SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Multitasking
Multiprocessing
TCP Wrappers
Change management
2. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Data Mart
Owner
SSL/TLS
Macro
3. A system designed to stop piggybacking.
Switches / Bridges
TCSEC
Man trap
Boot-sector Virus
4. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Echelon
Security Awareness Training
Sniffing
Tailgating / Piggybacking
5. Also civil law
Debug
Risk Analysis
Tort
Routers
6. Involving the measurement of quantity or amount.
Rolling hot sites
Quantitative
Virtual machine
Separation of duties
7. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
WAP (Wireless Application Protocol)
Degausser
Coax
Tokens
8. Dialing fixed sets telephone numbers looking for open modem connections to machines
Change management
ALE (Annualized Loss Expectancy)
War dialing
Multithreading
9. Access control method for database based on the content of the database to provide granular access
Content dependant
AES (Advanced Encryption Standard)
Halon
ISDN (Integrated Services Digital Network)
10. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Guards
Security Awareness Training
Custodian
Key Escrow
11. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Mandatory vacation
Active attacks
VLANs
Centralized
12. Someone whose hacking is primarily targeted at the phone systems
Private Addressing
Phreaker
War driving
Clipping levels
13. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
User
Software development lifecycle
Detective - Preventive - Corrective
Kerberos
14. Accepting all packets
Aggregation
Promiscuous mode
Call tree
Echelon
15. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Classes of IP networks
SQL (Structured Query Language)
TCB
ROM (Read-only memory)
16. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Boot-sector Virus
Normalization
Virtual Memory/Pagefile.sys
Base-64
17. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Sniffing
Trojan horses
Debug
Firmware
18. Distributed Component Object Model. Microsoft's implementation of CORBA.
Authorization creep
Firewall types
Vulnerability analysis tools
DCOM
19. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Fiber optic
Enticement
Software
Technical - Administrative - Physical
20. Reasonable doubt
Vulnerability analysis tools
Burden of Proof
TCB
Trap Door
21. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Tailgating / Piggybacking
Common criteria
IRC
Brute force
22. Providing verification to a system
Man trap
Authentication
OEP
Stream cipher
23. A network that uses proprietary protocols
Polymorphism
MOM
Toneloc
Closed network
24. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Carnivore
Checksum
SYN Flood
Script kiddies
25. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Brute force
Birthday attack
Trademark
Inference
26. Public Key Infrastructure
Smart cards
WAP (Wireless Application Protocol)
PKI
ActiveX Object Linking and Embedding
27. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Entrapment
IAB
Dictionary Attack
Due Diligence
28. Chief Information Officer
CIO
Patriot Act
Debug
Digest
29. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Hot Site
PAP (Password Authentication Protocol)
Dictionary Attack
Exit interview
30. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Quantitative
Coax
Separation of duties
CIA
31. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Common criteria
Illegal/Unethical
Risk Transferring
Trademark
32. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Embezzlement
CEO
Covert channels
Granularity
33. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Toneloc
SLE (Single Loss Expectancy or Exposure)
Termination procedures
FAR/FRR/CER
34. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Sabotage
Due Care
Throughput of a Biometric System
Dogs
35. The person that controls access to the data
CORBA
Digest
War dialing
Custodian
36. A mechanism by which connections to TCP services on a system are allowed or disallowed
CHAP
Buffer overflow
Risk Mitigation
TCP Wrappers
37. A network entity that provides a single entrance / exit point to the Internet.
Software development lifecycle
IRC
Kerberos
Bastion hosts
38. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
ROT-13
Joke
ActiveX Object Linking and Embedding
Aggregation
39. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Digital signing
OLE
/etc/passwd
IRC
40. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
SQL (Structured Query Language)
Compiler
Closed network
/etc/passwd
41. Transferring your risk to someone else - typically an insurance company
Risk Transferring
Normalization
Boot-sector Virus
Salami Slicing
42. The real cost of acquiring/maintaining/developing a system
Raid 0 - 1 - 3 - 5
Asset Value
Authorization creep
DCOM
43. Assuming someone's session who is unaware of what you are doing
WAP (Wireless Application Protocol)
Teardrop
Burden of Proof
Session Hijacking
44. When security is managed at a central point in an organization
Checksum
Centralized
Active attacks
DMZ
45. A military standard defining controls for emanation protection
Scanning
Embezzlement
Clipping levels
TEMPEST
46. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
ARO (Annualized Rate of Occurrence)
Wiretapping
Script kiddies
CCTV
47. Common Object Request Broker Architecture.
Cyphertext only
Tokens
UUEncode
CORBA
48. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
War driving
Centralized
Quality Assurance
DDOS
49. Dynamic Host Configuration Protocol.
DAD
DHCP
Asymmetric
TCP Wrappers
50. Defines the objects and their attributes that exist in a database.
TEMPEST
Schema
Trade Secret
UUEncode