer-Nash model
Covert channels
48. Good for distance - longer than 100M
Coax
/etc/passwd
Identification
Session Hijacking
49. Jumping into dumpsters to retrieve information about someone/something/a company
Inference
Echelon
Dumpster diving
Custodian
50. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Due Diligence
Echelon
RADIUS (Remote authentication dial-in user service)
Dogs
