SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. These viruses usually infect both boot records and files.
Script
Multipartite
Security Perimeter
SYN Flood
2. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Data Mart
Virtual Memory/Pagefile.sys
Boot-sector Virus
Virtual machine
3. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
SSH
Two-Factor Authentication
Salami Slicing
Enticement
4. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
War driving
Trap Door
Due Care
TACACS (Terminal access controller access control system)
5. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Software
Expert systems
Digital signing
Fiber optic
6. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Classes of IP networks
TCB
ARP (Address Resolution Protocol)
SSH
7. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Asymmetric
Script
CHAP
Caesar Cipher
8. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Transposition
Kerberos
TCB
Expert systems
9. Accepting all packets
Inference
Promiscuous mode
Finger printing
Eavesdropping
10. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Security kernel
WTLS (Wireless Transport Layer Security)
Scanning
Fiber optic
11. Network device that operates at layer 1. Concentrator.
Senior Management
CRC (Cyclic Redundancy Check)
Halon
Hubs
12. Computer Incident Response Team
Polymorphism
CIRT
Schema
Code of ethics
13. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Audit Trail
Guards
Patriot Act
Accountability
14. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Burden of Proof
Packet Sniffing
Probing
l0pht
15. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Tort
Non-repudiation
DHCP
Biometrics
16. Network Address Translation
Block cipher
NAT
Guards
ActiveX Object Linking and Embedding
17. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
Routers
/etc/passwd
SSH
18. Enticing people to hit your honeypot to see how they try to access your system.
WTLS (Wireless Transport Layer Security)
ROM (Read-only memory)
DDOS
Enticement
19. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Bugtraq
Inference
Expert systems
Noise & perturbation
20. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
SQL (Structured Query Language)
Inference
Passive attacks
TACACS (Terminal access controller access control system)
21. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Replay
Schema
Firmware
Sniffing
22. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Hubs
Tailgating / Piggybacking
Expert System
Trojan horses
23. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
/etc/passwd
DMZ
CIA
Hash
24. Network devices that operate at layer 3. This device separates broadcast domains.
Data Mart
Routers
Software librarian
Normalization
25. In the broadest sense - a fraud is a deception made for personal gain
Two-Factor Authentication
Format 7 times
Fraud
Embezzlement
26. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
CD-Rom
UUEncode
Copyright
Halon
27. More discriminate than dogs
Crosstalk
WAP (Wireless Application Protocol)
Guards
Skipjack
28. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Fraggle
Substitution
Expert systems
Software librarian
29. In a separation of duties model - this is where code is checked in and out
Brute force
Software librarian
Risk Analysis
Enticement
30. The ability to have more than one thread associated with a process
Multithreading
DHCP
CGI (The Common Gateway Interface)
Quality Assurance
31. Relating to quality or kind. This assigns a level of importance to something.
Qualitative
Honey pot
Smurf
CIRT
32. Using ICMP to diagram a network
Audit Trail
Probing
Non-repudiation
WAP (Wireless Application Protocol)
33. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Separation of duties
Degausser
Biometric profile
DNS cache poisoning
34. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Expert System
Acceptable use
Security Awareness Training
Fences
35. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Vulnerability analysis tools
Technical - Administrative - Physical
Quantitative
Firewall types
36. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Virtual machine
Polymorphism
Toneloc
UUEncode
37. When one key of a two-key pair has more encryption pattern than the other
IAB
Packet Sniffing
Normalization
Asymmetric
38. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Granularity
IAB
Diffie-Hellman
l0pht
39. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
OSI Model
CHAP
Wiretapping
Key Escrow
40. A hidden communications channel on a system that allows for the bypassing of the system security policy
Data Mart
Covert channels
CGI (The Common Gateway Interface)
TCSEC
41. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Masquerade
Data Mart
Halon
Exit interview
42. A war dialing utility
Logic bomb
CIO
Toneloc
Passive attacks
43. A network that mimics the brain
PAP (Password Authentication Protocol)
Artificial Neural Networks (ANN)
Patent
Tailgating / Piggybacking
44. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Non-repudiation
ARP (Address Resolution Protocol)
Certification
Worm
45. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Asymmetric
Man trap
Attenuation
Hot Site
46. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Boot-sector Virus
Hearsay Evidence
Separation of duties
Java
47. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Raid 0 - 1 - 3 - 5
DOS
Debug
Quantitative
48. Jumping into dumpsters to retrieve information about someone/something/a company
Symmetric
Dumpster diving
Entrapment
Authorization
49. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Security kernel
SYN Flood
Mandatory vacation
Joke
50. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Detective - Preventive - Corrective
Rijndael
Stream cipher
SSO (Single sign-on)