SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Hearsay Evidence
Biometric profile
Logic bomb
Script kiddies
2. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Exit interview
Non-repudiation
Raid 0 - 1 - 3 - 5
CCTV
3. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Vulnerability analysis tools
Digest
Brewer-Nash model
Dictionary Attack
4. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Risk Acceptance
ISDN (Integrated Services Digital Network)
Incentive programs
Senior Management
5. A site that is ready physically but has no hardware in place - all it has is HVAC
Scanning
Risk Management
Security Awareness Training
Cold Site
6. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Expert System
Callback Security/Call Forwarding
EF (Exposure Factor)
Fiber optic
7. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
DCOM
Firmware
Trojan horses
Transposition
8. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
SSH
ARP (Address Resolution Protocol)
WTLS (Wireless Transport Layer Security)
Logic bomb
9. Access control method for database based on the content of the database to provide granular access
Asymmetric
Probing
Penetration testing
Content dependant
10. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Hearsay Evidence
Expert systems
ROT-13
Data Mart
11. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Entrapment
Granularity
Quantitative
Closed network
12. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
TCP Wrappers
Trade Secret
Certification
Copyright
13. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Classes of IP networks
Sniffing
Qualitative
Checksum
14. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
Probing
Warm Site
Hardware
15. Making individuals accountable for their actions on a system typically through the use of auditing
Degausser
ALE (Annualized Loss Expectancy)
Accountability
Acceptable use
16. Motivational tools for employee awareness to get them to report security flaws in an organization
Incentive programs
Multithreading
Patent
MOM
17. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Degausser
DHCP
Embezzlement
Multitasking
18. Same as a block cipher except that it is applied to a data stream one bit at a time
Stream cipher
Wiretapping
Passive attacks
Call tree
19. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Content dependant
Technical - Administrative - Physical
OSI Model
Security Perimeter
20. A network that mimics the brain
Artificial Neural Networks (ANN)
Passive attacks
Security kernel
Authorization creep
21. Network Address Translation
Degausser
NAT
Illegal/Unethical
CIA
22. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Security Perimeter
War driving
Senior Management
RAM (Random-access memory)
23. More discriminate than dogs
Cryptanalysis
Granularity
Logic bomb
Guards
24. Defines the objects and their attributes that exist in a database.
Job rotation
Software
ARO (Annualized Rate of Occurrence)
Schema
25. Once authenticated - the level of access you have to a system
Detective - Preventive - Corrective
Cookies
Authorization
Fire extinguisher
26. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
CEO
/etc/passwd
Expert systems
Virtual Memory/Pagefile.sys
27. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Script kiddies
Patriot Act
Boot-sector Virus
ARP (Address Resolution Protocol)
28. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Clipping levels
Degausser
Spoofing
Schema
29. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
DDOS
l0pht
Back door/ trap door/maintenance hook
Fraud
30. A sandbox. Emulates an operating environment.
Throughput of a Biometric System
NAT
Entrapment
Virtual machine
31. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Brewer-Nash model
Hackers
CEO
Compiler
32. Something used to put out a fire. Can be in Classes A - B - C - D - or H
WTLS (Wireless Transport Layer Security)
Fire extinguisher
Active attacks
Centralized
33. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Digest
Rijndael
Compiler
Tailgating / Piggybacking
34. Computer Incident Response Team
Session Hijacking
CIRT
ARP (Address Resolution Protocol)
ActiveX Object Linking and Embedding
35. Scanning the airwaves for radio transmissions
SLE (Single Loss Expectancy or Exposure)
Scanning
Clipper Chip
Cyphertext only
36. The practice of obtaining confidential information by manipulation of legitimate users.
SSL/TLS
Due Diligence
Social engineering
Key Escrow
37. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Private Addressing
Cyphertext only
Masquerade
Data remanence
38. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Authorization creep
TACACS (Terminal access controller access control system)
Illegal/Unethical
Session Hijacking
39. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
ISDN (Integrated Services Digital Network)
Tort
Checksum
ARO (Annualized Rate of Occurrence)
40. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
OSI Model
Base-64
User
Hoax
41. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Incentive programs
Cookies
Halon
SSH
42. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Trojan horses
Risk Analysis
Polymorphism
Accountability
43. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Data Mart
Crosstalk
l0pht
Man trap
44. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Multiprocessing
Security kernel
Job rotation
Key Escrow
45. An attempt to trick the system into believing that something false is real
Hoax
Custodian
Birthday attack
Brute force
46. To not be legal (as far as law is concerned) or ethical
Phreaker
Illegal/Unethical
Centralized
Masquerade
47. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Substitution
War driving
ISDN (Integrated Services Digital Network)
MOM
48. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
Non-repudiation
Multitasking
Tokens
EF (Exposure Factor)
49. A military standard defining controls for emanation protection
Risk Mitigation
TEMPEST
RADIUS (Remote authentication dial-in user service)
COOP
50. Must be in place for you to use a biometric system
Risk Transferring
EF (Exposure Factor)
Biometric profile
Security kernel