SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. This is an open international standard for applications that use wireless communications.
Security Perimeter
Software development lifecycle
Private Addressing
WAP (Wireless Application Protocol)
2. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Halon
Format 7 times
Base-64
Key Escrow
3. The act of identifying yourself. Providing your identity to a system
Identification
Phreaker
SESAME
NAT
4. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Polymorphism
Cold Site
Closed network
Risk Analysis
5. A network that uses standard protocols (TCP/IP)
Open network
Buffer overflow
Warm Site
Masquerade
6. Same as a block cipher except that it is applied to a data stream one bit at a time
Stream cipher
Asset Value
Degausser
Fraud
7. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Promiscuous mode
Wiretapping
Well-known ports
Tort
8. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Noise & perturbation
Cold Site
Tailgating / Piggybacking
Change management
9. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Non-repudiation
Separation of duties
Stream cipher
Illegal/Unethical
10. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Replay
Centralized
Trap Door
ROT-13
11. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
l0pht
Packet Sniffing
Qualitative
Clipping levels
12. Confidentiality - Integrity - and Availability
IRC
Joke
CIA
DDOS
13. A RFC standard. A mechanism for performing commands on a remote system
Telnet
IAB
Call tree
Polymorphism
14. Assuming someone's session who is unaware of what you are doing
Session Hijacking
Repeaters
ISDN (Integrated Services Digital Network)
Guards
15. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Switches / Bridges
Guards
Boot-sector Virus
ARP (Address Resolution Protocol)
16. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
Attenuation
Asset Value
Throughput of a Biometric System
17. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
CD-Rom
Username/password
Hoax
DNS cache poisoning
18. A sandbox. Emulates an operating environment.
Virtual machine
Multitasking
Salami Slicing
Reciprocal agreement
19. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Quality Assurance
Key Escrow
UUEncode
Worm
20. The intercepting of conversations by unintended recipients
MitM
Identification
Copyright
Eavesdropping
21. The output of a hash function is a digest.
Digest
Echelon
Due Diligence
SSO (Single sign-on)
22. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Symmetric
Penetration testing
Joke
SYN Flood
23. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Clipping levels
Granularity
MOM
Java
24. 'If you cant see it - its secure'. Bad policy to live by.
Key Escrow
Software librarian
Security through obscurity
Service packs
25. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Accountability
Closed network
Packet Sniffing
EF (Exposure Factor)
26. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Penetration testing
Trap Door
Degausser
Virtual machine
27. Be at least 8 foot tall and have three strands of barbed wire.
Halon
Object Oriented Programming
Detective - Preventive - Corrective
Fences
28. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Twisted pair
Change management
Data remanence
Risk Acceptance
29. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Substitution
Symmetric
DAD
Motion detector
30. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Security kernel
SQL (Structured Query Language)
User
RAM (Random-access memory)
31. Threat to physical security.
Incentive programs
Degausser
Finger scanning
Sabotage
32. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
DAD
Debug
Dictionary Attack
Software development lifecycle
33. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Callback Security/Call Forwarding
DDOS
Security through obscurity
Active attacks
34. Common Object Request Broker Architecture.
Substitution
CORBA
Symmetric
Code of ethics
35. A site that has some equipment in place - and can be up within days
Authorization creep
Acceptable use
Warm Site
Man trap
36. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Content dependant
Exit interview
RADIUS (Remote authentication dial-in user service)
Joke
37. White hat l0pht
Macro
Bugtraq
Two-Factor Authentication
Fences
38. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Echelon
Authentication
Virtual Memory/Pagefile.sys
PAP (Password Authentication Protocol)
39. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Digital certificates
Non-repudiation
Due Diligence
Risk Transferring
40. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Risk Acceptance
Common criteria
BIOS
Private Addressing
41. When security is managed at many different points in an organization
Routers
CCTV
Decentralized
Multitasking
42. Good for distance - longer than 100M
Rolling hot sites
Software development lifecycle
Coax
VLANs
43. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Phreaker
TEMPEST
FAR/FRR/CER
Motion detector
44. Disclosure - Alteration - Destruction. These things break the CIA triad
Masquerade
Kerberos
Social engineering
DAD
45. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
COM
Active attacks
Raid 0 - 1 - 3 - 5
TCSEC
46. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Dictionary Attack
AES (Advanced Encryption Standard)
ALE (Annualized Loss Expectancy)
RADIUS (Remote authentication dial-in user service)
47. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Hubs
Salami Slicing
RADIUS (Remote authentication dial-in user service)
Hot Site
48. A mechanism by which connections to TCP services on a system are allowed or disallowed
ISDN (Integrated Services Digital Network)
TCP Wrappers
/etc/passwd
Script
49. Providing verification to a system
Logic bomb
Authentication
Crosstalk
Phreaker
50. A network entity that provides a single entrance / exit point to the Internet.
Worm
DAD
Bastion hosts
Warm Site
