SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Open network
Biometrics
Caesar Cipher
Keystroke logging
2. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Wiretapping
Hackers
Granularity
Hardware
3. A network that uses standard protocols (TCP/IP)
Qualitative
Open network
Job rotation
Biometric profile
4. A network that uses proprietary protocols
Closed network
Sniffing
Wiretapping
Entrapment
5. Assuming someone's session who is unaware of what you are doing
Noise & perturbation
Data remanence
Identification
Session Hijacking
6. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Worm
Hash
Content dependant
Bastion hosts
7. Reasonable doubt
Hearsay Evidence
Burden of Proof
Risk Mitigation
Vulnerability analysis tools
8. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Brute Force
Mandatory vacation
Social engineering
Biometrics
9. Someone who hacks
Hacker
Virtual Memory/Pagefile.sys
Hubs
Software librarian
10. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Patent
Penetration testing
DAD
Enticement
11. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Encryption
Accreditation
Phreaker
Call tree
12. White hat l0pht
Centralized
Software librarian
Bugtraq
ARO (Annualized Rate of Occurrence)
13. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
RAM (Random-access memory)
Degausser
Biometric profile
TCSEC
14. The intercepting of conversations by unintended recipients
Probing
Eavesdropping
Dictionary Attack
Risk Analysis
15. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Smart cards
SSO (Single sign-on)
Rijndael
BIA
16. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Halon
Two-Factor Authentication
Caesar Cipher
EF (Exposure Factor)
17. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Tailgating / Piggybacking
CCTV
Compiler
Crosstalk
18. Making individuals accountable for their actions on a system typically through the use of auditing
CIO
CCTV
Artificial Neural Networks (ANN)
Accountability
19. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Non-repudiation
Aggregation
Due Care
Patent
20. When security is managed at a central point in an organization
Encryption
CD-Rom
Centralized
CIO
21. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Degausser
Sniffing
Technical - Administrative - Physical
Encryption
22. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Schema
Artificial Neural Networks (ANN)
Inference
Risk Management
23. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Clipper Chip
Change management
DAD
Trade Secret
24. A military standard defining controls for emanation protection
Termination procedures
Carnivore
Callback Security/Call Forwarding
TEMPEST
25. Network devices that operate at layer 3. This device separates broadcast domains.
Hoax
Routers
Repeaters
CEO
26. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
Audit Trail
Due Care
Identification
27. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Inference
OSI Model
Risk Analysis
Enticement
28. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Username/password
Content dependant
Nonce
Well-known ports
29. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Sabotage
Vulnerability analysis tools
Finger scanning
WAP (Wireless Application Protocol)
30. This is an open international standard for applications that use wireless communications.
WAP (Wireless Application Protocol)
ROM (Read-only memory)
Raid 0 - 1 - 3 - 5
Due Diligence
31. An attempt to trick the system into believing that something false is real
Eavesdropping
OSI Model
Hoax
Key Escrow
32. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Asset Value
OSI Model
Data remanence
Passive attacks
33. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
War dialing
Rijndael
RAM (Random-access memory)
34. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Skipjack
Senior Management
Dictionary Attack
Script
35. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Certification
Virtual machine
Tort
Fraggle
36. An instance of a scripting language
Open network
Multipartite
Script
DCOM
37. Dynamic Host Configuration Protocol.
DHCP
Classes of IP networks
Rijndael
Enticement
38. A RFC standard. A mechanism for performing commands on a remote system
Kerberos
OLE
Hearsay Evidence
Telnet
39. Continuation of Operations Plan
COOP
CD-Rom
Boot-sector Virus
Penetration testing
40. Random Number Base
Base-64
Nonce
Kerberos
Qualitative
41. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Burden of Proof
Fraud
Vulnerability analysis tools
AES (Advanced Encryption Standard)
42. Internet Relay Chat.
Technical - Administrative - Physical
Brewer-Nash model
IRC
Eavesdropping
43. The output of a hash function is a digest.
Software
Digest
Motion detector
Technical - Administrative - Physical
44. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
CGI (The Common Gateway Interface)
ALE (Annualized Loss Expectancy)
Bugtraq
Private Addressing
45. The real cost of acquiring/maintaining/developing a system
Audit Trail
Asset Value
Firmware
Risk Analysis
46. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Separation of duties
Software development lifecycle
CGI (The Common Gateway Interface)
Code of ethics
47. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
TCSEC
Aggregation
War driving
Tailgating / Piggybacking
48. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
CIRT
COM
Java
DNS cache poisoning
49. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Wiretapping
Key Escrow
ALE (Annualized Loss Expectancy)
Biometric profile
50. A war dialing utility
Toneloc
Data Mart
MOM
Private Addressing
