SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Symmetric
Hearsay Evidence
Software
Encryption
2. A network entity that provides a single entrance / exit point to the Internet.
/etc/passwd
Cryptanalysis
Identification
Bastion hosts
3. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
DDOS
Hash
Biometric profile
Digital certificates
4. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Risk Mitigation
DAD
Rolling hot sites
Masquerade
5. White hat l0pht
Schema
Bugtraq
Software development lifecycle
Granularity
6. Also known as a tunnel)
Keystroke logging
Multipartite
SSH
VPN (Virtual Private Network)
7. The real cost of acquiring/maintaining/developing a system
Due Care
Asset Value
Copyright
Tailgating / Piggybacking
8. A sandbox. Emulates an operating environment.
Crosstalk
PKI
Virtual machine
Firewall types
9. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Clipping levels
Enticement
COM
Username/password
10. Using ICMP to diagram a network
Open network
Motion detector
Entrapment
Probing
11. These viruses usually infect both boot records and files.
Multipartite
Incentive programs
Illegal/Unethical
Trojan horses
12. A war dialing utility
Toneloc
Multithreading
EF (Exposure Factor)
Wiretapping
13. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Identification
Routers
Common criteria
Stream cipher
14. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
CRC (Cyclic Redundancy Check)
Patent
Reciprocal agreement
Risk Acceptance
15. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
BIOS
Replay
ActiveX Object Linking and Embedding
Honey pot
16. In a separation of duties model - this is where code is checked in and out
BIOS
Hubs
TCP Wrappers
Software librarian
17. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
CD-Rom
Spoofing
Well-known ports
ALE (Annualized Loss Expectancy)
18. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
War driving
SESAME
Decentralized
19. A mechanism by which connections to TCP services on a system are allowed or disallowed
Detective - Preventive - Corrective
Fraggle
TCSEC
TCP Wrappers
20. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Job rotation
Halon
Code of ethics
Throughput of a Biometric System
21. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Software development lifecycle
Compiler
Authorization
RAM (Random-access memory)
22. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Tailgating / Piggybacking
Raid 0 - 1 - 3 - 5
Illegal/Unethical
Custodian
23. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Key Escrow
Sabotage
Biometrics
Acceptable use
24. These can be used to verify that public keys belong to certain individuals.
RADIUS (Remote authentication dial-in user service)
Data Mart
Open network
Digital certificates
25. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Tokens
Toneloc
RADIUS (Remote authentication dial-in user service)
Digest
26. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Smart cards
Technical - Administrative - Physical
Normalization
RADIUS (Remote authentication dial-in user service)
27. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
OSI Model
Schema
Sniffing
SYN Flood
28. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
ROT-13
Block cipher
Job rotation
Separation of duties
29. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
Teardrop
Vulnerability analysis tools
User
30. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Authorization creep
Multitasking
Aggregation
TCSEC
31. Good for distance - longer than 100M
Coax
Probing
Noise & perturbation
Firewall types
32. Software designed to infiltrate or damage a computer system - without the owner's consent.
Routers
CEO
Senior Management
Malware
33. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
DMZ
MitM
Dictionary Attack
Crosstalk
34. A military standard defining controls for emanation protection
Aggregation
TEMPEST
CCTV
Copyright
35. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Java
Warm Site
Transposition
Macro
36. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Firewall types
Schema
Script kiddies
Symmetric
37. In cryptography - it is a block cipher
OSI Model
Closed network
Skipjack
Boot-sector Virus
38. Continuation of Operations Plan
COOP
Biometric profile
DMZ
Trademark
39. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Smart cards
Packet Sniffing
War driving
Aggregation
40. Chief Information Officer
CIO
Wiretapping
Owner
ALE (Annualized Loss Expectancy)
41. Same as a block cipher except that it is applied to a data stream one bit at a time
Stream cipher
Man trap
Hacker
OLE
42. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Non-repudiation
Probing
CHAP
Callback Security/Call Forwarding
43. Ethernet - Cat5 - Twisted to allow for longer runs.
Granularity
Salami Slicing
ROM (Read-only memory)
Twisted pair
44. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Firmware
Accreditation
Digital signing
Macro
45. A site that has some equipment in place - and can be up within days
Warm Site
Accreditation
Masquerade
Hubs
46. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Encryption
Back door/ trap door/maintenance hook
DNS cache poisoning
Boot-sector Virus
47. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
ISDN (Integrated Services Digital Network)
Expert System
Java
Job rotation
48. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
COOP
Polymorphic
Covert channels
Carnivore
49. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Replay
Due Diligence
OLE
Routers
50. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Accreditation
Callback Security/Call Forwarding
Multiprocessing
Key Escrow
