SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Expert System
NAT
Risk Acceptance
Buffer overflow
2. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Owner
Risk Management
Granularity
Authentication
3. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Multipartite
Scanning
Owner
Copyright
4. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Data remanence
Change management
Out of band
Multiprocessing
5. Random Number Base
Closed network
Nonce
Enticement
Clipper Chip
6. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
War dialing
Wiretapping
Biometrics
Risk Mitigation
7. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Mandatory vacation
BIOS
Acceptable use
Open network
8. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Code of ethics
Multiprocessing
Twisted pair
Expert System
9. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
CIA
Sabotage
Call tree
Content dependant
10. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Diffie-Hellman
Senior Management
UUEncode
DNS cache poisoning
11. Using ICMP to diagram a network
Multipartite
CIRT
Probing
ARP (Address Resolution Protocol)
12. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Software
RAM (Random-access memory)
Change management
Username/password
13. Involving the measurement of quantity or amount.
OLE
Separation of duties
Quantitative
Dogs
14. Making individuals accountable for their actions on a system typically through the use of auditing
Quantitative
Accountability
Classes of IP networks
Active attacks
15. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Substitution
Object Oriented Programming
Trademark
l0pht
16. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Degausser
ROT-13
Multipartite
ALE (Annualized Loss Expectancy)
17. Network devices that operate at layer 3. This device separates broadcast domains.
Routers
Guards
Coax
Active attacks
18. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
ARP (Address Resolution Protocol)
Session Hijacking
Telnet
Cookies
19. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
War driving
Brute force
Multipartite
TCSEC
20. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Qualitative
BIA
Copyright
Probing
21. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
TACACS (Terminal access controller access control system)
Carnivore
Transposition
22. A network entity that provides a single entrance / exit point to the Internet.
UUEncode
Custodian
Biometric profile
Bastion hosts
23. Internet Relay Chat.
IRC
Exit interview
Honey pot
Expert System
24. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Throughput of a Biometric System
Dictionary Attack
DAD
Diffie-Hellman
25. When security is managed at a central point in an organization
Probing
Dictionary Attack
Centralized
Routers
26. Motivational tools for employee awareness to get them to report security flaws in an organization
Eavesdropping
Content dependant
Schema
Incentive programs
27. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
RADIUS (Remote authentication dial-in user service)
Cold Site
Nonce
Firmware
28. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Clipper Chip
IAB
Kerberos
CHAP
29. In cryptography - it is a block cipher
Virtual machine
WTLS (Wireless Transport Layer Security)
Skipjack
OEP
30. A network that uses proprietary protocols
Routers
Carnivore
Closed network
Scanning
31. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Packet Sniffing
Detective - Preventive - Corrective
Boot-sector Virus
Teardrop
32. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
SYN Flood
Cyphertext only
Senior Management
WTLS (Wireless Transport Layer Security)
33. These viruses usually infect both boot records and files.
Multipartite
Hash
TEMPEST
Risk Management
34. Be at least 8 foot tall and have three strands of barbed wire.
Switches / Bridges
Brewer-Nash model
Fences
Schema
35. Entails planning and system actions to ensure that a project is following good quality management practices
Digital signing
Termination procedures
Senior Management
Quality Assurance
36. A military standard defining controls for emanation protection
Entrapment
TEMPEST
Polymorphic
Closed network
37. These can be used to verify that public keys belong to certain individuals.
ALE (Annualized Loss Expectancy)
ARP (Address Resolution Protocol)
Session Hijacking
Digital certificates
38. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Keystroke logging
Well-known ports
Skipjack
Firmware
39. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Well-known ports
Active attacks
Key Escrow
ALE (Annualized Loss Expectancy)
40. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Tokens
Software librarian
Burden of Proof
Macro
41. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Skipjack
Change management
SSL/TLS
BIA
42. A hidden communications channel on a system that allows for the bypassing of the system security policy
Fraggle
Audit Trail
Covert channels
Multipartite
43. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Embezzlement
Trade Secret
Logic bomb
SYN Flood
44. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Throughput of a Biometric System
Software librarian
Diffie-Hellman
Bugtraq
45. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
User
Expert System
Enticement
46. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
CEO
Dictionary Attack
Trademark
ROM (Read-only memory)
47. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Accreditation
Entrapment
Inference
l0pht
48. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Dictionary Attack
Granularity
TACACS (Terminal access controller access control system)
War dialing
49. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Scanning
Finger scanning
Carnivore
Java
50. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Out of band
Tort
Multiprocessing
Service packs