SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Risk Acceptance
Trade Secret
Well-known ports
Security through obscurity
2. More discriminate than dogs
DOS
Worm
Guards
Promiscuous mode
3. Also civil law
Biometric profile
Hash
RAM (Random-access memory)
Tort
4. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Biometric profile
Tokens
Back door/ trap door/maintenance hook
Risk Analysis
5. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Certification
Data Mart
Multithreading
Routers
6. A mechanism by which connections to TCP services on a system are allowed or disallowed
TCP Wrappers
Brewer-Nash model
BIOS
Due Care
7. When security is managed at many different points in an organization
Fences
Probing
VPN (Virtual Private Network)
Decentralized
8. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Eavesdropping
War driving
TCSEC
Asymmetric
9. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
WTLS (Wireless Transport Layer Security)
Penetration testing
Non-repudiation
Dictionary Attack
10. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
ISDN (Integrated Services Digital Network)
Scanning
SSO (Single sign-on)
War driving
11. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Code of ethics
Keystroke logging
Well-known ports
Firewall types
12. Entails planning and system actions to ensure that a project is following good quality management practices
Due Care
Quality Assurance
NAT
Skipjack
13. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Caesar Cipher
Software librarian
Termination procedures
Two-Factor Authentication
14. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
Encryption
Java
Skipjack
Digital signing
15. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
OEP
Birthday attack
Virtual machine
ARP (Address Resolution Protocol)
16. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
SQL (Structured Query Language)
ARO (Annualized Rate of Occurrence)
Stream cipher
ROM (Read-only memory)
17. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Stream cipher
/etc/passwd
SYN Flood
Normalization
18. A military standard defining controls for emanation protection
Rijndael
Technical - Administrative - Physical
Worm
TEMPEST
19. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Script
Hackers
Eavesdropping
Bugtraq
20. Someone who hacks
Buffer overflow
Hacker
Cyphertext only
Normalization
21. A war dialing utility
Toneloc
CIA
Transposition
War dialing
22. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
ISDN (Integrated Services Digital Network)
Rolling hot sites
Granularity
Object Oriented Programming
23. In the broadest sense - a fraud is a deception made for personal gain
Asymmetric
Fraud
Rolling hot sites
Aggregation
24. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Eavesdropping
Active attacks
Security kernel
Replay
25. The act of identifying yourself. Providing your identity to a system
TCB
Honey pot
Identification
AES (Advanced Encryption Standard)
26. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
BIA
Risk Analysis
Job rotation
Firewall types
27. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
SYN Flood
OSI Model
Kerberos
Virtual machine
28. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Trademark
Worm
Phreaker
Fire extinguisher
29. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
DNS cache poisoning
UUEncode
Spoofing
Quality Assurance
30. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Out of band
Switches / Bridges
OEP
Decentralized
31. The person that controls access to the data
CEO
Risk Transferring
BIOS
Custodian
32. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
DCOM
SSH
Copyright
SSO (Single sign-on)
33. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Dictionary Attack
Passive attacks
SLE (Single Loss Expectancy or Exposure)
Security Perimeter
34. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Diffie-Hellman
Encryption
Inference
TCB
35. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Senior Management
Diffie-Hellman
Digital signing
COOP
36. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Out of band
Hot Site
Reciprocal agreement
Firmware
37. Personal - Network - and Application
Firewall types
DCOM
Incentive programs
VLANs
38. Once authenticated - the level of access you have to a system
Checksum
CORBA
Sniffing
Authorization
39. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
Rijndael
Worm
Change management
40. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
CHAP
Digest
Key Escrow
Username/password
41. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Honey pot
Fire extinguisher
Phreaker
CORBA
42. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
PKI
Eavesdropping
Virtual machine
Software development lifecycle
43. Involving the measurement of quantity or amount.
DAD
Quantitative
Packet Sniffing
Biometric profile
44. Computer Incident Response Team
TCP Wrappers
CIRT
Switches / Bridges
Multipartite
45. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Debug
Salami Slicing
Brewer-Nash model
Object Oriented Programming
46. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Security kernel
Worm
Open network
Hash
47. To not be legal (as far as law is concerned) or ethical
Twisted pair
Trojan horses
Illegal/Unethical
ROT-13
48. A sandbox. Emulates an operating environment.
Virtual machine
Code of ethics
DMZ
ROM (Read-only memory)
49. The frequency with which a threat is expected to occur.
Private Addressing
ROT-13
Skipjack
ARO (Annualized Rate of Occurrence)
50. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
VLANs
Enticement
Teardrop
Change management