SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Hoax
CRC (Cyclic Redundancy Check)
Risk Transferring
Inference
2. White hat l0pht
FAR/FRR/CER
Hearsay Evidence
Callback Security/Call Forwarding
Bugtraq
3. Personal - Network - and Application
Firewall types
Packet Sniffing
Format 7 times
Technical - Administrative - Physical
4. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
ActiveX Object Linking and Embedding
Attenuation
Trap Door
Fraggle
5. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Granularity
Enticement
UUEncode
Security Perimeter
6. Providing verification to a system
VPN (Virtual Private Network)
Authentication
Buffer overflow
SSH
7. Scanning the airwaves for radio transmissions
Repeaters
Scanning
RADIUS (Remote authentication dial-in user service)
Expert System
8. Reasonable doubt
Throughput of a Biometric System
Private Addressing
TCB
Burden of Proof
9. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Rolling hot sites
Patriot Act
Fences
Object Oriented Programming
10. A sandbox. Emulates an operating environment.
Accreditation
Brute Force
Virtual machine
CEO
11. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
SSO (Single sign-on)
Key Escrow
Cyphertext only
FAR/FRR/CER
12. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic bomb
Open network
Expert systems
Dogs
13. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
DHCP
Throughput of a Biometric System
Cold Site
Audit Trail
14. Chief Executive Officer
NAT
Data Mart
CEO
IAB
15. Network Address Translation
Caesar Cipher
Logic bomb
Expert System
NAT
16. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Coax
Keystroke logging
Reciprocal agreement
Rijndael
17. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Brute Force
Service packs
Hearsay Evidence
IAB
18. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Toneloc
Block cipher
Copyright
Phreaker
19. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Certification
Vulnerability analysis tools
TACACS (Terminal access controller access control system)
Keystroke logging
20. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Data remanence
Probing
Trademark
Cookies
21. A network entity that provides a single entrance / exit point to the Internet.
Bastion hosts
Brute force
SQL (Structured Query Language)
Illegal/Unethical
22. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Security kernel
DMZ
Owner
Probing
23. The ability to have more than one thread associated with a process
Detective - Preventive - Corrective
DOS
Multithreading
COM
24. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Wiretapping
Hardware
Risk Transferring
User
25. Software designed to infiltrate or damage a computer system - without the owner's consent.
Malware
Raid 0 - 1 - 3 - 5
Warm Site
Inference
26. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Halon
Vulnerability analysis tools
Throughput of a Biometric System
Active attacks
27. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Cryptanalysis
Detective - Preventive - Corrective
Tort
Risk Analysis
28. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Packet Sniffing
AES (Advanced Encryption Standard)
Toneloc
Hot Site
29. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Hoax
PAP (Password Authentication Protocol)
Base-64
Birthday attack
30. 'If you cant see it - its secure'. Bad policy to live by.
Digest
Security through obscurity
Authorization creep
Technical - Administrative - Physical
31. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Probing
Finger printing
MitM
Penetration testing
32. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
COM
Aggregation
Block cipher
Man trap
33. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Encryption
Fraud
Security Awareness Training
Tokens
34. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
EF (Exposure Factor)
OEP
Trap Door
User
35. Must be in place for you to use a biometric system
Tokens
CCTV
EF (Exposure Factor)
Biometric profile
36. The user
User
Fences
DHCP
Hacker
37. A network that uses standard protocols (TCP/IP)
Open network
Security Awareness Training
Embezzlement
TACACS (Terminal access controller access control system)
38. Accepting all packets
Promiscuous mode
Finger scanning
Repeaters
CIO
39. Internet Architecture Board. This board is responsible for protecting the Internet.
Classes of IP networks
Copyright
IAB
Format 7 times
40. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Due Diligence
PAP (Password Authentication Protocol)
Kerberos
Switches / Bridges
41. An instance of a scripting language
Service packs
AES (Advanced Encryption Standard)
Software
Script
42. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Promiscuous mode
EF (Exposure Factor)
Hash
Data Mart
43. Component Object Model.
Rijndael
Private Addressing
COM
Firewall types
44. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Centralized
Non-repudiation
Coax
Security Awareness Training
45. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Qualitative
/etc/passwd
Carnivore
DMZ
46. Assuming someone's session who is unaware of what you are doing
Hot Site
Patriot Act
Session Hijacking
Digital certificates
47. A network that uses proprietary protocols
COOP
Polymorphic
BIA
Closed network
48. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
/etc/passwd
Raid 0 - 1 - 3 - 5
Expert System
Trademark
49. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Hoax
CRC (Cyclic Redundancy Check)
Software librarian
Smurf
50. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Biometrics
Accreditation
Open network
Script kiddies