SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Security through obscurity
Granularity
Risk Mitigation
Multipartite
2. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
/etc/passwd
Dumpster diving
PKI
Multithreading
3. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Base-64
Scanning
Debug
Brute Force
4. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
ISDN (Integrated Services Digital Network)
Active attacks
Covert channels
Biometrics
5. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Job rotation
Senior Management
Twisted pair
Brewer-Nash model
6. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Detective - Preventive - Corrective
Transposition
Biometrics
Accreditation
7. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
Carnivore
CCTV
EF (Exposure Factor)
Repeaters
8. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Cookies
Fences
Sabotage
Salami Slicing
9. In a separation of duties model - this is where code is checked in and out
Owner
Social engineering
Software librarian
Accreditation
10. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Entrapment
Hot Site
Qualitative
Session Hijacking
11. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Debug
Firewall types
Custodian
Security kernel
12. Defines the objects and their attributes that exist in a database.
Schema
AES (Advanced Encryption Standard)
Detective - Preventive - Corrective
TCP Wrappers
13. Also civil law
Skipjack
IAB
Tort
Burden of Proof
14. Making individuals accountable for their actions on a system typically through the use of auditing
Authorization
Quantitative
Accountability
Tokens
15. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Trade Secret
Biometrics
SSO (Single sign-on)
Base-64
16. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Brute force
Diffie-Hellman
WTLS (Wireless Transport Layer Security)
DDOS
17. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Substitution
Security Perimeter
Toneloc
Security kernel
18. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
RADIUS (Remote authentication dial-in user service)
Security kernel
Polymorphic
Transposition
19. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Packet Sniffing
Mandatory vacation
Technical - Administrative - Physical
Hearsay Evidence
20. Using ICMP to diagram a network
Data Mart
Probing
Digest
Toneloc
21. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
ROT-13
Hash
Normalization
Passive attacks
22. Internet Relay Chat.
Diffie-Hellman
Crosstalk
IRC
Embezzlement
23. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Technical - Administrative - Physical
Cookies
Vulnerability analysis tools
Halon
24. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Quality Assurance
DHCP
Separation of duties
Hearsay Evidence
25. Dialing fixed sets telephone numbers looking for open modem connections to machines
Dictionary Attack
Non-repudiation
War dialing
Closed network
26. Access control method for database based on the content of the database to provide granular access
Rolling hot sites
Content dependant
Raid 0 - 1 - 3 - 5
Teardrop
27. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Privacy Act of 1974
Separation of duties
FAR/FRR/CER
Encryption
28. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
PAP (Password Authentication Protocol)
RAM (Random-access memory)
WAP (Wireless Application Protocol)
Custodian
29. Same as a block cipher except that it is applied to a data stream one bit at a time
Embezzlement
Stream cipher
Multipartite
Decentralized
30. These can be used to verify that public keys belong to certain individuals.
TCSEC
Risk Analysis
Digital certificates
CRC (Cyclic Redundancy Check)
31. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Privacy Act of 1974
Trade Secret
Decentralized
Tokens
32. Software designed to infiltrate or damage a computer system - without the owner's consent.
Burden of Proof
Trojan horses
Malware
Enticement
33. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Classes of IP networks
Inference
Sabotage
Clipper Chip
34. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
DMZ
Hash
Accountability
Expert systems
35. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Compiler
Illegal/Unethical
l0pht
Private Addressing
36. Rolling command center with UPS - satellite - uplink - power - etc.
Rolling hot sites
OEP
Wiretapping
Embezzlement
37. Network devices that operate at layer 3. This device separates broadcast domains.
Rijndael
Routers
Fences
Decentralized
38. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
VPN (Virtual Private Network)
Social engineering
Script kiddies
Base-64
39. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Sniffing
DOS
Dictionary Attack
Dumpster diving
40. When security is managed at many different points in an organization
Probing
Decentralized
Authentication
Expert systems
41. More discriminate than dogs
Guards
Firmware
IRC
Block cipher
42. In cryptography - it is a block cipher
DAD
Cyphertext only
Hot Site
Skipjack
43. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Buffer overflow
BIA
Content dependant
Man trap
44. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Embezzlement
Patriot Act
Echelon
Eavesdropping
45. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Stream cipher
Firmware
Carnivore
Brewer-Nash model
46. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
BIA
PAP (Password Authentication Protocol)
NAT
Accreditation
47. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Change management
Illegal/Unethical
TCSEC
Throughput of a Biometric System
48. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Cyphertext only
UUEncode
Rolling hot sites
Worm
49. Jumping into dumpsters to retrieve information about someone/something/a company
Patent
Hardware
Dumpster diving
Trojan horses
50. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Wiretapping
Cyphertext only
Twisted pair
Open network