SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
CD-Rom
Accreditation
Cryptanalysis
Copyright
2. The process of reducing your risks to an acceptable level based on your risk analysis
Hot Site
Brute force
Risk Mitigation
Toneloc
3. Basic Input/Output System
CIO
SESAME
BIOS
Teardrop
4. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
ARP (Address Resolution Protocol)
Data remanence
Quantitative
Fraggle
5. Network device that operates at layer 1. Concentrator.
Trade Secret
Hubs
Copyright
Out of band
6. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
l0pht
Spoofing
MOM
Brute force
7. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Rijndael
Script
CIO
Normalization
8. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Kerberos
Spoofing
SESAME
TEMPEST
9. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Key Escrow
Twisted pair
Audit Trail
Termination procedures
10. Confidentiality - Integrity - and Availability
NAT
Fire extinguisher
CIA
Reciprocal agreement
11. The art of breaking code. Testing the strength of an algorithm.
Username/password
Entrapment
Brewer-Nash model
Cryptanalysis
12. Defines the objects and their attributes that exist in a database.
Virtual Memory/Pagefile.sys
CEO
Schema
Kerberos
13. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Hubs
Common criteria
UUEncode
Echelon
14. A site that is ready physically but has no hardware in place - all it has is HVAC
Script
CHAP
Cold Site
Honey pot
15. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Multipartite
DMZ
Patent
Salami Slicing
16. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Transposition
Due Care
Trade Secret
Fences
17. Object Linking and Embedding. The ability of an object to be embedded into another object.
OLE
Encryption
Transposition
Telnet
18. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Repeaters
Smurf
Active attacks
BIA
19. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Passive attacks
Due Diligence
Digital signing
Owner
20. Random Number Base
Halon
Compiler
Nonce
Vulnerability analysis tools
21. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Boot-sector Virus
Multithreading
Tailgating / Piggybacking
Probing
22. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Hash
Dictionary Attack
CIRT
Callback Security/Call Forwarding
23. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Firmware
Decentralized
Spoofing
Biometrics
24. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Warm Site
SSH
Multitasking
Granularity
25. Be at least 8 foot tall and have three strands of barbed wire.
Common criteria
Fences
CIO
Content dependant
26. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Smart cards
Brewer-Nash model
ARP (Address Resolution Protocol)
TCSEC
27. Disclosure - Alteration - Destruction. These things break the CIA triad
DAD
Vulnerability analysis tools
User
Aggregation
28. Transferring your risk to someone else - typically an insurance company
Audit Trail
AES (Advanced Encryption Standard)
Risk Acceptance
Risk Transferring
29. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Rolling hot sites
SQL (Structured Query Language)
Coax
COM
30. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
ARO (Annualized Rate of Occurrence)
Accountability
Trojan horses
Polymorphic
31. Access control method for database based on the content of the database to provide granular access
Bugtraq
Brute Force
Content dependant
BIA
32. Occupant Emergency Plan - Employees are the most important!
OEP
Smurf
Trap Door
PAP (Password Authentication Protocol)
33. A technique to eliminate data redundancy.
Risk Management
PKI
Expert systems
Normalization
34. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Separation of duties
Trade Secret
MitM
Qualitative
35. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
TCB
Well-known ports
Risk Acceptance
PKI
36. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
DOS
Owner
Brute force
Trojan horses
37. Ethernet - Cat5 - Twisted to allow for longer runs.
CIRT
Halon
Privacy Act of 1974
Twisted pair
38. Repeats the signal. It amplifies the signal before sending it on.
War driving
Schema
Privacy Act of 1974
Repeaters
39. Accepting all packets
TCSEC
Qualitative
Promiscuous mode
Dogs
40. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Phreaker
Closed network
Termination procedures
Exit interview
41. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Noise & perturbation
BIOS
Brute Force
CD-Rom
42. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Format 7 times
Authorization
TEMPEST
Routers
43. A network that uses standard protocols (TCP/IP)
PAP (Password Authentication Protocol)
RAM (Random-access memory)
Clipping levels
Open network
44. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
SSO (Single sign-on)
Trademark
l0pht
Cyphertext only
45. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Trade Secret
Cookies
Brute Force
Burden of Proof
46. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Echelon
Twisted pair
Transposition
Expert System
47. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Authorization
CIO
Rijndael
Inference
48. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Expert System
Burden of Proof
/etc/passwd
Active attacks
49. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
AES (Advanced Encryption Standard)
Authorization creep
Mandatory vacation
COM
50. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Trademark
Polymorphic
Warm Site
Wiretapping