SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
l0pht
Incentive programs
Entrapment
MitM
2. A system designed to stop piggybacking.
Open network
Carnivore
Man trap
ARP (Address Resolution Protocol)
3. Occupant Emergency Plan - Employees are the most important!
Brewer-Nash model
Wiretapping
AES (Advanced Encryption Standard)
OEP
4. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Java
Brute force
Switches / Bridges
Non-repudiation
5. Continuation of Operations Plan
Joke
Expert System
COOP
Hoax
6. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Firewall types
Data remanence
Scanning
Firmware
7. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
/etc/passwd
DDOS
Closed network
Brewer-Nash model
8. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Expert System
Quantitative
Risk Analysis
Man trap
9. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Fiber optic
Qualitative
Boot-sector Virus
Twisted pair
10. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Cryptanalysis
Teardrop
CEO
Security Perimeter
11. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Change management
Senior Management
Patriot Act
Kerberos
12. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Nonce
SLE (Single Loss Expectancy or Exposure)
Substitution
Due Care
13. Component Object Model.
Rolling hot sites
Service packs
Brute force
COM
14. These can be used to verify that public keys belong to certain individuals.
Certification
Digital certificates
Malware
Decentralized
15. A site that is ready physically but has no hardware in place - all it has is HVAC
Transposition
Hot Site
CD-Rom
Cold Site
16. The frequency with which a threat is expected to occur.
DCOM
ARO (Annualized Rate of Occurrence)
Warm Site
Worm
17. 'If you cant see it - its secure'. Bad policy to live by.
Security through obscurity
Man trap
Skipjack
MOM
18. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Masquerade
Embezzlement
Cold Site
Due Care
19. In a separation of duties model - this is where code is checked in and out
Block cipher
Separation of duties
Quantitative
Software librarian
20. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Substitution
Well-known ports
Audit Trail
Switches / Bridges
21. Personal - Network - and Application
Bastion hosts
CCTV
/etc/passwd
Firewall types
22. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Format 7 times
Change management
Sabotage
ActiveX Object Linking and Embedding
23. A gas used in fire suppression. Not human safe. Chemical reaction.
Cold Site
Data Mart
Halon
Phreaker
24. Entails planning and system actions to ensure that a project is following good quality management practices
Quality Assurance
Common criteria
OLE
Vulnerability analysis tools
25. Must be in place for you to use a biometric system
Brewer-Nash model
WTLS (Wireless Transport Layer Security)
Biometric profile
Data remanence
26. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Patriot Act
Debug
Out of band
Birthday attack
27. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Trap Door
Finger scanning
Checksum
Teardrop
28. Basic Input/Output System
Guards
BIOS
CORBA
Separation of duties
29. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Reciprocal agreement
Patriot Act
Debug
Qualitative
30. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Closed network
Buffer overflow
Polymorphism
Risk Analysis
31. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Software development lifecycle
Multithreading
Tailgating / Piggybacking
ALE (Annualized Loss Expectancy)
32. The output of a hash function is a digest.
Multiprocessing
Digest
Carnivore
Trap Door
33. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
CIRT
Security kernel
Trade Secret
Multiprocessing
34. Object Linking and Embedding. The ability of an object to be embedded into another object.
Fire extinguisher
OLE
Active attacks
CRC (Cyclic Redundancy Check)
35. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
ISDN (Integrated Services Digital Network)
Digital certificates
Burden of Proof
Replay
36. To not be legal (as far as law is concerned) or ethical
DOS
Patent
Illegal/Unethical
SSO (Single sign-on)
37. Rolling command center with UPS - satellite - uplink - power - etc.
TEMPEST
Finger printing
User
Rolling hot sites
38. Public Key Infrastructure
Clipping levels
PKI
Dictionary Attack
Penetration testing
39. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Hearsay Evidence
Birthday attack
Active attacks
DNS cache poisoning
40. An attempt to trick the system into believing that something false is real
Dictionary Attack
Vulnerability analysis tools
Hoax
Hackers
41. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Smurf
Keystroke logging
Termination procedures
Symmetric
42. Disclosure - Alteration - Destruction. These things break the CIA triad
Macro
DAD
Eavesdropping
DMZ
43. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
PKI
Accreditation
Digest
TEMPEST
44. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Risk Management
Echelon
Wiretapping
OLE
45. Involving the measurement of quantity or amount.
Quantitative
Change management
Acceptable use
Promiscuous mode
46. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Security Perimeter
Security through obscurity
Buffer overflow
Cookies
47. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Schema
Job rotation
EF (Exposure Factor)
Private Addressing
48. Motivational tools for employee awareness to get them to report security flaws in an organization
CCTV
Incentive programs
SSO (Single sign-on)
Hot Site
49. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Call tree
Clipper Chip
Privacy Act of 1974
Hackers
50. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
ActiveX Object Linking and Embedding
Warm Site
OSI Model
Multitasking
