SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Diffie-Hellman
Boot-sector Virus
BIA
Switches / Bridges
2. A system designed to stop piggybacking.
BIA
Man trap
Birthday attack
Illegal/Unethical
3. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Finger scanning
Asymmetric
DAD
Carnivore
4. An instance of a scripting language
Macro
Script
Non-repudiation
DDOS
5. Motive - Opportunity - and Means. These deal with crime.
Stream cipher
Symmetric
Smart cards
MOM
6. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Acceptable use
Repeaters
User
Script kiddies
7. Method of authenticating to a system. Something that you supply and something you know.
Certification
Finger scanning
Script
Username/password
8. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Rijndael
Penetration testing
VPN (Virtual Private Network)
Teardrop
9. Motivational tools for employee awareness to get them to report security flaws in an organization
Hot Site
Incentive programs
Telnet
CRC (Cyclic Redundancy Check)
10. Also civil law
Embezzlement
Base-64
MOM
Tort
11. Making individuals accountable for their actions on a system typically through the use of auditing
Fences
Stream cipher
Separation of duties
Accountability
12. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
BIA
Joke
CD-Rom
Diffie-Hellman
13. Signal degradation as it moves farther from its source
Raid 0 - 1 - 3 - 5
Attenuation
Expert systems
Security kernel
14. In the broadest sense - a fraud is a deception made for personal gain
Firewall types
Embezzlement
Fraud
RAM (Random-access memory)
15. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
CRC (Cyclic Redundancy Check)
Trojan horses
Toneloc
Patriot Act
16. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Granularity
Software
ARO (Annualized Rate of Occurrence)
Polymorphism
17. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Vulnerability analysis tools
Logic bomb
Mandatory vacation
Sniffing
18. White hat l0pht
TCP Wrappers
Bugtraq
Hackers
Replay
19. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
COM
ActiveX Object Linking and Embedding
Substitution
VPN (Virtual Private Network)
20. The ability to have more than one thread associated with a process
Guards
Accreditation
Multithreading
Coax
21. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Spoofing
Aggregation
Firewall types
Owner
22. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Technical - Administrative - Physical
Sniffing
Software
Authentication
23. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Exit interview
Multitasking
TCSEC
User
24. More discriminate than dogs
Spoofing
Guards
Cyphertext only
l0pht
25. The process of reducing your risks to an acceptable level based on your risk analysis
Risk Mitigation
War driving
Java
Trade Secret
26. Setting up the user to access the honeypot for reasons other than the intent to harm.
Granularity
Private Addressing
Entrapment
OSI Model
27. The output of a hash function is a digest.
Trade Secret
Authorization creep
Digest
ROT-13
28. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Centralized
AES (Advanced Encryption Standard)
Symmetric
EF (Exposure Factor)
29. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
DOS
Key Escrow
Tokens
Penetration testing
30. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
CD-Rom
Eavesdropping
Hardware
Data remanence
31. Transferring your risk to someone else - typically an insurance company
Quantitative
Smart cards
Risk Transferring
Boot-sector Virus
32. Public Key Infrastructure
PKI
Security Perimeter
Trap Door
Asset Value
33. A technique to eliminate data redundancy.
Script
Normalization
Kerberos
Noise & perturbation
34. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
RAM (Random-access memory)
Clipping levels
Rolling hot sites
Patriot Act
35. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Teardrop
Replay
RADIUS (Remote authentication dial-in user service)
Callback Security/Call Forwarding
36. Common Object Request Broker Architecture.
Cold Site
Symmetric
CORBA
BIA
37. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Packet Sniffing
Noise & perturbation
Hoax
Clipper Chip
38. 'If you cant see it - its secure'. Bad policy to live by.
Repeaters
Security through obscurity
Raid 0 - 1 - 3 - 5
Salami Slicing
39. Rolling command center with UPS - satellite - uplink - power - etc.
Hash
Warm Site
TCSEC
Rolling hot sites
40. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
Halon
BIOS
Fire extinguisher
41. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Centralized
CRC (Cyclic Redundancy Check)
Bugtraq
Schema
42. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Schema
Biometrics
Echelon
ISDN (Integrated Services Digital Network)
43. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Wiretapping
RADIUS (Remote authentication dial-in user service)
Repeaters
Smurf
44. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Hoax
DNS cache poisoning
Custodian
Privacy Act of 1974
45. In cryptography - it is a block cipher
Cookies
Digital certificates
Diffie-Hellman
Skipjack
46. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Decentralized
Open network
Detective - Preventive - Corrective
Hearsay Evidence
47. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Dumpster diving
Technical - Administrative - Physical
Well-known ports
Joke
48. Scanning the airwaves for radio transmissions
Spoofing
Scanning
PAP (Password Authentication Protocol)
Noise & perturbation
49. Access control method for database based on the content of the database to provide granular access
Switches / Bridges
Rijndael
Content dependant
MitM
50. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Hardware
Identification
SESAME
FAR/FRR/CER
