SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Accepting all packets
Promiscuous mode
Nonce
Eavesdropping
Smart cards
2. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Trademark
Technical - Administrative - Physical
Out of band
Trojan horses
3. Ethernet - Cat5 - Twisted to allow for longer runs.
Symmetric
Twisted pair
DMZ
Buffer overflow
4. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Asymmetric
Sabotage
Hot Site
Dictionary Attack
5. In the broadest sense - a fraud is a deception made for personal gain
Fraud
Expert systems
Hackers
Tort
6. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Tailgating / Piggybacking
Multithreading
DNS cache poisoning
Risk Acceptance
7. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
Multiprocessing
Expert systems
Back door/ trap door/maintenance hook
8. Chief Executive Officer
CEO
Nonce
Separation of duties
Hardware
9. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Change management
ROM (Read-only memory)
Diffie-Hellman
Hot Site
10. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Authorization
Buffer overflow
WTLS (Wireless Transport Layer Security)
Halon
11. When one key of a two-key pair has more encryption pattern than the other
Multipartite
Asymmetric
TEMPEST
OSI Model
12. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Finger scanning
EF (Exposure Factor)
Granularity
Rolling hot sites
13. Must be in place for you to use a biometric system
Hearsay Evidence
CORBA
DCOM
Biometric profile
14. Dynamic Host Configuration Protocol.
Risk Management
Encryption
ISDN (Integrated Services Digital Network)
DHCP
15. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
PAP (Password Authentication Protocol)
Key Escrow
Well-known ports
BIA
16. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
Risk Analysis
Switches / Bridges
Exit interview
CD-Rom
17. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Custodian
Telnet
MitM
CCTV
18. Closed Circuit Television
Hoax
Fiber optic
Twisted pair
CCTV
19. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Granularity
DNS cache poisoning
Smart cards
Firewall types
20. The art of breaking code. Testing the strength of an algorithm.
Cryptanalysis
Copyright
Entrapment
Open network
21. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Fences
Risk Acceptance
Custodian
Entrapment
22. Computer Incident Response Team
Change management
Social engineering
CIRT
MitM
23. The practice of obtaining confidential information by manipulation of legitimate users.
Social engineering
ROM (Read-only memory)
VPN (Virtual Private Network)
Trap Door
24. Dialing fixed sets telephone numbers looking for open modem connections to machines
DAD
Risk Management
MOM
War dialing
25. These viruses usually infect both boot records and files.
Decentralized
Multipartite
SESAME
Finger scanning
26. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
User
Honey pot
Digital signing
CCTV
27. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Trap Door
Out of band
Aggregation
Security Perimeter
28. Assuming someone's session who is unaware of what you are doing
Audit Trail
Due Diligence
Session Hijacking
Asset Value
29. Also known as a tunnel)
Non-repudiation
Trojan horses
Packet Sniffing
VPN (Virtual Private Network)
30. Network Address Translation
Caesar Cipher
Asymmetric
Risk Transferring
NAT
31. Confidentiality - Integrity - and Availability
Granularity
CIA
Switches / Bridges
Call tree
32. Also civil law
Tort
Keystroke logging
CIO
Toneloc
33. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Separation of duties
Packet Sniffing
Wiretapping
Digest
34. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Audit Trail
Twisted pair
Software librarian
UUEncode
35. The act of identifying yourself. Providing your identity to a system
Base-64
Identification
Polymorphic
Passive attacks
36. Someone whose hacking is primarily targeted at the phone systems
Sniffing
Schema
Digest
Phreaker
37. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Data remanence
Accreditation
Normalization
Back door/ trap door/maintenance hook
38. A network that uses proprietary protocols
Content dependant
CIRT
Closed network
CRC (Cyclic Redundancy Check)
39. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Cyphertext only
Hackers
Termination procedures
Dumpster diving
40. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Virtual machine
CRC (Cyclic Redundancy Check)
SQL (Structured Query Language)
Degausser
41. A network entity that provides a single entrance / exit point to the Internet.
Bastion hosts
Asset Value
Nonce
Eavesdropping
42. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Malware
Firewall types
Social engineering
Acceptable use
43. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Aggregation
Change management
ActiveX Object Linking and Embedding
Debug
44. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
DHCP
Fiber optic
Multithreading
Polymorphic
45. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
TCSEC
Burden of Proof
Transposition
Promiscuous mode
46. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Patriot Act
Risk Transferring
BIA
Closed network
47. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
DMZ
Embezzlement
Format 7 times
Quantitative
48. Object Linking and Embedding. The ability of an object to be embedded into another object.
TEMPEST
Symmetric
OLE
Vulnerability analysis tools
49. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
TCP Wrappers
Hoax
Man trap
PAP (Password Authentication Protocol)
50. The real cost of acquiring/maintaining/developing a system
Boot-sector Virus
Asset Value
Trap Door
Dictionary Attack
