SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Motivational tools for employee awareness to get them to report security flaws in an organization
Passive attacks
Honey pot
Skipjack
Incentive programs
2. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Toneloc
Scanning
Risk Acceptance
Carnivore
3. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Software
Cookies
Sniffing
Risk Acceptance
4. Involving the measurement of quantity or amount.
Trademark
COOP
MitM
Quantitative
5. CISSPs subscribe to a code of ethics for building up the security profession
Code of ethics
Eavesdropping
TCP Wrappers
Audit Trail
6. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
IRC
Non-repudiation
Change management
FAR/FRR/CER
7. Public Key Infrastructure
Virtual Memory/Pagefile.sys
PKI
Hardware
SSL/TLS
8. Object Linking and Embedding. The ability of an object to be embedded into another object.
Honey pot
Script kiddies
OLE
Multitasking
9. A sandbox. Emulates an operating environment.
Virtual machine
Cold Site
SSO (Single sign-on)
Back door/ trap door/maintenance hook
10. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Vulnerability analysis tools
Wiretapping
Twisted pair
Well-known ports
11. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Tort
Boot-sector Virus
Trade Secret
Crosstalk
12. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
COOP
AES (Advanced Encryption Standard)
Polymorphism
Expert System
13. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
WTLS (Wireless Transport Layer Security)
Detective - Preventive - Corrective
Schema
l0pht
14. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
DCOM
Symmetric
Digest
Audit Trail
15. A network entity that provides a single entrance / exit point to the Internet.
Man trap
SSO (Single sign-on)
Bastion hosts
Keystroke logging
16. A network that mimics the brain
Artificial Neural Networks (ANN)
DCOM
Senior Management
Risk Transferring
17. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Smurf
SLE (Single Loss Expectancy or Exposure)
Software
Inference
18. A mechanism by which connections to TCP services on a system are allowed or disallowed
TCP Wrappers
ActiveX Object Linking and Embedding
Change management
DOS
19. The user
User
War dialing
Promiscuous mode
Hubs
20. Chief Information Officer
CIO
Authorization creep
Telnet
Risk Transferring
21. Occupant Emergency Plan - Employees are the most important!
OEP
Trap Door
Polymorphic
Logic bomb
22. Someone who hacks
Private Addressing
Hacker
Masquerade
Embezzlement
23. Method of authenticating to a system. Something that you supply and something you know.
Username/password
Rolling hot sites
Stream cipher
Brute force
24. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
War dialing
DCOM
Expert systems
Dogs
25. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Hacker
Format 7 times
Security Perimeter
Username/password
26. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
OEP
Worm
ISDN (Integrated Services Digital Network)
Termination procedures
27. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Cyphertext only
Aggregation
Trade Secret
Security kernel
28. Same as a block cipher except that it is applied to a data stream one bit at a time
Privacy Act of 1974
Dictionary Attack
Stream cipher
Non-repudiation
29. Setting up the user to access the honeypot for reasons other than the intent to harm.
Firmware
PAP (Password Authentication Protocol)
Software librarian
Entrapment
30. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Patriot Act
Routers
Worm
Content dependant
31. Also civil law
Spoofing
Replay
Software development lifecycle
Tort
32. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Risk Management
Spoofing
Acceptable use
Caesar Cipher
33. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
DCOM
TCB
Inference
SESAME
34. Repeats the signal. It amplifies the signal before sending it on.
Repeaters
WTLS (Wireless Transport Layer Security)
CHAP
Authorization creep
35. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Finger printing
Eavesdropping
Polymorphic
Routers
36. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Finger scanning
Polymorphism
Detective - Preventive - Corrective
Replay
37. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Masquerade
Incentive programs
SLE (Single Loss Expectancy or Exposure)
Asymmetric
38. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Mandatory vacation
Multitasking
Certification
Common criteria
39. Component Object Model.
PKI
Packet Sniffing
Active attacks
COM
40. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
DDOS
Open network
Granularity
Symmetric
41. Jumping into dumpsters to retrieve information about someone/something/a company
CEO
Debug
Dumpster diving
Acceptable use
42. Chief Executive Officer
CEO
Teardrop
Callback Security/Call Forwarding
Mandatory vacation
43. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Debug
Data remanence
Macro
Substitution
44. Someone whose hacking is primarily targeted at the phone systems
SSL/TLS
Phreaker
Degausser
Cryptanalysis
45. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
Toneloc
Smurf
ROT-13
CD-Rom
46. A site that is ready physically but has no hardware in place - all it has is HVAC
Repeaters
Cold Site
Inference
Fraggle
47. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Guards
l0pht
Private Addressing
OSI Model
48. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Risk Management
SESAME
Degausser
TACACS (Terminal access controller access control system)
49. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Nonce
Active attacks
Dogs
Fences
50. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Digital signing
Birthday attack
PKI
OEP