SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Security Awareness Training
MitM
Quantitative
Mandatory vacation
2. Data storage formats and equipment that allow the stored data to be accessed in any order
Multitasking
Warm Site
MOM
RAM (Random-access memory)
3. Computer Incident Response Team
CIRT
Risk Management
Joke
Patriot Act
4. Repeats the signal. It amplifies the signal before sending it on.
Repeaters
Accountability
Due Care
Toneloc
5. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Acceptable use
Audit Trail
Software librarian
Degausser
6. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
VLANs
TACACS (Terminal access controller access control system)
SYN Flood
Embezzlement
7. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
ARO (Annualized Rate of Occurrence)
OSI Model
Wiretapping
Penetration testing
8. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Closed network
Private Addressing
Hash
Hackers
9. Method of authenticating to a system. Something that you supply and something you know.
Expert System
CORBA
Macro
Username/password
10. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Expert systems
Enticement
Copyright
Base-64
11. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Rijndael
Scanning
Attenuation
Skipjack
12. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
CIA
Macro
Authorization
l0pht
13. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Asset Value
Virtual Memory/Pagefile.sys
UUEncode
ALE (Annualized Loss Expectancy)
14. Access control method for database based on the content of the database to provide granular access
Quantitative
Content dependant
Vulnerability analysis tools
Callback Security/Call Forwarding
15. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Due Care
Classes of IP networks
Skipjack
Hot Site
16. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
SSL/TLS
Switches / Bridges
Asymmetric
Man trap
17. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
TCSEC
Embezzlement
Eavesdropping
Sniffing
18. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Hardware
DNS cache poisoning
Burden of Proof
Wiretapping
19. The process of reducing your risks to an acceptable level based on your risk analysis
Risk Mitigation
Routers
Security Perimeter
VPN (Virtual Private Network)
20. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Compiler
Penetration testing
BIOS
Finger scanning
21. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Due Care
Incentive programs
Teardrop
PAP (Password Authentication Protocol)
22. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Session Hijacking
Software development lifecycle
DCOM
DMZ
23. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Motion detector
Hubs
Sniffing
Multipartite
24. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Patent
Polymorphism
Acceptable use
Brute force
25. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Joke
Firmware
Cookies
PAP (Password Authentication Protocol)
26. 'If you cant see it - its secure'. Bad policy to live by.
Security through obscurity
Patriot Act
Promiscuous mode
CORBA
27. When one key of a two-key pair has more encryption pattern than the other
Polymorphism
Asymmetric
Teardrop
CHAP
28. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Change management
Sniffing
User
Multiprocessing
29. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Risk Transferring
Artificial Neural Networks (ANN)
Smart cards
l0pht
30. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
MOM
Trojan horses
Active attacks
Fire extinguisher
31. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Debug
ActiveX Object Linking and Embedding
Base-64
Exit interview
32. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
WTLS (Wireless Transport Layer Security)
/etc/passwd
Authorization creep
Wiretapping
33. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
CRC (Cyclic Redundancy Check)
SYN Flood
AES (Advanced Encryption Standard)
Worm
34. The user
Closed network
MitM
User
Routers
35. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Acceptable use
Skipjack
Expert systems
Bugtraq
36. Defines the objects and their attributes that exist in a database.
Certification
Open network
FAR/FRR/CER
Schema
37. The practice of obtaining confidential information by manipulation of legitimate users.
Username/password
Patent
Schema
Social engineering
38. When two or more processes are linked and execute multiple programs simultaneously
SQL (Structured Query Language)
Multiprocessing
Caesar Cipher
Hackers
39. This is an open international standard for applications that use wireless communications.
ISDN (Integrated Services Digital Network)
WAP (Wireless Application Protocol)
EF (Exposure Factor)
Worm
40. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Vulnerability analysis tools
Entrapment
Expert System
Transposition
41. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Honey pot
DOS
Security Awareness Training
Incentive programs
42. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
Callback Security/Call Forwarding
Content dependant
Entrapment
43. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Penetration testing
Motion detector
Acceptable use
Username/password
44. A military standard defining controls for emanation protection
TEMPEST
Base-64
Risk Management
BIA
45. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Encryption
Twisted pair
Asymmetric
Digital signing
46. An instance of a scripting language
Throughput of a Biometric System
Cyphertext only
Session Hijacking
Script
47. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
RADIUS (Remote authentication dial-in user service)
DMZ
Service packs
Firmware
48. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Attenuation
Patriot Act
Cold Site
OSI Model
49. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Authorization
RADIUS (Remote authentication dial-in user service)
Script kiddies
Clipping levels
50. Be at least 8 foot tall and have three strands of barbed wire.
Out of band
Fences
Closed network
Social engineering