SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Username/password
CIA
Private Addressing
Common criteria
2. Someone whose hacking is primarily targeted at the phone systems
Rijndael
Phreaker
Debug
Echelon
3. In a separation of duties model - this is where code is checked in and out
Content dependant
Authorization creep
Software librarian
Telnet
4. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
CIA
Replay
Polymorphism
TCSEC
5. Scanning the airwaves for radio transmissions
Call tree
Clipping levels
Scanning
Expert systems
6. Animals with teeth. Not as discriminate as guards
Teardrop
l0pht
Dogs
Due Diligence
7. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Kerberos
Well-known ports
Salami Slicing
Granularity
8. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Firewall types
Cold Site
Hackers
Reciprocal agreement
9. In cryptography - it is a block cipher
Burden of Proof
Rolling hot sites
Privacy Act of 1974
Skipjack
10. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
SSO (Single sign-on)
PAP (Password Authentication Protocol)
Throughput of a Biometric System
Polymorphism
11. This is an open international standard for applications that use wireless communications.
Artificial Neural Networks (ANN)
Sabotage
WAP (Wireless Application Protocol)
Username/password
12. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
Reciprocal agreement
Penetration testing
Multipartite
13. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Nonce
Acceptable use
Twisted pair
CRC (Cyclic Redundancy Check)
14. Dialing fixed sets telephone numbers looking for open modem connections to machines
SSH
Quantitative
Twisted pair
War dialing
15. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Replay
ISDN (Integrated Services Digital Network)
TACACS (Terminal access controller access control system)
Worm
16. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Tailgating / Piggybacking
TCSEC
SSH
Virtual Memory/Pagefile.sys
17. An attempt to trick the system into believing that something false is real
Vulnerability analysis tools
Hoax
Dogs
Senior Management
18. A mechanism by which connections to TCP services on a system are allowed or disallowed
Due Diligence
Digital certificates
Script
TCP Wrappers
19. Threat to physical security.
Common criteria
Sabotage
Smart cards
Multitasking
20. Defines the objects and their attributes that exist in a database.
CORBA
Skipjack
Diffie-Hellman
Schema
21. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Call tree
Script kiddies
SSH
Mandatory vacation
22. A military standard defining controls for emanation protection
Entrapment
Two-Factor Authentication
Virtual machine
TEMPEST
23. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Two-Factor Authentication
Expert systems
Script kiddies
Keystroke logging
24. Providing verification to a system
DMZ
Authentication
Rolling hot sites
Granularity
25. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
CGI (The Common Gateway Interface)
Trademark
FAR/FRR/CER
DMZ
26. When security is managed at many different points in an organization
Decentralized
Bastion hosts
Checksum
Tailgating / Piggybacking
27. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
TACACS (Terminal access controller access control system)
Content dependant
Malware
Expert System
28. Chief Information Officer
Macro
ROT-13
CIO
Closed network
29. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Fraggle
Throughput of a Biometric System
Biometrics
Hubs
30. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Exit interview
Tailgating / Piggybacking
Enticement
Due Diligence
31. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Cookies
Service packs
Mandatory vacation
OSI Model
32. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Buffer overflow
Call tree
Qualitative
Content dependant
33. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Risk Analysis
NAT
Biometrics
Risk Acceptance
34. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Carnivore
Diffie-Hellman
CIA
CD-Rom
35. Ethernet - Cat5 - Twisted to allow for longer runs.
Twisted pair
Acceptable use
EF (Exposure Factor)
Fire extinguisher
36. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
WTLS (Wireless Transport Layer Security)
Noise & perturbation
Hoax
Logic bomb
37. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
Brewer-Nash model
Birthday attack
Symmetric
38. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
War driving
Base-64
OSI Model
Patent
39. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
Twisted pair
Senior Management
Firewall types
40. Chief Executive Officer
Callback Security/Call Forwarding
Guards
CEO
Risk Transferring
41. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Two-Factor Authentication
Change management
Technical - Administrative - Physical
Vulnerability analysis tools
42. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
DOS
Object Oriented Programming
Software development lifecycle
Nonce
43. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Hearsay Evidence
Logic bomb
Quality Assurance
FAR/FRR/CER
44. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Call tree
Smurf
VLANs
Passive attacks
45. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Covert channels
ActiveX Object Linking and Embedding
Qualitative
Accreditation
46. Disclosure - Alteration - Destruction. These things break the CIA triad
Birthday attack
Passive attacks
Session Hijacking
DAD
47. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Hearsay Evidence
Polymorphic
Aggregation
Wiretapping
48. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Closed network
Mandatory vacation
OSI Model
SESAME
49. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Firmware
SSO (Single sign-on)
Data Mart
Passive attacks
50. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Cold Site
Fraggle
Motion detector
Sniffing