SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
Non-repudiation
User
Eavesdropping
2. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
TACACS (Terminal access controller access control system)
Data Mart
CRC (Cyclic Redundancy Check)
Enticement
3. Reasonable doubt
Toneloc
Base-64
ARP (Address Resolution Protocol)
Burden of Proof
4. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Hackers
ROM (Read-only memory)
Base-64
SQL (Structured Query Language)
5. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Termination procedures
Exit interview
Hardware
OSI Model
6. In cryptography - it is a block cipher
DNS cache poisoning
Smurf
Centralized
Skipjack
7. Chief Information Officer
Risk Transferring
CIO
Encryption
Burden of Proof
8. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Authentication
Trademark
Call tree
Certification
9. A technique to eliminate data redundancy.
Carnivore
Normalization
Due Diligence
TCP Wrappers
10. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
Security kernel
Echelon
Stream cipher
ARP (Address Resolution Protocol)
11. Someone who hacks
Compiler
Hacker
War dialing
ActiveX Object Linking and Embedding
12. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Clipper Chip
FAR/FRR/CER
SSL/TLS
Callback Security/Call Forwarding
13. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Substitution
Data Mart
War dialing
Trojan horses
14. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Hearsay Evidence
Man trap
Software
Security Awareness Training
15. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Echelon
Attenuation
Honey pot
PKI
16. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
DHCP
Motion detector
Hubs
Software
17. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
CIRT
CD-Rom
Data remanence
Detective - Preventive - Corrective
18. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
CIO
Joke
RAM (Random-access memory)
ROM (Read-only memory)
19. In the broadest sense - a fraud is a deception made for personal gain
Fraud
Qualitative
Symmetric
ISDN (Integrated Services Digital Network)
20. Ethernet - Cat5 - Twisted to allow for longer runs.
Twisted pair
Change management
Reciprocal agreement
Embezzlement
21. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Acceptable use
Honey pot
UUEncode
Replay
22. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Virtual Memory/Pagefile.sys
Normalization
Debug
RAM (Random-access memory)
23. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
WTLS (Wireless Transport Layer Security)
Burden of Proof
DNS cache poisoning
Finger scanning
24. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Teardrop
Brewer-Nash model
Finger printing
SESAME
25. Animals with teeth. Not as discriminate as guards
Dogs
UUEncode
Noise & perturbation
Tokens
26. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Software development lifecycle
SLE (Single Loss Expectancy or Exposure)
SSH
Clipping levels
27. Jumping into dumpsters to retrieve information about someone/something/a company
CEO
Reciprocal agreement
Teardrop
Dumpster diving
28. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Classes of IP networks
SSO (Single sign-on)
Routers
Degausser
29. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Promiscuous mode
Trademark
Smurf
Tokens
30. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Tokens
WTLS (Wireless Transport Layer Security)
Guards
Birthday attack
31. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Digital certificates
Clipping levels
COM
Multipartite
32. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Spoofing
WAP (Wireless Application Protocol)
SQL (Structured Query Language)
Bugtraq
33. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Cyphertext only
DNS cache poisoning
Malware
Quality Assurance
34. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Smurf
Java
Non-repudiation
Trade Secret
35. A network that uses standard protocols (TCP/IP)
NAT
Bastion hosts
Open network
Multiprocessing
36. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Quality Assurance
Passive attacks
DCOM
Decentralized
37. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Senior Management
Fences
Two-Factor Authentication
MOM
38. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Passive attacks
Data Mart
Macro
Keystroke logging
39. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Social engineering
Username/password
SESAME
Schema
40. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
ActiveX Object Linking and Embedding
BIA
Digital certificates
Virtual machine
41. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Service packs
Man trap
Firmware
Hackers
42. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Authorization
DDOS
IAB
Enticement
43. Common Object Request Broker Architecture.
CORBA
DMZ
RADIUS (Remote authentication dial-in user service)
Multithreading
44. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Trap Door
Wiretapping
Cyphertext only
Throughput of a Biometric System
45. Dynamic Host Configuration Protocol.
Scanning
Crosstalk
DHCP
Masquerade
46. Continuation of Operations Plan
COOP
Joke
SLE (Single Loss Expectancy or Exposure)
SSH
47. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
WTLS (Wireless Transport Layer Security)
ALE (Annualized Loss Expectancy)
Asymmetric
Salami Slicing
48. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
Virtual machine
Attenuation
War driving
49. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Man trap
Illegal/Unethical
Out of band
Aggregation
50. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Patent
Exit interview
Masquerade
CRC (Cyclic Redundancy Check)