SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Disclosure - Alteration - Destruction. These things break the CIA triad
Hackers
SQL (Structured Query Language)
DAD
FAR/FRR/CER
2. Using ICMP to diagram a network
Macro
Digital certificates
Smart cards
Probing
3. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Asset Value
DCOM
Inference
Raid 0 - 1 - 3 - 5
4. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
OSI Model
AES (Advanced Encryption Standard)
Accountability
TCB
5. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
ISDN (Integrated Services Digital Network)
Coax
Java
Logic bomb
6. Involving the measurement of quantity or amount.
Clipper Chip
Buffer overflow
Multithreading
Quantitative
7. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Attenuation
Incentive programs
Brewer-Nash model
Cold Site
8. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Expert systems
Classes of IP networks
ROT-13
Fraud
9. The intercepting of conversations by unintended recipients
Callback Security/Call Forwarding
Passive attacks
RAM (Random-access memory)
Eavesdropping
10. The process of reducing your risks to an acceptable level based on your risk analysis
Asymmetric
Risk Mitigation
Switches / Bridges
Man trap
11. The real cost of acquiring/maintaining/developing a system
Asset Value
Logic bomb
Accreditation
Due Care
12. Internet Relay Chat.
Acceptable use
IRC
Fences
Fiber optic
13. Assuming someone's session who is unaware of what you are doing
Session Hijacking
PKI
Due Diligence
Multithreading
14. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Firmware
Exit interview
Asymmetric
Due Diligence
15. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Accountability
Tailgating / Piggybacking
Schema
SSL/TLS
16. Making individuals accountable for their actions on a system typically through the use of auditing
Accountability
TCP Wrappers
Patent
Stream cipher
17. Software designed to infiltrate or damage a computer system - without the owner's consent.
Malware
Java
Termination procedures
Warm Site
18. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Encryption
Clipper Chip
Trojan horses
Phreaker
19. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
COOP
TCSEC
Worm
Fiber optic
20. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Diffie-Hellman
Code of ethics
Smurf
ROT-13
21. Random Number Base
EF (Exposure Factor)
Salami Slicing
Nonce
Burden of Proof
22. 'If you cant see it - its secure'. Bad policy to live by.
War driving
Security through obscurity
DCOM
SSH
23. CISSPs subscribe to a code of ethics for building up the security profession
Clipper Chip
Promiscuous mode
Code of ethics
Virtual machine
24. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Birthday attack
DDOS
Patriot Act
DMZ
25. Defines the objects and their attributes that exist in a database.
Schema
Tort
UUEncode
Eavesdropping
26. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Eavesdropping
Routers
Packet Sniffing
CCTV
27. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Content dependant
Cyphertext only
Attenuation
28. The act of identifying yourself. Providing your identity to a system
Identification
CIO
Wiretapping
Back door/ trap door/maintenance hook
29. Dialing fixed sets telephone numbers looking for open modem connections to machines
Debug
War dialing
CHAP
DDOS
30. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Mandatory vacation
Caesar Cipher
ROT-13
ROM (Read-only memory)
31. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Hacker
Motion detector
Firmware
MitM
32. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Due Care
Finger scanning
Checksum
Rijndael
33. When security is managed at many different points in an organization
Biometric profile
Decentralized
Hacker
Patriot Act
34. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
/etc/passwd
CD-Rom
Phreaker
Tokens
35. A network that mimics the brain
TCP Wrappers
Artificial Neural Networks (ANN)
Cold Site
Fraud
36. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Brute force
Sabotage
Object Oriented Programming
Teardrop
37. Enticing people to hit your honeypot to see how they try to access your system.
Scanning
Classes of IP networks
Enticement
User
38. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Packet Sniffing
l0pht
SYN Flood
Malware
39. Reasonable doubt
Aggregation
Script
Burden of Proof
Trademark
40. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Dictionary Attack
Granularity
Patriot Act
Packet Sniffing
41. Someone whose hacking is primarily targeted at the phone systems
Phreaker
PAP (Password Authentication Protocol)
l0pht
Joke
42. When one key of a two-key pair has more encryption pattern than the other
IAB
Twisted pair
Asymmetric
Username/password
43. A technique to eliminate data redundancy.
Attenuation
Normalization
Cookies
NAT
44. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
War driving
Base-64
Security Awareness Training
Patent
45. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Aggregation
Security kernel
Joke
Dictionary Attack
46. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Dogs
Compiler
Spoofing
Cold Site
47. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Substitution
Hackers
Well-known ports
Software development lifecycle
48. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
SSH
Base-64
Script kiddies
Schema
49. A card that holds information that must be authenticated to before it can reveal the information that it is holding
COOP
Dogs
Cold Site
Smart cards
50. Access control method for database based on the content of the database to provide granular access
Tailgating / Piggybacking
Smart cards
Content dependant
Patent
