SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Private Addressing
BIA
Finger scanning
Classes of IP networks
2. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Sabotage
Centralized
Service packs
Hearsay Evidence
3. A sandbox. Emulates an operating environment.
Certification
ActiveX Object Linking and Embedding
Keystroke logging
Virtual machine
4. Good for distance - longer than 100M
Decentralized
SSH
Coax
MOM
5. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
Joke
Rolling hot sites
Crosstalk
6. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Logic bomb
Job rotation
Reciprocal agreement
Trade Secret
7. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
TCP Wrappers
Hardware
Security through obscurity
MitM
8. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Identification
Symmetric
ARO (Annualized Rate of Occurrence)
Due Diligence
9. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Technical - Administrative - Physical
Fraud
l0pht
Throughput of a Biometric System
10. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Copyright
Virtual Memory/Pagefile.sys
Back door/ trap door/maintenance hook
Guards
11. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Script
Substitution
Clipper Chip
Dictionary Attack
12. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
COM
Classes of IP networks
Hubs
Tailgating / Piggybacking
13. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Tailgating / Piggybacking
MitM
ISDN (Integrated Services Digital Network)
Trade Secret
14. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Security Awareness Training
Script kiddies
Content dependant
AES (Advanced Encryption Standard)
15. The practice of obtaining confidential information by manipulation of legitimate users.
Substitution
Decentralized
Polymorphism
Social engineering
16. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
OEP
Copyright
Buffer overflow
Fiber optic
17. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
DMZ
ARO (Annualized Rate of Occurrence)
Normalization
Risk Analysis
18. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Fences
Dumpster diving
Due Care
DNS cache poisoning
19. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Rolling hot sites
Throughput of a Biometric System
Salami Slicing
War driving
20. The ability to have more than one thread associated with a process
RAM (Random-access memory)
Accountability
Multithreading
DCOM
21. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
VLANs
Digital certificates
Smurf
DHCP
22. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
War driving
SESAME
Polymorphic
Checksum
23. Chief Information Officer
Data Mart
Salami Slicing
DNS cache poisoning
CIO
24. A hidden communications channel on a system that allows for the bypassing of the system security policy
Dogs
Classes of IP networks
Covert channels
Smurf
25. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
TCSEC
Tailgating / Piggybacking
Security Awareness Training
Hubs
26. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Tokens
Keystroke logging
Well-known ports
Multitasking
27. A network entity that provides a single entrance / exit point to the Internet.
Bastion hosts
Cyphertext only
Promiscuous mode
Job rotation
28. Software designed to infiltrate or damage a computer system - without the owner's consent.
FAR/FRR/CER
Malware
Compiler
Accreditation
29. Personal - Network - and Application
Man trap
Firewall types
Security Perimeter
Trade Secret
30. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Joke
Caesar Cipher
Cryptanalysis
l0pht
31. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Fraggle
Multipartite
Diffie-Hellman
CCTV
32. Dialing fixed sets telephone numbers looking for open modem connections to machines
CIRT
Schema
War dialing
Penetration testing
33. A RFC standard. A mechanism for performing commands on a remote system
Bastion hosts
Telnet
COOP
Trojan horses
34. Must be in place for you to use a biometric system
Risk Management
TCSEC
Biometric profile
Digest
35. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Multithreading
Risk Acceptance
Embezzlement
Guards
36. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Detective - Preventive - Corrective
Tokens
Reciprocal agreement
Polymorphic
37. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
SYN Flood
SSL/TLS
Non-repudiation
ARO (Annualized Rate of Occurrence)
38. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
PKI
Java
Callback Security/Call Forwarding
Reciprocal agreement
39. When one key of a two-key pair has more encryption pattern than the other
Vulnerability analysis tools
Firewall types
Termination procedures
Asymmetric
40. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Certification
Termination procedures
Callback Security/Call Forwarding
ALE (Annualized Loss Expectancy)
41. Reasonable doubt
TACACS (Terminal access controller access control system)
Burden of Proof
CIRT
TCP Wrappers
42. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Scanning
Virtual machine
Smart cards
Toneloc
43. Assuming someone's session who is unaware of what you are doing
TCP Wrappers
Session Hijacking
Keystroke logging
Toneloc
44. Distributed Component Object Model. Microsoft's implementation of CORBA.
Non-repudiation
Security Perimeter
Risk Transferring
DCOM
45. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
SESAME
Normalization
ARP (Address Resolution Protocol)
Accountability
46. A mechanism by which connections to TCP services on a system are allowed or disallowed
Separation of duties
Wiretapping
TCP Wrappers
OLE
47. The art of breaking code. Testing the strength of an algorithm.
Digest
Checksum
Logic bomb
Cryptanalysis
48. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Private Addressing
SESAME
Cookies
ARO (Annualized Rate of Occurrence)
49. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
User
Out of band
Keystroke logging
Due Diligence
50. Method of authenticating to a system. Something that you supply and something you know.
Security through obscurity
Authorization
Username/password
l0pht
