SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In a separation of duties model - this is where code is checked in and out
Bastion hosts
Software librarian
Multitasking
Salami Slicing
2. Component Object Model.
SQL (Structured Query Language)
TCB
COM
SLE (Single Loss Expectancy or Exposure)
3. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
TCB
/etc/passwd
Java
Virtual machine
4. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Firmware
Well-known ports
Bugtraq
Digest
5. The real cost of acquiring/maintaining/developing a system
Cold Site
Asset Value
Acceptable use
TEMPEST
6. Data storage formats and equipment that allow the stored data to be accessed in any order
Masquerade
RAM (Random-access memory)
Accountability
DDOS
7. A technique to eliminate data redundancy.
Normalization
Motion detector
Virtual machine
Expert systems
8. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Base-64
Brewer-Nash model
Artificial Neural Networks (ANN)
Back door/ trap door/maintenance hook
9. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
CD-Rom
Script
Toneloc
WTLS (Wireless Transport Layer Security)
10. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Guards
Multithreading
Digest
Trademark
11. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Caesar Cipher
Symmetric
Risk Analysis
Private Addressing
12. The frequency with which a threat is expected to occur.
Block cipher
ARO (Annualized Rate of Occurrence)
Replay
User
13. Object Linking and Embedding. The ability of an object to be embedded into another object.
OLE
Tort
DOS
Data remanence
14. A system designed to stop piggybacking.
ROT-13
Warm Site
Man trap
SYN Flood
15. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Tokens
Eavesdropping
Keystroke logging
CIRT
16. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Birthday attack
Fiber optic
Cyphertext only
User
17. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Promiscuous mode
Transposition
Copyright
Software librarian
18. Network device that operates at layer 1. Concentrator.
Hubs
Eavesdropping
Buffer overflow
Schema
19. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Man trap
Two-Factor Authentication
Caesar Cipher
Boot-sector Virus
20. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Probing
Packet Sniffing
Wiretapping
WAP (Wireless Application Protocol)
21. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Throughput of a Biometric System
Tort
Burden of Proof
MitM
22. Emanations from one wire coupling with another wire
Crosstalk
Coax
ActiveX Object Linking and Embedding
CCTV
23. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Base-64
Copyright
Aggregation
Illegal/Unethical
24. Setting up the user to access the honeypot for reasons other than the intent to harm.
Logic bomb
Entrapment
Embezzlement
Owner
25. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Tailgating / Piggybacking
Schema
Kerberos
Risk Mitigation
26. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
CRC (Cyclic Redundancy Check)
Illegal/Unethical
Security Awareness Training
Encryption
27. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Motion detector
Service packs
Wiretapping
Aggregation
28. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Covert channels
Sabotage
AES (Advanced Encryption Standard)
CIA
29. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
User
ARO (Annualized Rate of Occurrence)
Fraud
Inference
30. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Trade Secret
VLANs
RADIUS (Remote authentication dial-in user service)
Software development lifecycle
31. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Dumpster diving
Key Escrow
l0pht
CHAP
32. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
CHAP
ROM (Read-only memory)
Well-known ports
Checksum
33. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
Multiprocessing
Man trap
ISDN (Integrated Services Digital Network)
Packet Sniffing
34. Rolling command center with UPS - satellite - uplink - power - etc.
Fences
Phreaker
Rolling hot sites
Encryption
35. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Hearsay Evidence
BIA
Private Addressing
Finger printing
36. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Call tree
Echelon
Phreaker
Checksum
37. When two or more processes are linked and execute multiple programs simultaneously
l0pht
PKI
Risk Acceptance
Multiprocessing
38. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Risk Mitigation
FAR/FRR/CER
Firmware
Senior Management
39. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Trade Secret
Checksum
Crosstalk
SSH
40. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
CIRT
Two-Factor Authentication
Salami Slicing
Polymorphism
41. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
DAD
CIA
Job rotation
42. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Script kiddies
Schema
Malware
Trademark
43. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
SSO (Single sign-on)
Noise & perturbation
Brute force
Software development lifecycle
44. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Worm
Echelon
Macro
Substitution
45. Network Address Translation
MOM
Authorization creep
NAT
Polymorphic
46. A mechanism by which connections to TCP services on a system are allowed or disallowed
Owner
CIA
/etc/passwd
TCP Wrappers
47. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
DMZ
IAB
Biometrics
Privacy Act of 1974
48. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
Passive attacks
Wiretapping
Two-Factor Authentication
ROM (Read-only memory)
49. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Due Diligence
PAP (Password Authentication Protocol)
DDOS
Malware
50. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Finger scanning
Privacy Act of 1974
DOS
SQL (Structured Query Language)
