SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A network that mimics the brain
Keystroke logging
Artificial Neural Networks (ANN)
Trojan horses
EF (Exposure Factor)
2. Occupant Emergency Plan - Employees are the most important!
Birthday attack
Enticement
IAB
OEP
3. An instance of a scripting language
Hacker
Inference
Script
Centralized
4. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
TCSEC
Trademark
BIA
Reciprocal agreement
5. Dialing fixed sets telephone numbers looking for open modem connections to machines
War dialing
Non-repudiation
Debug
Phreaker
6. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
SQL (Structured Query Language)
CGI (The Common Gateway Interface)
Authorization creep
MitM
7. Something used to put out a fire. Can be in Classes A - B - C - D - or H
SSO (Single sign-on)
User
Out of band
Fire extinguisher
8. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
BIOS
Trademark
Throughput of a Biometric System
CGI (The Common Gateway Interface)
9. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
Brewer-Nash model
DHCP
ARP (Address Resolution Protocol)
Fiber optic
10. A war dialing utility
ARP (Address Resolution Protocol)
Due Care
CCTV
Toneloc
11. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Boot-sector Virus
Social engineering
Senior Management
Twisted pair
12. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
DCOM
Detective - Preventive - Corrective
Copyright
Certification
13. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Multitasking
Spoofing
Fire extinguisher
Routers
14. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Due Diligence
Accountability
Rolling hot sites
WAP (Wireless Application Protocol)
15. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Out of band
Halon
Toneloc
Detective - Preventive - Corrective
16. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
CHAP
Echelon
Acceptable use
Session Hijacking
17. White hat l0pht
Telnet
Bugtraq
Artificial Neural Networks (ANN)
Sniffing
18. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Illegal/Unethical
Code of ethics
Service packs
Cryptanalysis
19. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
CIO
Birthday attack
Centralized
20. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Firewall types
Firmware
Birthday attack
VLANs
21. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Hot Site
Covert channels
Session Hijacking
Smurf
22. Setting up the user to access the honeypot for reasons other than the intent to harm.
Hackers
TEMPEST
Entrapment
Detective - Preventive - Corrective
23. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Java
User
Format 7 times
/etc/passwd
24. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Exit interview
Granularity
Halon
Quantitative
25. Internet Architecture Board. This board is responsible for protecting the Internet.
AES (Advanced Encryption Standard)
IAB
CRC (Cyclic Redundancy Check)
Substitution
26. Once authenticated - the level of access you have to a system
Active attacks
NAT
Normalization
Authorization
27. Network devices that operate at layer 3. This device separates broadcast domains.
Termination procedures
Routers
DHCP
Script
28. Method of authenticating to a system. Something that you supply and something you know.
Username/password
Malware
Bastion hosts
Schema
29. Relating to quality or kind. This assigns a level of importance to something.
Fiber optic
Qualitative
Cold Site
Raid 0 - 1 - 3 - 5
30. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
SYN Flood
Entrapment
Owner
Debug
31. Also known as a tunnel)
Expert systems
VPN (Virtual Private Network)
Exit interview
Joke
32. Also civil law
Fiber optic
ISDN (Integrated Services Digital Network)
Tort
Risk Acceptance
33. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Sabotage
Buffer overflow
Firmware
Well-known ports
34. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Digital certificates
Bastion hosts
Passive attacks
Security Perimeter
35. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
DOS
Kerberos
/etc/passwd
Logic bomb
36. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Digital signing
Well-known ports
Artificial Neural Networks (ANN)
Risk Acceptance
37. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Sniffing
Debug
CGI (The Common Gateway Interface)
Risk Acceptance
38. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Teardrop
Packet Sniffing
Schema
Halon
39. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
Format 7 times
Cookies
UUEncode
40. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
CORBA
Hubs
RADIUS (Remote authentication dial-in user service)
BIOS
41. Emanations from one wire coupling with another wire
Cookies
Crosstalk
Multithreading
Script kiddies
42. The frequency with which a threat is expected to occur.
Fences
Boot-sector Virus
Switches / Bridges
ARO (Annualized Rate of Occurrence)
43. In the broadest sense - a fraud is a deception made for personal gain
Boot-sector Virus
Authorization creep
Fraud
Firewall types
44. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Passive attacks
Telnet
Risk Analysis
Script kiddies
45. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Honey pot
PAP (Password Authentication Protocol)
SYN Flood
Vulnerability analysis tools
46. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Echelon
CIA
Diffie-Hellman
Smurf
47. Common Object Request Broker Architecture.
Multipartite
CORBA
User
Illegal/Unethical
48. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
TCSEC
Replay
Firewall types
Service packs
49. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Spoofing
Scanning
Trojan horses
Repeaters
50. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Two-Factor Authentication
Risk Acceptance
Sabotage
SESAME