SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Crosstalk
Smart cards
Identification
Debug
2. The person that determines the permissions to files. The data owner.
Owner
CRC (Cyclic Redundancy Check)
Compiler
Kerberos
3. Internet Architecture Board. This board is responsible for protecting the Internet.
BIA
BIOS
TEMPEST
IAB
4. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Hacker
Private Addressing
Due Diligence
Honey pot
5. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Separation of duties
Decentralized
Phreaker
Brewer-Nash model
6. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Hearsay Evidence
TEMPEST
Reciprocal agreement
Risk Management
7. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Centralized
SYN Flood
Echelon
Senior Management
8. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
SSH
Back door/ trap door/maintenance hook
Risk Mitigation
COOP
9. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Carnivore
Virtual Memory/Pagefile.sys
Polymorphism
Biometrics
10. A system designed to stop piggybacking.
BIA
Trademark
Crosstalk
Man trap
11. An instance of a scripting language
Hubs
CIO
Script
Stream cipher
12. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Tokens
ActiveX Object Linking and Embedding
VLANs
ARO (Annualized Rate of Occurrence)
13. Emanations from one wire coupling with another wire
Crosstalk
Acceptable use
VPN (Virtual Private Network)
VLANs
14. Involving the measurement of quantity or amount.
Sniffing
SSO (Single sign-on)
Quantitative
Hubs
15. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
CD-Rom
Termination procedures
Centralized
Security Perimeter
16. Continuation of Operations Plan
Motion detector
/etc/passwd
COOP
Hoax
17. These can be used to verify that public keys belong to certain individuals.
Dogs
Digital certificates
Brewer-Nash model
MitM
18. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Raid 0 - 1 - 3 - 5
Buffer overflow
Probing
Clipping levels
19. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Boot-sector Virus
Script kiddies
SSO (Single sign-on)
Substitution
20. Repeats the signal. It amplifies the signal before sending it on.
CIRT
Identification
Repeaters
VLANs
21. Reasonable doubt
SSL/TLS
Burden of Proof
Motion detector
Fiber optic
22. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Kerberos
Stream cipher
Security kernel
Mandatory vacation
23. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
DOS
Risk Analysis
War driving
Digest
24. Network devices that operate at layer 3. This device separates broadcast domains.
Routers
Object Oriented Programming
Toneloc
ARO (Annualized Rate of Occurrence)
25. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Content dependant
Qualitative
Boot-sector Virus
Hot Site
26. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Substitution
Masquerade
CIO
Dictionary Attack
27. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
PAP (Password Authentication Protocol)
CIO
Normalization
28. Same as a block cipher except that it is applied to a data stream one bit at a time
Callback Security/Call Forwarding
Stream cipher
Hubs
Digital certificates
29. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
ActiveX Object Linking and Embedding
Data remanence
DNS cache poisoning
Script
30. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Replay
WTLS (Wireless Transport Layer Security)
Format 7 times
Key Escrow
31. In the broadest sense - a fraud is a deception made for personal gain
Echelon
Fraud
Probing
Diffie-Hellman
32. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Out of band
SSO (Single sign-on)
Expert System
Dictionary Attack
33. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
PAP (Password Authentication Protocol)
Authorization
Call tree
Penetration testing
34. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Fraggle
MitM
TEMPEST
Detective - Preventive - Corrective
35. Good for distance - longer than 100M
Coax
Bastion hosts
MitM
SSH
36. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Passive attacks
Entrapment
Fiber optic
Decentralized
37. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Session Hijacking
Non-repudiation
Normalization
Debug
38. Chief Information Officer
Enticement
CIO
Buffer overflow
Polymorphism
39. The process of reducing your risks to an acceptable level based on your risk analysis
Risk Mitigation
Birthday attack
Risk Transferring
Kerberos
40. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Risk Transferring
Out of band
Symmetric
DCOM
41. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Fiber optic
Packet Sniffing
Quantitative
Smurf
42. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Finger scanning
ALE (Annualized Loss Expectancy)
Non-repudiation
ROM (Read-only memory)
43. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Noise & perturbation
Stream cipher
EF (Exposure Factor)
Artificial Neural Networks (ANN)
44. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
CIA
Logic bomb
Accreditation
Hubs
45. Public Key Infrastructure
Trojan horses
Illegal/Unethical
Authorization
PKI
46. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Hackers
Replay
OSI Model
Decentralized
47. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Custodian
Technical - Administrative - Physical
Dictionary Attack
Active attacks
48. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Private Addressing
Dictionary Attack
Covert channels
Job rotation
49. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
SSO (Single sign-on)
Fiber optic
PKI
Finger scanning
50. Internet Relay Chat.
Job rotation
Wiretapping
ARP (Address Resolution Protocol)
IRC