SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Personal - Network - and Application
Script
Firewall types
Hoax
Key Escrow
2. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Finger scanning
TCP Wrappers
Centralized
Fiber optic
3. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
ActiveX Object Linking and Embedding
Salami Slicing
Service packs
Hardware
4. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
OEP
ALE (Annualized Loss Expectancy)
Dogs
ARP (Address Resolution Protocol)
5. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
CGI (The Common Gateway Interface)
SSO (Single sign-on)
TCSEC
Object Oriented Programming
6. Network Address Translation
Covert channels
Crosstalk
Classes of IP networks
NAT
7. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
PAP (Password Authentication Protocol)
CD-Rom
Software development lifecycle
Polymorphism
8. Reasonable doubt
CORBA
Burden of Proof
Illegal/Unethical
Honey pot
9. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Security Awareness Training
Fire extinguisher
Masquerade
Script
10. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Risk Mitigation
Schema
Authorization creep
SSL/TLS
11. Once authenticated - the level of access you have to a system
BIOS
Expert systems
Dumpster diving
Authorization
12. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Macro
Repeaters
Probing
Attenuation
13. CISSPs subscribe to a code of ethics for building up the security profession
VLANs
ISDN (Integrated Services Digital Network)
Eavesdropping
Code of ethics
14. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
War driving
CCTV
Smurf
Spoofing
15. Threat to physical security.
Quality Assurance
BIA
Sabotage
Salami Slicing
16. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
CGI (The Common Gateway Interface)
SSO (Single sign-on)
Due Diligence
Toneloc
17. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Mandatory vacation
Due Diligence
Change management
TEMPEST
18. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Separation of duties
Social engineering
Coax
Technical - Administrative - Physical
19. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
Joke
TCP Wrappers
Due Care
ARP (Address Resolution Protocol)
20. An instance of a scripting language
Symmetric
Script
Finger scanning
Rolling hot sites
21. To not be legal (as far as law is concerned) or ethical
Accountability
CIRT
Acceptable use
Illegal/Unethical
22. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic bomb
Hash
Tailgating / Piggybacking
Brute force
23. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Closed network
Phreaker
Debug
Attenuation
24. Network device that operates at layer 1. Concentrator.
Audit Trail
Guards
Polymorphism
Hubs
25. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Privacy Act of 1974
DHCP
Worm
Certification
26. Signal degradation as it moves farther from its source
BIA
Attenuation
NAT
War dialing
27. Continuation of Operations Plan
TEMPEST
Smurf
IAB
COOP
28. These viruses usually infect both boot records and files.
Polymorphism
User
Multipartite
Tort
29. Occupant Emergency Plan - Employees are the most important!
Toneloc
Risk Mitigation
OEP
Guards
30. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Vulnerability analysis tools
Promiscuous mode
Copyright
Social engineering
31. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
ROM (Read-only memory)
Change management
Tokens
DAD
32. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
SLE (Single Loss Expectancy or Exposure)
CHAP
Smart cards
CIO
33. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Classes of IP networks
Keystroke logging
AES (Advanced Encryption Standard)
Hoax
34. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
BIA
Back door/ trap door/maintenance hook
Incentive programs
Halon
35. Jumping into dumpsters to retrieve information about someone/something/a company
ActiveX Object Linking and Embedding
Dumpster diving
ARO (Annualized Rate of Occurrence)
BIA
36. Good for distance - longer than 100M
Passive attacks
Coax
Audit Trail
Bastion hosts
37. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
OSI Model
DCOM
Social engineering
Buffer overflow
38. Animals with teeth. Not as discriminate as guards
Authorization creep
Dictionary Attack
Dogs
Hubs
39. Basic Input/Output System
BIOS
Fences
Authorization
Exit interview
40. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
TACACS (Terminal access controller access control system)
CEO
Sabotage
Mandatory vacation
41. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
CIO
ROT-13
Key Escrow
Passive attacks
42. An attempt to trick the system into believing that something false is real
Sabotage
Digest
Hoax
Data Mart
43. Someone who hacks
Qualitative
EF (Exposure Factor)
Hacker
Dogs
44. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
Security Perimeter
Hubs
Normalization
45. Chief Executive Officer
Trademark
RADIUS (Remote authentication dial-in user service)
CEO
Authentication
46. Transferring your risk to someone else - typically an insurance company
Risk Transferring
DDOS
Security Perimeter
FAR/FRR/CER
47. Relating to quality or kind. This assigns a level of importance to something.
Owner
TCSEC
Qualitative
Skipjack
48. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
ARP (Address Resolution Protocol)
COOP
ISDN (Integrated Services Digital Network)
COM
49. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Encryption
Java
Honey pot
Joke
50. Software designed to infiltrate or damage a computer system - without the owner's consent.
RADIUS (Remote authentication dial-in user service)
Fraggle
Malware
ROM (Read-only memory)