SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Checksum
OSI Model
Aggregation
SSO (Single sign-on)
2. Entails planning and system actions to ensure that a project is following good quality management practices
Dogs
Quality Assurance
PAP (Password Authentication Protocol)
Audit Trail
3. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
Rijndael
Content dependant
Twisted pair
4. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Attenuation
DMZ
Enticement
Hearsay Evidence
5. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
WAP (Wireless Application Protocol)
VLANs
CIA
Qualitative
6. Network devices that operate at layer 3. This device separates broadcast domains.
Patent
Birthday attack
Virtual Memory/Pagefile.sys
Routers
7. When two or more processes are linked and execute multiple programs simultaneously
OEP
Sabotage
Bugtraq
Multiprocessing
8. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Audit Trail
Tokens
Centralized
Quality Assurance
9. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Clipping levels
Keystroke logging
Echelon
BIA
10. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
SQL (Structured Query Language)
PAP (Password Authentication Protocol)
Degausser
Trap Door
11. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
CGI (The Common Gateway Interface)
Active attacks
Eavesdropping
Audit Trail
12. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Stream cipher
Sniffing
Twisted pair
Data Mart
13. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
DCOM
Biometrics
Trademark
DNS cache poisoning
14. This is an open international standard for applications that use wireless communications.
Tokens
Covert channels
Bastion hosts
WAP (Wireless Application Protocol)
15. Computer Incident Response Team
Hardware
Owner
FAR/FRR/CER
CIRT
16. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Hearsay Evidence
Java
Detective - Preventive - Corrective
Script kiddies
17. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Inference
Social engineering
Logic bomb
Accreditation
18. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Content dependant
Brute force
SYN Flood
Reciprocal agreement
19. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
DCOM
Tokens
Senior Management
Dictionary Attack
20. When one key of a two-key pair has more encryption pattern than the other
Firewall types
Asymmetric
Script kiddies
Tort
21. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Decentralized
Carnivore
Wiretapping
Certification
22. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Burden of Proof
Authentication
Debug
ARO (Annualized Rate of Occurrence)
23. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
EF (Exposure Factor)
ARP (Address Resolution Protocol)
CIA
PAP (Password Authentication Protocol)
24. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Tokens
EF (Exposure Factor)
Cyphertext only
Keystroke logging
25. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
/etc/passwd
Burden of Proof
Toneloc
Tokens
26. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
ROM (Read-only memory)
COM
Code of ethics
Digital signing
27. Disclosure - Alteration - Destruction. These things break the CIA triad
Software librarian
DAD
Wiretapping
Virtual Memory/Pagefile.sys
28. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Noise & perturbation
Inference
Centralized
Sniffing
29. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
ALE (Annualized Loss Expectancy)
Private Addressing
Fire extinguisher
SSH
30. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Risk Analysis
Macro
CHAP
AES (Advanced Encryption Standard)
31. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Enticement
Due Care
SSH
SSO (Single sign-on)
32. The act of identifying yourself. Providing your identity to a system
Software development lifecycle
Identification
Fire extinguisher
Username/password
33. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
CEO
Asset Value
Script
Teardrop
34. Dialing fixed sets telephone numbers looking for open modem connections to machines
Degausser
Joke
War dialing
Due Care
35. A site that is ready physically but has no hardware in place - all it has is HVAC
Cold Site
Rolling hot sites
Block cipher
Trojan horses
36. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Worm
Logic bomb
Biometrics
Smurf
37. An attempt to trick the system into believing that something false is real
Hoax
Centralized
Hardware
Copyright
38. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
CD-Rom
Warm Site
Patriot Act
Spoofing
39. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Out of band
DNS cache poisoning
Carnivore
Transposition
40. Someone who hacks
Promiscuous mode
Hacker
Trojan horses
Caesar Cipher
41. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Passive attacks
Closed network
Data remanence
Content dependant
42. Transferring your risk to someone else - typically an insurance company
CCTV
Patent
Risk Transferring
Carnivore
43. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Smurf
Buffer overflow
Biometrics
Base-64
44. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Entrapment
Expert System
Clipper Chip
Schema
45. More discriminate than dogs
Patriot Act
Warm Site
Tort
Guards
46. The practice of obtaining confidential information by manipulation of legitimate users.
CIO
Boot-sector Virus
Social engineering
Acceptable use
47. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
ROM (Read-only memory)
Halon
Sniffing
Classes of IP networks
48. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
DOS
Decentralized
Tokens
Sabotage
49. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
OSI Model
ARP (Address Resolution Protocol)
Accountability
Format 7 times
50. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Polymorphism
NAT
COOP
CIA
