SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Checksum
Trap Door
ARO (Annualized Rate of Occurrence)
MitM
2. A site that has some equipment in place - and can be up within days
Authorization creep
Warm Site
Hearsay Evidence
Hot Site
3. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Object Oriented Programming
CIA
Asymmetric
Clipping levels
4. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Firewall types
Asset Value
Sniffing
ActiveX Object Linking and Embedding
5. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Separation of duties
Echelon
Software
Due Diligence
6. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
OLE
Biometric profile
Aggregation
Buffer overflow
7. Chief Information Officer
CIO
Scanning
SSH
Trap Door
8. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
CGI (The Common Gateway Interface)
Motion detector
Wiretapping
Audit Trail
9. The art of breaking code. Testing the strength of an algorithm.
SQL (Structured Query Language)
Key Escrow
Cryptanalysis
Virtual Memory/Pagefile.sys
10. The process of reducing your risks to an acceptable level based on your risk analysis
CGI (The Common Gateway Interface)
TCP Wrappers
Open network
Risk Mitigation
11. A network that uses proprietary protocols
Coax
Closed network
Qualitative
Data remanence
12. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Fraggle
Cyphertext only
CRC (Cyclic Redundancy Check)
Promiscuous mode
13. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
CHAP
Biometrics
Patent
Acceptable use
14. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
CIO
Identification
WTLS (Wireless Transport Layer Security)
Passive attacks
15. Confidentiality - Integrity - and Availability
Tailgating / Piggybacking
CIA
Security through obscurity
Cyphertext only
16. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Biometric profile
TCSEC
Inference
BIA
17. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Cold Site
Teardrop
Authentication
Identification
18. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Passive attacks
Security kernel
Dictionary Attack
Base-64
19. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Birthday attack
User
Packet Sniffing
WTLS (Wireless Transport Layer Security)
20. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Separation of duties
SYN Flood
Tailgating / Piggybacking
VPN (Virtual Private Network)
21. An attempt to trick the system into believing that something false is real
Hoax
Multithreading
Finger printing
Asymmetric
22. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
NAT
Common criteria
Trademark
Telnet
23. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Skipjack
Tailgating / Piggybacking
Brute Force
Virtual Memory/Pagefile.sys
24. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Data remanence
Honey pot
RAM (Random-access memory)
Multiprocessing
25. A network entity that provides a single entrance / exit point to the Internet.
Trade Secret
Code of ethics
Bastion hosts
Software librarian
26. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
ActiveX Object Linking and Embedding
Stream cipher
Digital certificates
EF (Exposure Factor)
27. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Two-Factor Authentication
Multitasking
IRC
TCSEC
28. Transferring your risk to someone else - typically an insurance company
ActiveX Object Linking and Embedding
CGI (The Common Gateway Interface)
Risk Transferring
Checksum
29. The person that determines the permissions to files. The data owner.
Embezzlement
Active attacks
Owner
Throughput of a Biometric System
30. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Due Care
FAR/FRR/CER
IRC
Security Perimeter
31. This is an open international standard for applications that use wireless communications.
Centralized
Passive attacks
ARP (Address Resolution Protocol)
WAP (Wireless Application Protocol)
32. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
ARP (Address Resolution Protocol)
Man trap
Kerberos
33. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Multipartite
Degausser
RADIUS (Remote authentication dial-in user service)
Call tree
34. White hat l0pht
Bugtraq
NAT
EF (Exposure Factor)
Cold Site
35. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Termination procedures
Fraggle
Brute Force
Covert channels
36. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
User
Smart cards
Separation of duties
SQL (Structured Query Language)
37. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
Digital certificates
EF (Exposure Factor)
Risk Mitigation
Hot Site
38. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Symmetric
DHCP
Block cipher
Security Awareness Training
39. Relating to quality or kind. This assigns a level of importance to something.
Raid 0 - 1 - 3 - 5
Checksum
Qualitative
Trap Door
40. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Diffie-Hellman
TACACS (Terminal access controller access control system)
Probing
Digital certificates
41. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Tailgating / Piggybacking
Decentralized
SSH
Passive attacks
42. Repeats the signal. It amplifies the signal before sending it on.
Quantitative
Brute force
Repeaters
Dogs
43. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Worm
Sabotage
Out of band
Multipartite
44. Network Address Translation
Scanning
SQL (Structured Query Language)
Custodian
NAT
45. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Echelon
Security Perimeter
Java
Accreditation
46. These viruses usually infect both boot records and files.
Kerberos
Session Hijacking
Java
Multipartite
47. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Change management
Carnivore
CIA
Attenuation
48. Good for distance - longer than 100M
Coax
SLE (Single Loss Expectancy or Exposure)
SSL/TLS
Digest
49. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Format 7 times
Man trap
SQL (Structured Query Language)
TEMPEST
50. Occupant Emergency Plan - Employees are the most important!
Dumpster diving
OEP
Tokens
Senior Management
