SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A system designed to stop piggybacking.
ARO (Annualized Rate of Occurrence)
Authorization creep
Man trap
TEMPEST
2. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Granularity
SESAME
Motion detector
DHCP
3. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Hoax
Illegal/Unethical
Tailgating / Piggybacking
l0pht
4. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
MOM
MitM
Coax
Cold Site
5. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
UUEncode
Brute Force
Biometric profile
Cryptanalysis
6. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Spoofing
Vulnerability analysis tools
Authorization creep
TCSEC
7. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Fences
Security Perimeter
Burden of Proof
Throughput of a Biometric System
8. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Rijndael
TCB
Bastion hosts
Halon
9. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Trade Secret
ARO (Annualized Rate of Occurrence)
SSH
Hardware
10. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Hacker
Tokens
Key Escrow
Termination procedures
11. Common Object Request Broker Architecture.
Format 7 times
Inference
Scanning
CORBA
12. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Software development lifecycle
Hearsay Evidence
Hoax
Risk Analysis
13. The practice of obtaining confidential information by manipulation of legitimate users.
Block cipher
Centralized
Patent
Social engineering
14. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Two-Factor Authentication
CGI (The Common Gateway Interface)
SQL (Structured Query Language)
Object Oriented Programming
15. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Kerberos
Accountability
Common criteria
Penetration testing
16. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Call tree
Risk Mitigation
ActiveX Object Linking and Embedding
Bastion hosts
17. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Aggregation
Tailgating / Piggybacking
TCB
Expert System
18. The output of a hash function is a digest.
Covert channels
Nonce
Digest
Compiler
19. Defines the objects and their attributes that exist in a database.
TCP Wrappers
Granularity
Qualitative
Schema
20. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
TEMPEST
DMZ
Fiber optic
Senior Management
21. The user
CCTV
Risk Analysis
User
Tokens
22. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Firmware
SESAME
War dialing
Trojan horses
23. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Acceptable use
ROT-13
Callback Security/Call Forwarding
Multipartite
24. A RFC standard. A mechanism for performing commands on a remote system
Authorization creep
Cookies
Biometrics
Telnet
25. Entails planning and system actions to ensure that a project is following good quality management practices
Acceptable use
Digital certificates
Trade Secret
Quality Assurance
26. Involving the measurement of quantity or amount.
Risk Analysis
Honey pot
Quantitative
AES (Advanced Encryption Standard)
27. Someone who hacks
Hacker
Decentralized
Security Perimeter
RAM (Random-access memory)
28. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
Boot-sector Virus
Virtual Memory/Pagefile.sys
Degausser
29. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
CD-Rom
Dictionary Attack
Caesar Cipher
Back door/ trap door/maintenance hook
30. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Illegal/Unethical
Service packs
Birthday attack
Cookies
31. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
MitM
ROM (Read-only memory)
Asymmetric
SESAME
32. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
Encryption
WTLS (Wireless Transport Layer Security)
Passive attacks
Hot Site
33. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Salami Slicing
Risk Acceptance
Security Perimeter
Mandatory vacation
34. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Cryptanalysis
Software
Aggregation
PAP (Password Authentication Protocol)
35. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Classes of IP networks
Packet Sniffing
Bastion hosts
Spoofing
36. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Common criteria
Kerberos
Compiler
Burden of Proof
37. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Buffer overflow
Authorization creep
CORBA
Certification
38. The intercepting of conversations by unintended recipients
Eavesdropping
SESAME
IAB
Checksum
39. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
PAP (Password Authentication Protocol)
Acceptable use
ROM (Read-only memory)
War driving
40. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Block cipher
FAR/FRR/CER
Smart cards
Change management
41. Disclosure - Alteration - Destruction. These things break the CIA triad
Multipartite
Exit interview
Code of ethics
DAD
42. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Reciprocal agreement
SSH
Worm
l0pht
43. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Firmware
Diffie-Hellman
SLE (Single Loss Expectancy or Exposure)
CIA
44. Good for distance - longer than 100M
Phreaker
Coax
Buffer overflow
Code of ethics
45. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Salami Slicing
Accreditation
SSO (Single sign-on)
Data Mart
46. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Cryptanalysis
Data remanence
Vulnerability analysis tools
Boot-sector Virus
47. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Owner
Back door/ trap door/maintenance hook
Echelon
Certification
48. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Symmetric
ROT-13
UUEncode
Hacker
49. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
FAR/FRR/CER
Incentive programs
DCOM
Security Awareness Training
50. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
DDOS
Polymorphic
PKI
Expert System
