SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Private Addressing
Diffie-Hellman
Expert systems
NAT
2. Also known as a tunnel)
Identification
Software development lifecycle
VPN (Virtual Private Network)
FAR/FRR/CER
3. Transferring your risk to someone else - typically an insurance company
Eavesdropping
Risk Transferring
Acceptable use
Fiber optic
4. Good for distance - longer than 100M
Risk Acceptance
Coax
Owner
Carnivore
5. To not be legal (as far as law is concerned) or ethical
Bugtraq
Illegal/Unethical
ISDN (Integrated Services Digital Network)
Packet Sniffing
6. Relating to quality or kind. This assigns a level of importance to something.
Qualitative
Classes of IP networks
Repeaters
Private Addressing
7. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Replay
Vulnerability analysis tools
Penetration testing
Debug
8. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Vulnerability analysis tools
DMZ
Data remanence
IRC
9. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
DMZ
Enticement
TACACS (Terminal access controller access control system)
Job rotation
10. Dialing fixed sets telephone numbers looking for open modem connections to machines
Trap Door
Code of ethics
Phreaker
War dialing
11. Object Linking and Embedding. The ability of an object to be embedded into another object.
Content dependant
DHCP
OLE
CRC (Cyclic Redundancy Check)
12. Defines the objects and their attributes that exist in a database.
Schema
Call tree
Malware
SSO (Single sign-on)
13. When two or more processes are linked and execute multiple programs simultaneously
Patent
Multiprocessing
Biometric profile
Guards
14. CISSPs subscribe to a code of ethics for building up the security profession
Hearsay Evidence
Privacy Act of 1974
Script kiddies
Code of ethics
15. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Normalization
Risk Transferring
Common criteria
ActiveX Object Linking and Embedding
16. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
War dialing
Phreaker
Reciprocal agreement
Penetration testing
17. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Classes of IP networks
Routers
CORBA
Symmetric
18. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Common criteria
Firewall types
Fences
Encryption
19. In cryptography - it is a block cipher
Content dependant
Risk Management
Transposition
Skipjack
20. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
VPN (Virtual Private Network)
Active attacks
OEP
Inference
21. Internet Architecture Board. This board is responsible for protecting the Internet.
Firmware
Switches / Bridges
Patent
IAB
22. Basic Input/Output System
Tokens
CIRT
Detective - Preventive - Corrective
BIOS
23. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Switches / Bridges
Risk Management
Spoofing
Toneloc
24. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Centralized
Technical - Administrative - Physical
TCB
Biometric profile
25. A mechanism by which connections to TCP services on a system are allowed or disallowed
l0pht
Incentive programs
Dictionary Attack
TCP Wrappers
26. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
ALE (Annualized Loss Expectancy)
ARP (Address Resolution Protocol)
SQL (Structured Query Language)
Expert System
27. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Wiretapping
Debug
OEP
Back door/ trap door/maintenance hook
28. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Guards
DHCP
Clipping levels
Software librarian
29. A RFC standard. A mechanism for performing commands on a remote system
Brute Force
Telnet
Entrapment
TEMPEST
30. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Non-repudiation
Finger printing
ARO (Annualized Rate of Occurrence)
Passive attacks
31. Providing verification to a system
PAP (Password Authentication Protocol)
Authentication
Inference
/etc/passwd
32. The practice of obtaining confidential information by manipulation of legitimate users.
WAP (Wireless Application Protocol)
Format 7 times
Echelon
Social engineering
33. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Boot-sector Virus
Owner
Technical - Administrative - Physical
Username/password
34. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Illegal/Unethical
Expert System
Buffer overflow
Hearsay Evidence
35. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Security Awareness Training
Dictionary Attack
Finger printing
Artificial Neural Networks (ANN)
36. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Acceptable use
CD-Rom
War dialing
Trademark
37. A system designed to stop piggybacking.
CHAP
Man trap
SQL (Structured Query Language)
Change management
38. Data storage formats and equipment that allow the stored data to be accessed in any order
RAM (Random-access memory)
Spoofing
Fire extinguisher
Diffie-Hellman
39. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Security Perimeter
Caesar Cipher
Twisted pair
RAM (Random-access memory)
40. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Teardrop
Sabotage
Java
Authorization creep
41. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
CORBA
Data remanence
Virtual machine
EF (Exposure Factor)
42. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Callback Security/Call Forwarding
Non-repudiation
SSH
Hash
43. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Birthday attack
Service packs
Trojan horses
Social engineering
44. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
CIRT
Dumpster diving
Nonce
45. Setting up the user to access the honeypot for reasons other than the intent to harm.
ARO (Annualized Rate of Occurrence)
Authorization creep
Scanning
Entrapment
46. A hidden communications channel on a system that allows for the bypassing of the system security policy
Call tree
Clipping levels
WTLS (Wireless Transport Layer Security)
Covert channels
47. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Caesar Cipher
Coax
Firmware
Object Oriented Programming
48. Jumping into dumpsters to retrieve information about someone/something/a company
Dumpster diving
Firewall types
Salami Slicing
Qualitative
49. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Fire extinguisher
Noise & perturbation
Authorization creep
Session Hijacking
50. An attempt to trick the system into believing that something false is real
Termination procedures
Echelon
Closed network
Hoax
