SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Crosstalk
Substitution
Embezzlement
TCP Wrappers
2. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
/etc/passwd
Boot-sector Virus
ROM (Read-only memory)
3. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
CD-Rom
Tort
Detective - Preventive - Corrective
Illegal/Unethical
4. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Expert systems
MitM
Trade Secret
Hackers
5. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
CHAP
Fiber optic
Encryption
Hardware
6. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Cookies
Trap Door
VPN (Virtual Private Network)
Crosstalk
7. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Honey pot
TCSEC
Fire extinguisher
Data Mart
8. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
OEP
Halon
SSL/TLS
Back door/ trap door/maintenance hook
9. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Fraggle
Burden of Proof
Polymorphism
Sniffing
10. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
CIRT
ARP (Address Resolution Protocol)
Motion detector
Packet Sniffing
11. Entails planning and system actions to ensure that a project is following good quality management practices
Brewer-Nash model
Quality Assurance
Block cipher
Change management
12. The output of a hash function is a digest.
Throughput of a Biometric System
Quality Assurance
Dictionary Attack
Digest
13. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Trojan horses
Symmetric
TCSEC
Inference
14. Same as a block cipher except that it is applied to a data stream one bit at a time
RADIUS (Remote authentication dial-in user service)
Acceptable use
Stream cipher
Brute force
15. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
DMZ
Firmware
Hoax
OLE
16. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Brewer-Nash model
SSO (Single sign-on)
FAR/FRR/CER
Quality Assurance
17. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
ROT-13
Warm Site
Security Perimeter
Spoofing
18. Must be in place for you to use a biometric system
Biometric profile
EF (Exposure Factor)
Authentication
Classes of IP networks
19. Animals with teeth. Not as discriminate as guards
Job rotation
Script
Incentive programs
Dogs
20. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Biometrics
RAM (Random-access memory)
OEP
DDOS
21. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Vulnerability analysis tools
Privacy Act of 1974
Risk Analysis
Cookies
22. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
VLANs
Out of band
Callback Security/Call Forwarding
CCTV
23. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Hackers
Security through obscurity
OSI Model
Degausser
24. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Expert System
Non-repudiation
TEMPEST
TCB
25. Making individuals accountable for their actions on a system typically through the use of auditing
Encryption
Aggregation
Fences
Accountability
26. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Inference
EF (Exposure Factor)
Aggregation
War driving
27. Data storage formats and equipment that allow the stored data to be accessed in any order
Senior Management
Reciprocal agreement
Due Diligence
RAM (Random-access memory)
28. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Centralized
Dictionary Attack
Brute Force
CRC (Cyclic Redundancy Check)
29. Dialing fixed sets telephone numbers looking for open modem connections to machines
Risk Mitigation
War dialing
Due Diligence
Fences
30. The art of breaking code. Testing the strength of an algorithm.
Caesar Cipher
Security through obscurity
Cryptanalysis
Patent
31. Jumping into dumpsters to retrieve information about someone/something/a company
Dumpster diving
TEMPEST
Polymorphic
Trade Secret
32. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Authorization
Call tree
Teardrop
Change management
33. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
CCTV
Toneloc
ActiveX Object Linking and Embedding
34. Good for distance - longer than 100M
Crosstalk
Coax
CCTV
Encryption
35. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
CGI (The Common Gateway Interface)
Repeaters
Dogs
EF (Exposure Factor)
36. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Cookies
Mandatory vacation
Hackers
Multipartite
37. When two or more processes are linked and execute multiple programs simultaneously
Enticement
Multiprocessing
Custodian
User
38. Common Object Request Broker Architecture.
Encryption
IRC
CORBA
Teardrop
39. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Script kiddies
Crosstalk
Fraggle
Copyright
40. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Content dependant
CHAP
SYN Flood
Multithreading
41. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Script
Finger scanning
Two-Factor Authentication
Sabotage
42. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Polymorphic
Fiber optic
Motion detector
Exit interview
43. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
RAM (Random-access memory)
Malware
Entrapment
Logic bomb
44. 'If you cant see it - its secure'. Bad policy to live by.
Termination procedures
Base-64
Security through obscurity
Security kernel
45. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Salami Slicing
Enticement
Script
DOS
46. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Rijndael
Honey pot
Transposition
Java
47. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Honey pot
Switches / Bridges
Authorization
Exit interview
48. Also civil law
RADIUS (Remote authentication dial-in user service)
Reciprocal agreement
Tort
Biometric profile
49. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
User
DNS cache poisoning
Hackers
Software librarian
50. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
CD-Rom
Active attacks
Vulnerability analysis tools
Motion detector
