SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Also civil law
Tort
Dictionary Attack
Username/password
Authorization
2. The frequency with which a threat is expected to occur.
SSH
ARO (Annualized Rate of Occurrence)
Dogs
WAP (Wireless Application Protocol)
3. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
SQL (Structured Query Language)
Multipartite
Expert System
Dictionary Attack
4. Rolling command center with UPS - satellite - uplink - power - etc.
PKI
ActiveX Object Linking and Embedding
Rolling hot sites
Burden of Proof
5. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Brute force
Separation of duties
MitM
Embezzlement
6. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Fraud
Owner
Joke
Smart cards
7. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Audit Trail
Job rotation
TACACS (Terminal access controller access control system)
Mandatory vacation
8. Encompasses Risk Analysis and Risk Mitigation
Risk Management
Routers
Degausser
Sabotage
9. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Well-known ports
Crosstalk
Security kernel
Joke
10. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Technical - Administrative - Physical
Content dependant
DDOS
Asymmetric
11. Data storage formats and equipment that allow the stored data to be accessed in any order
Burden of Proof
MitM
War dialing
RAM (Random-access memory)
12. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
SLE (Single Loss Expectancy or Exposure)
BIOS
Throughput of a Biometric System
Polymorphic
13. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Guards
DNS cache poisoning
War dialing
Sniffing
14. The person that controls access to the data
Motion detector
IAB
Open network
Custodian
15. Accepting all packets
Firewall types
Promiscuous mode
Raid 0 - 1 - 3 - 5
Burden of Proof
16. Continuation of Operations Plan
Burden of Proof
Sabotage
RADIUS (Remote authentication dial-in user service)
COOP
17. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Crosstalk
Salami Slicing
Brute force
Raid 0 - 1 - 3 - 5
18. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Bastion hosts
Hackers
Java
Cryptanalysis
19. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
OEP
Job rotation
Authorization
VLANs
20. Entails planning and system actions to ensure that a project is following good quality management practices
Quality Assurance
Out of band
EF (Exposure Factor)
DCOM
21. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Job rotation
Identification
Honey pot
User
22. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Cryptanalysis
Firmware
SSO (Single sign-on)
Passive attacks
23. A network that uses proprietary protocols
Cold Site
Closed network
Caesar Cipher
Burden of Proof
24. When security is managed at many different points in an organization
Decentralized
COOP
Smart cards
Guards
25. Once authenticated - the level of access you have to a system
Polymorphic
SYN Flood
SQL (Structured Query Language)
Authorization
26. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Block cipher
Granularity
Coax
Risk Analysis
27. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Echelon
Aggregation
Sniffing
Fiber optic
28. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Common criteria
Active attacks
Multitasking
Biometrics
29. Using ICMP to diagram a network
FAR/FRR/CER
Probing
Finger printing
Promiscuous mode
30. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
AES (Advanced Encryption Standard)
CHAP
DNS cache poisoning
Biometrics
31. A network that mimics the brain
Certification
CCTV
Artificial Neural Networks (ANN)
Asset Value
32. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
DHCP
Tailgating / Piggybacking
Coax
NAT
33. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Expert systems
Patriot Act
Due Diligence
Stream cipher
34. Reasonable doubt
TEMPEST
Exit interview
Risk Analysis
Burden of Proof
35. When security is managed at a central point in an organization
Fraud
Centralized
CEO
Hearsay Evidence
36. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Macro
Block cipher
Multiprocessing
CHAP
37. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Phreaker
Aggregation
TEMPEST
Patent
38. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
DMZ
Compiler
Expert System
Common criteria
39. The person that determines the permissions to files. The data owner.
Digital certificates
Owner
DNS cache poisoning
Cyphertext only
40. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Authorization
SSH
Software librarian
Degausser
41. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Incentive programs
Promiscuous mode
Common criteria
War driving
42. A site that is ready physically but has no hardware in place - all it has is HVAC
Private Addressing
Cold Site
Probing
Key Escrow
43. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
CIO
Smart cards
PAP (Password Authentication Protocol)
Authentication
44. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Vulnerability analysis tools
Reciprocal agreement
Technical - Administrative - Physical
Closed network
45. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Certification
DAD
Diffie-Hellman
Accountability
46. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Biometric profile
Buffer overflow
Rijndael
ALE (Annualized Loss Expectancy)
47. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Logic bomb
Detective - Preventive - Corrective
DDOS
Tokens
48. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Script kiddies
DHCP
PAP (Password Authentication Protocol)
Copyright
49. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
SSL/TLS
Sniffing
Expert systems
Degausser
50. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Private Addressing
Audit Trail
CIRT
Data remanence