SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
DMZ
Due Care
Back door/ trap door/maintenance hook
Fences
2. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Toneloc
Malware
Checksum
Base-64
3. The process of reducing your risks to an acceptable level based on your risk analysis
Custodian
Man trap
Digest
Risk Mitigation
4. Object Linking and Embedding. The ability of an object to be embedded into another object.
Change management
OLE
Schema
Out of band
5. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Finger printing
Technical - Administrative - Physical
Multitasking
Carnivore
6. Be at least 8 foot tall and have three strands of barbed wire.
Active attacks
Tailgating / Piggybacking
Fraud
Fences
7. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
User
CIA
Common criteria
8. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
TCP Wrappers
OLE
Stream cipher
ISDN (Integrated Services Digital Network)
9. An attempt to trick the system into believing that something false is real
Username/password
Covert channels
Hoax
SLE (Single Loss Expectancy or Exposure)
10. Involving the measurement of quantity or amount.
TEMPEST
IAB
Quantitative
Switches / Bridges
11. A network that uses proprietary protocols
Cyphertext only
Well-known ports
Closed network
SSH
12. Random Number Base
Nonce
Transposition
Format 7 times
Throughput of a Biometric System
13. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Degausser
Hoax
Data Mart
Script
14. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Inference
Trademark
Sniffing
TCP Wrappers
15. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Clipping levels
Classes of IP networks
Switches / Bridges
Macro
16. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Risk Acceptance
Hoax
Rijndael
Caesar Cipher
17. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
ARO (Annualized Rate of Occurrence)
Finger printing
WTLS (Wireless Transport Layer Security)
Trade Secret
18. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Joke
Throughput of a Biometric System
Hash
Call tree
19. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Social engineering
Throughput of a Biometric System
Illegal/Unethical
Bastion hosts
20. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Closed network
OSI Model
Brute Force
Code of ethics
21. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Username/password
Polymorphic
Expert System
Fire extinguisher
22. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Trojan horses
Smart cards
COM
Base-64
23. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
Open network
TCP Wrappers
ROM (Read-only memory)
Software
24. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Crosstalk
Two-Factor Authentication
Patent
DHCP
25. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Granularity
War driving
SLE (Single Loss Expectancy or Exposure)
Software
26. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Patent
Dogs
Polymorphic
Risk Management
27. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Coax
Reciprocal agreement
Exit interview
ARO (Annualized Rate of Occurrence)
28. When two or more processes are linked and execute multiple programs simultaneously
Fraggle
Multiprocessing
Macro
Probing
29. Transferring your risk to someone else - typically an insurance company
Risk Transferring
SSH
RADIUS (Remote authentication dial-in user service)
SSO (Single sign-on)
30. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Compiler
Birthday attack
Audit Trail
Due Care
31. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Multithreading
Toneloc
BIOS
Script kiddies
32. Someone whose hacking is primarily targeted at the phone systems
Kerberos
Phreaker
Base-64
Halon
33. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Tokens
DHCP
Format 7 times
Privacy Act of 1974
34. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Logic bomb
Scanning
CGI (The Common Gateway Interface)
Quantitative
35. Data storage formats and equipment that allow the stored data to be accessed in any order
Change management
Packet Sniffing
Checksum
RAM (Random-access memory)
36. Motive - Opportunity - and Means. These deal with crime.
Patriot Act
MOM
Substitution
Digital signing
37. A site that has some equipment in place - and can be up within days
Hot Site
Covert channels
Warm Site
Transposition
38. Emanations from one wire coupling with another wire
Crosstalk
Multitasking
RADIUS (Remote authentication dial-in user service)
CORBA
39. Internet Architecture Board. This board is responsible for protecting the Internet.
Granularity
Replay
Firewall types
IAB
40. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Acceptable use
SLE (Single Loss Expectancy or Exposure)
Brewer-Nash model
Callback Security/Call Forwarding
41. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Logic bomb
Due Care
Expert System
Routers
42. A hidden communications channel on a system that allows for the bypassing of the system security policy
Centralized
Covert channels
Script
SQL (Structured Query Language)
43. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Patriot Act
Quantitative
Call tree
Routers
44. Chief Information Officer
Expert systems
Termination procedures
Smart cards
CIO
45. Personal - Network - and Application
Firewall types
Closed network
Common criteria
Hardware
46. Relating to quality or kind. This assigns a level of importance to something.
Macro
Qualitative
OEP
Copyright
47. The person that determines the permissions to files. The data owner.
CRC (Cyclic Redundancy Check)
UUEncode
Fraud
Owner
48. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
SESAME
Cold Site
Digital certificates
IRC
49. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
Multitasking
Virtual Memory/Pagefile.sys
Sabotage
50. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
Termination procedures
Compiler
Schema