SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Digital certificates
DOS
Social engineering
Back door/ trap door/maintenance hook
2. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
Multiprocessing
CIO
Private Addressing
WTLS (Wireless Transport Layer Security)
3. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
CGI (The Common Gateway Interface)
Tailgating / Piggybacking
Risk Management
Service packs
4. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Salami Slicing
Toneloc
Smurf
Centralized
5. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
CCTV
Multithreading
COM
ROM (Read-only memory)
6. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Service packs
Mandatory vacation
SQL (Structured Query Language)
Polymorphic
7. Once authenticated - the level of access you have to a system
Classes of IP networks
Authorization
ALE (Annualized Loss Expectancy)
Certification
8. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Callback Security/Call Forwarding
Logic bomb
Certification
Entrapment
9. A network that uses proprietary protocols
Dumpster diving
Closed network
WTLS (Wireless Transport Layer Security)
CD-Rom
10. Setting up the user to access the honeypot for reasons other than the intent to harm.
Rijndael
Authorization creep
BIOS
Entrapment
11. Something used to put out a fire. Can be in Classes A - B - C - D - or H
SSH
ALE (Annualized Loss Expectancy)
/etc/passwd
Fire extinguisher
12. Computer Incident Response Team
CIRT
Security Perimeter
Wiretapping
Compiler
13. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Telnet
Salami Slicing
Key Escrow
Privacy Act of 1974
14. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Identification
Halon
Tokens
Change management
15. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Centralized
Brute Force
Mandatory vacation
Granularity
16. Threat to physical security.
Centralized
Sabotage
Security kernel
Embezzlement
17. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Accreditation
Hearsay Evidence
Java
CEO
18. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Dictionary Attack
Cryptanalysis
DNS cache poisoning
UUEncode
19. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Job rotation
TCB
Boot-sector Virus
Illegal/Unethical
20. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Diffie-Hellman
FAR/FRR/CER
NAT
Sabotage
21. Also civil law
CEO
Privacy Act of 1974
Tort
Bastion hosts
22. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Crosstalk
Block cipher
Dumpster diving
Key Escrow
23. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Risk Management
Digital certificates
MOM
Keystroke logging
24. A war dialing utility
Tokens
Toneloc
Man trap
Macro
25. The act of identifying yourself. Providing your identity to a system
Identification
Classes of IP networks
SSL/TLS
Brewer-Nash model
26. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Data remanence
TACACS (Terminal access controller access control system)
Due Diligence
PAP (Password Authentication Protocol)
27. In a separation of duties model - this is where code is checked in and out
COM
Software librarian
Security through obscurity
Fences
28. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Block cipher
Risk Acceptance
Brewer-Nash model
Wiretapping
29. Reasonable doubt
BIA
Tokens
Burden of Proof
Rolling hot sites
30. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Script kiddies
Repeaters
Well-known ports
Dumpster diving
31. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Birthday attack
ROT-13
Service packs
IRC
32. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Risk Acceptance
Smart cards
Audit Trail
Carnivore
33. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Base-64
Embezzlement
Hash
Security through obscurity
34. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
War dialing
Brute force
Risk Analysis
RADIUS (Remote authentication dial-in user service)
35. Network devices that operate at layer 3. This device separates broadcast domains.
Routers
Detective - Preventive - Corrective
Termination procedures
Rolling hot sites
36. Motivational tools for employee awareness to get them to report security flaws in an organization
Incentive programs
Aggregation
Schema
SLE (Single Loss Expectancy or Exposure)
37. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Tokens
Hoax
Dictionary Attack
Open network
38. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
BIOS
Kerberos
Patriot Act
DDOS
39. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
Finger scanning
EF (Exposure Factor)
SLE (Single Loss Expectancy or Exposure)
Qualitative
40. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
DAD
ROM (Read-only memory)
Tailgating / Piggybacking
DMZ
41. The intercepting of conversations by unintended recipients
Eavesdropping
Hacker
BIOS
Honey pot
42. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Software development lifecycle
Rijndael
Virtual Memory/Pagefile.sys
Reciprocal agreement
43. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Raid 0 - 1 - 3 - 5
Motion detector
Scanning
Finger printing
44. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Toneloc
Back door/ trap door/maintenance hook
Echelon
Software
45. The person that determines the permissions to files. The data owner.
Owner
CD-Rom
Caesar Cipher
Symmetric
46. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Patriot Act
Spoofing
Twisted pair
Honey pot
47. Disclosure - Alteration - Destruction. These things break the CIA triad
Fire extinguisher
Termination procedures
DAD
Incentive programs
48. Also known as a tunnel)
Multitasking
VPN (Virtual Private Network)
Security Perimeter
DAD
49. Making individuals accountable for their actions on a system typically through the use of auditing
DNS cache poisoning
Hearsay Evidence
CRC (Cyclic Redundancy Check)
Accountability
50. Closed Circuit Television
Crosstalk
FAR/FRR/CER
CCTV
Fraggle