SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
BIOS
Acceptable use
Polymorphism
RADIUS (Remote authentication dial-in user service)
2. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Trade Secret
Probing
Dictionary Attack
Repeaters
3. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Well-known ports
OEP
Out of band
Patriot Act
4. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Certification
Sniffing
Data Mart
Symmetric
5. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Identification
Detective - Preventive - Corrective
Honey pot
Caesar Cipher
6. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Object Oriented Programming
Worm
User
Illegal/Unethical
7. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Eavesdropping
Cryptanalysis
SQL (Structured Query Language)
Call tree
8. These can be used to verify that public keys belong to certain individuals.
DDOS
Artificial Neural Networks (ANN)
DOS
Digital certificates
9. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Audit Trail
Termination procedures
Security kernel
DCOM
10. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
BIA
Common criteria
Multiprocessing
Trap Door
11. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Debug
Replay
MitM
Encryption
12. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Software
Routers
/etc/passwd
Exit interview
13. An instance of a scripting language
Smurf
Authentication
Callback Security/Call Forwarding
Script
14. CISSPs subscribe to a code of ethics for building up the security profession
Senior Management
Code of ethics
Back door/ trap door/maintenance hook
Risk Mitigation
15. In cryptography - it is a block cipher
Fraggle
Skipjack
Authorization creep
Clipper Chip
16. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
TCSEC
Asymmetric
Digital certificates
17. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Throughput of a Biometric System
PAP (Password Authentication Protocol)
Separation of duties
Multiprocessing
18. Network device that operates at layer 1. Concentrator.
Sniffing
Hubs
Fraggle
Expert System
19. A network that uses standard protocols (TCP/IP)
Open network
Cookies
Well-known ports
Data remanence
20. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
/etc/passwd
Worm
WTLS (Wireless Transport Layer Security)
Quality Assurance
21. Encompasses Risk Analysis and Risk Mitigation
CIRT
Covert channels
Risk Management
Trademark
22. Personal - Network - and Application
Acceptable use
SESAME
DCOM
Firewall types
23. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Hot Site
CRC (Cyclic Redundancy Check)
Cryptanalysis
COOP
24. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Packet Sniffing
Passive attacks
DAD
Code of ethics
25. Also civil law
Risk Management
Tort
Virtual machine
Noise & perturbation
26. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Detective - Preventive - Corrective
CGI (The Common Gateway Interface)
Security kernel
Dumpster diving
27. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Raid 0 - 1 - 3 - 5
TACACS (Terminal access controller access control system)
IRC
Finger scanning
28. A mechanism by which connections to TCP services on a system are allowed or disallowed
Encryption
SSL/TLS
TCP Wrappers
Enticement
29. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Rijndael
Risk Management
Fraggle
Transposition
30. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
DOS
ROT-13
Brute force
ISDN (Integrated Services Digital Network)
31. Using ICMP to diagram a network
Finger printing
DCOM
Service packs
Probing
32. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Hackers
Owner
Private Addressing
Non-repudiation
33. The process of reducing your risks to an acceptable level based on your risk analysis
VPN (Virtual Private Network)
Trap Door
Replay
Risk Mitigation
34. Disclosure - Alteration - Destruction. These things break the CIA triad
CGI (The Common Gateway Interface)
Logic bomb
Exit interview
DAD
35. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
DHCP
Active attacks
Granularity
Checksum
36. In a separation of duties model - this is where code is checked in and out
Service packs
Scanning
Birthday attack
Software librarian
37. Scanning the airwaves for radio transmissions
Enticement
Scanning
Toneloc
Expert systems
38. Data storage formats and equipment that allow the stored data to be accessed in any order
RAM (Random-access memory)
Hacker
TCSEC
Block cipher
39. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
CIO
Expert System
Centralized
OLE
40. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
l0pht
OLE
Fire extinguisher
MOM
41. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Artificial Neural Networks (ANN)
SQL (Structured Query Language)
Man trap
Quantitative
42. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Detective - Preventive - Corrective
Two-Factor Authentication
AES (Advanced Encryption Standard)
PAP (Password Authentication Protocol)
43. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
SSH
Code of ethics
Boot-sector Virus
Copyright
44. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Authorization creep
Callback Security/Call Forwarding
Decentralized
Biometric profile
45. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Eavesdropping
Trojan horses
Schema
Fire extinguisher
46. The person that controls access to the data
Vulnerability analysis tools
Rolling hot sites
Custodian
Callback Security/Call Forwarding
47. Method of authenticating to a system. Something that you supply and something you know.
SSL/TLS
Privacy Act of 1974
Username/password
Hubs
48. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Brute Force
Content dependant
Multipartite
Java
49. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Bastion hosts
Debug
Joke
TACACS (Terminal access controller access control system)
50. A RFC standard. A mechanism for performing commands on a remote system
DHCP
Sniffing
Illegal/Unethical
Telnet