SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
War driving
Mandatory vacation
Security Perimeter
Dogs
2. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
MitM
Senior Management
Throughput of a Biometric System
Firmware
3. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
WTLS (Wireless Transport Layer Security)
Java
Man trap
Tokens
4. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Fiber optic
Incentive programs
DNS cache poisoning
Eavesdropping
5. In a separation of duties model - this is where code is checked in and out
VLANs
Finger printing
EF (Exposure Factor)
Software librarian
6. Jumping into dumpsters to retrieve information about someone/something/a company
Dumpster diving
Birthday attack
Identification
DAD
7. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Non-repudiation
Substitution
BIA
Privacy Act of 1974
8. Same as a block cipher except that it is applied to a data stream one bit at a time
Tokens
Eavesdropping
Hash
Stream cipher
9. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Finger printing
Script kiddies
Hardware
War driving
10. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Asset Value
Classes of IP networks
EF (Exposure Factor)
ALE (Annualized Loss Expectancy)
11. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Incentive programs
Format 7 times
Raid 0 - 1 - 3 - 5
Identification
12. Chief Executive Officer
TEMPEST
Detective - Preventive - Corrective
Out of band
CEO
13. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
l0pht
Base-64
Accreditation
Normalization
14. The intercepting of conversations by unintended recipients
Eavesdropping
Non-repudiation
Multiprocessing
User
15. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
IRC
Reciprocal agreement
CIO
UUEncode
16. Motive - Opportunity - and Means. These deal with crime.
Virtual machine
Quality Assurance
Smart cards
MOM
17. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
l0pht
ROM (Read-only memory)
Cyphertext only
CRC (Cyclic Redundancy Check)
18. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
SESAME
PAP (Password Authentication Protocol)
Firmware
Hoax
19. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Mandatory vacation
Dumpster diving
Salami Slicing
Polymorphism
20. The user
User
Software librarian
Patent
Hash
21. A RFC standard. A mechanism for performing commands on a remote system
FAR/FRR/CER
Out of band
Telnet
Software development lifecycle
22. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
DDOS
Username/password
ROM (Read-only memory)
PKI
23. Disclosure - Alteration - Destruction. These things break the CIA triad
Wiretapping
DAD
Cold Site
Masquerade
24. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
VLANs
War dialing
Granularity
COOP
25. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
l0pht
Private Addressing
Spoofing
Separation of duties
26. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Security Perimeter
Joke
Polymorphism
UUEncode
27. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
WAP (Wireless Application Protocol)
EF (Exposure Factor)
Twisted pair
AES (Advanced Encryption Standard)
28. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Joke
CIO
Illegal/Unethical
Transposition
29. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Joke
Digital signing
Hardware
AES (Advanced Encryption Standard)
30. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Man trap
Detective - Preventive - Corrective
DHCP
Security kernel
31. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Buffer overflow
War dialing
Block cipher
OSI Model
32. Enticing people to hit your honeypot to see how they try to access your system.
Enticement
Block cipher
TCB
PAP (Password Authentication Protocol)
33. A military standard defining controls for emanation protection
Symmetric
Firewall types
EF (Exposure Factor)
TEMPEST
34. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Hearsay Evidence
Senior Management
VPN (Virtual Private Network)
OLE
35. Encompasses Risk Analysis and Risk Mitigation
Risk Management
Fences
Hoax
Vulnerability analysis tools
36. Setting up the user to access the honeypot for reasons other than the intent to harm.
Due Diligence
Java
WAP (Wireless Application Protocol)
Entrapment
37. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Switches / Bridges
Wiretapping
Asymmetric
Sniffing
38. Scanning the airwaves for radio transmissions
TCSEC
Digital certificates
DMZ
Scanning
39. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
TACACS (Terminal access controller access control system)
Masquerade
Diffie-Hellman
Crosstalk
40. Confidentiality - Integrity - and Availability
Digital certificates
WTLS (Wireless Transport Layer Security)
CIA
Carnivore
41. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Hackers
Dogs
Masquerade
DHCP
42. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Phreaker
OLE
CHAP
Symmetric
43. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Attenuation
Java
ARP (Address Resolution Protocol)
Biometric profile
44. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Script kiddies
Biometric profile
Certification
Digital certificates
45. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Fraggle
Biometric profile
Clipping levels
Stream cipher
46. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
ActiveX Object Linking and Embedding
Brute Force
Data remanence
Virtual machine
47. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
Risk Analysis
WTLS (Wireless Transport Layer Security)
RAM (Random-access memory)
Software development lifecycle
48. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
EF (Exposure Factor)
Raid 0 - 1 - 3 - 5
Honey pot
Firmware
49. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Throughput of a Biometric System
SSO (Single sign-on)
Enticement
BIA
50. A technique to eliminate data redundancy.
Twisted pair
Quality Assurance
Normalization
Separation of duties