SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Spoofing
Dictionary Attack
Macro
TACACS (Terminal access controller access control system)
2. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Session Hijacking
Brute Force
EF (Exposure Factor)
Compiler
3. Personal - Network - and Application
Trojan horses
Firewall types
Decentralized
Routers
4. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Biometrics
OEP
Polymorphic
Hash
5. Assuming someone's session who is unaware of what you are doing
SSH
Termination procedures
Common criteria
Session Hijacking
6. Emanations from one wire coupling with another wire
Crosstalk
Promiscuous mode
Senior Management
Cold Site
7. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Cookies
Data remanence
Exit interview
TCB
8. Computer Incident Response Team
Teardrop
Cyphertext only
CIRT
VPN (Virtual Private Network)
9. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Hacker
Debug
Biometrics
Audit Trail
10. Network Address Translation
Code of ethics
Identification
Sniffing
NAT
11. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Qualitative
Nonce
Finger printing
ALE (Annualized Loss Expectancy)
12. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Identification
Probing
COM
Trap Door
13. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Carnivore
Callback Security/Call Forwarding
CGI (The Common Gateway Interface)
TCB
14. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Code of ethics
Raid 0 - 1 - 3 - 5
Separation of duties
BIA
15. Dynamic Host Configuration Protocol.
Skipjack
Boot-sector Virus
Man trap
DHCP
16. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Finger printing
Cyphertext only
PAP (Password Authentication Protocol)
Biometrics
17. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Security through obscurity
Tokens
DCOM
Brute Force
18. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Base-64
Data remanence
Two-Factor Authentication
Repeaters
19. A system designed to stop piggybacking.
Audit Trail
COOP
Man trap
Checksum
20. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Masquerade
SSH
Polymorphism
SYN Flood
21. These can be used to verify that public keys belong to certain individuals.
Digital certificates
Trojan horses
Crosstalk
Base-64
22. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Due Care
OEP
RAM (Random-access memory)
Expert System
23. Also known as a tunnel)
DDOS
Multitasking
Risk Analysis
VPN (Virtual Private Network)
24. The art of breaking code. Testing the strength of an algorithm.
Macro
Promiscuous mode
Cryptanalysis
War driving
25. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Content dependant
Motion detector
Halon
Script
26. Occupant Emergency Plan - Employees are the most important!
Open network
Telnet
OEP
Macro
27. To not be legal (as far as law is concerned) or ethical
Key Escrow
Illegal/Unethical
CCTV
WTLS (Wireless Transport Layer Security)
28. The process of reducing your risks to an acceptable level based on your risk analysis
Risk Mitigation
UUEncode
Checksum
Hoax
29. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Classes of IP networks
Clipping levels
Finger printing
DNS cache poisoning
30. A site that is ready physically but has no hardware in place - all it has is HVAC
Multitasking
Cold Site
Incentive programs
Scanning
31. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Virtual machine
Technical - Administrative - Physical
RADIUS (Remote authentication dial-in user service)
UUEncode
32. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
RADIUS (Remote authentication dial-in user service)
Firmware
Callback Security/Call Forwarding
Accreditation
33. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
DHCP
Rolling hot sites
DMZ
Technical - Administrative - Physical
34. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
SYN Flood
Security kernel
Carnivore
Embezzlement
35. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Username/password
SESAME
CORBA
Due Care
36. Continuation of Operations Plan
Multipartite
SSH
COOP
Dogs
37. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Spoofing
Clipping levels
Security through obscurity
Key Escrow
38. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Authentication
Block cipher
Fiber optic
Trade Secret
39. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
Job rotation
Data remanence
Routers
40. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
War dialing
Eavesdropping
Brute Force
Job rotation
41. Someone whose hacking is primarily targeted at the phone systems
Entrapment
Phreaker
Man trap
Scanning
42. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Security Awareness Training
Security Perimeter
Job rotation
OSI Model
43. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
SYN Flood
UUEncode
Hearsay Evidence
Social engineering
44. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Promiscuous mode
Biometric profile
ROT-13
Symmetric
45. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
SQL (Structured Query Language)
Granularity
MOM
Transposition
46. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
Trademark
SSH
Digital signing
CIRT
47. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
l0pht
Reciprocal agreement
Code of ethics
Mandatory vacation
48. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Switches / Bridges
COM
CIRT
Telnet
49. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Fire extinguisher
Burden of Proof
BIOS
Debug
50. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
Technical - Administrative - Physical
EF (Exposure Factor)
ARP (Address Resolution Protocol)
Kerberos
