SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
Twisted pair
Hash
VLANs
2. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Open network
Patent
Tokens
Cyphertext only
3. Basic Input/Output System
BIOS
Promiscuous mode
Smart cards
Patriot Act
4. Entails planning and system actions to ensure that a project is following good quality management practices
Base-64
DDOS
Quality Assurance
DNS cache poisoning
5. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Checksum
Encryption
Security through obscurity
TACACS (Terminal access controller access control system)
6. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
Patent
Change management
Code of ethics
7. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
ALE (Annualized Loss Expectancy)
/etc/passwd
Tort
Fiber optic
8. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Transposition
Packet Sniffing
Dictionary Attack
SSL/TLS
9. Confidentiality - Integrity - and Availability
CIA
Phreaker
Identification
Two-Factor Authentication
10. Involving the measurement of quantity or amount.
Fences
Exit interview
Callback Security/Call Forwarding
Quantitative
11. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Due Care
Virtual machine
FAR/FRR/CER
ROM (Read-only memory)
12. Be at least 8 foot tall and have three strands of barbed wire.
Senior Management
Back door/ trap door/maintenance hook
Fences
Macro
13. Animals with teeth. Not as discriminate as guards
Kerberos
Multitasking
Dogs
Common criteria
14. Setting up the user to access the honeypot for reasons other than the intent to harm.
Biometrics
Burden of Proof
Entrapment
Closed network
15. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Cold Site
TCB
Polymorphism
Halon
16. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
SESAME
Eavesdropping
Dictionary Attack
Data Mart
17. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
DCOM
WAP (Wireless Application Protocol)
Two-Factor Authentication
Compiler
18. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
TEMPEST
RAM (Random-access memory)
MitM
Private Addressing
19. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Accountability
Debug
Call tree
Rijndael
20. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Telnet
Echelon
Hackers
Tort
21. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Twisted pair
Format 7 times
Checksum
Hackers
22. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Replay
Security Perimeter
CRC (Cyclic Redundancy Check)
Trojan horses
23. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Spoofing
Finger printing
Block cipher
Virtual Memory/Pagefile.sys
24. Network Address Translation
NAT
CIA
/etc/passwd
Dogs
25. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
NAT
DOS
Motion detector
Script kiddies
26. Data storage formats and equipment that allow the stored data to be accessed in any order
Termination procedures
RAM (Random-access memory)
Custodian
Username/password
27. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Object Oriented Programming
Dogs
Kerberos
Fences
28. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Separation of duties
SESAME
Promiscuous mode
Embezzlement
29. CISSPs subscribe to a code of ethics for building up the security profession
Stream cipher
Code of ethics
ISDN (Integrated Services Digital Network)
SESAME
30. Dialing fixed sets telephone numbers looking for open modem connections to machines
SSH
War dialing
Expert System
Kerberos
31. The process of reducing your risks to an acceptable level based on your risk analysis
Dictionary Attack
SSO (Single sign-on)
Risk Mitigation
CIA
32. Someone who hacks
Hacker
SSL/TLS
ActiveX Object Linking and Embedding
Termination procedures
33. A network that mimics the brain
Senior Management
Private Addressing
CCTV
Artificial Neural Networks (ANN)
34. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Copyright
CORBA
l0pht
TCSEC
35. A military standard defining controls for emanation protection
ISDN (Integrated Services Digital Network)
Skipjack
TCB
TEMPEST
36. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Job rotation
User
Replay
Illegal/Unethical
37. Scanning the airwaves for radio transmissions
Polymorphism
Common criteria
Audit Trail
Scanning
38. The output of a hash function is a digest.
Teardrop
Bastion hosts
TCSEC
Digest
39. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Motion detector
Sabotage
Change management
Finger printing
40. To not be legal (as far as law is concerned) or ethical
Clipping levels
Checksum
Tokens
Illegal/Unethical
41. Network device that operates at layer 1. Concentrator.
MitM
Tokens
Hubs
TCP Wrappers
42. The user
Polymorphic
OLE
User
Caesar Cipher
43. Good for distance - longer than 100M
Coax
Authorization
Script
Security Perimeter
44. A war dialing utility
Inference
Toneloc
Expert System
Hackers
45. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Entrapment
Vulnerability analysis tools
SSO (Single sign-on)
SQL (Structured Query Language)
46. This is an open international standard for applications that use wireless communications.
Service packs
Security kernel
WAP (Wireless Application Protocol)
l0pht
47. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Virtual Memory/Pagefile.sys
Cryptanalysis
Encryption
Vulnerability analysis tools
48. Using ICMP to diagram a network
Probing
Qualitative
Cyphertext only
Digest
49. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Base-64
Finger printing
Risk Acceptance
Hoax
50. A technique to eliminate data redundancy.
Identification
Worm
Normalization
Dogs
