SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The intercepting of conversations by unintended recipients
Accountability
Risk Transferring
Format 7 times
Eavesdropping
2. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Rijndael
Attenuation
OSI Model
Clipper Chip
3. Network Address Translation
OEP
NAT
ARO (Annualized Rate of Occurrence)
Closed network
4. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Call tree
Hot Site
DOS
Packet Sniffing
5. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Phreaker
Vulnerability analysis tools
Classes of IP networks
Twisted pair
6. Personal - Network - and Application
Biometrics
RADIUS (Remote authentication dial-in user service)
IRC
Firewall types
7. A site that is ready physically but has no hardware in place - all it has is HVAC
l0pht
Cold Site
Reciprocal agreement
COOP
8. Someone who hacks
Hacker
Fire extinguisher
MOM
l0pht
9. The ability to have more than one thread associated with a process
COM
Multithreading
Finger scanning
Software development lifecycle
10. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Audit Trail
Carnivore
Hoax
CIRT
11. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
VLANs
OEP
Security Awareness Training
12. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
SLE (Single Loss Expectancy or Exposure)
BIOS
Noise & perturbation
Substitution
13. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Block cipher
Illegal/Unethical
Cyphertext only
Change management
14. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Block cipher
Throughput of a Biometric System
DNS cache poisoning
SESAME
15. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Guards
Security kernel
Finger scanning
SSO (Single sign-on)
16. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Teardrop
Owner
Hearsay Evidence
MitM
17. Encompasses Risk Analysis and Risk Mitigation
CRC (Cyclic Redundancy Check)
Risk Management
Dumpster diving
Private Addressing
18. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Transposition
Software development lifecycle
CGI (The Common Gateway Interface)
Key Escrow
19. Good for distance - longer than 100M
Risk Analysis
Sniffing
Coax
Encryption
20. A RFC standard. A mechanism for performing commands on a remote system
Tailgating / Piggybacking
Telnet
War driving
TCSEC
21. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Brute Force
Nonce
ISDN (Integrated Services Digital Network)
DOS
22. Signal degradation as it moves farther from its source
Macro
Fraggle
Crosstalk
Attenuation
23. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Copyright
Owner
Common criteria
User
24. Making individuals accountable for their actions on a system typically through the use of auditing
Accountability
Degausser
Trojan horses
SSO (Single sign-on)
25. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Hash
ROT-13
Senior Management
Passive attacks
26. A mechanism by which connections to TCP services on a system are allowed or disallowed
Centralized
Acceptable use
Tailgating / Piggybacking
TCP Wrappers
27. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Eavesdropping
ALE (Annualized Loss Expectancy)
Inference
Smart cards
28. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Multitasking
Acceptable use
Security kernel
Audit Trail
29. Jumping into dumpsters to retrieve information about someone/something/a company
WTLS (Wireless Transport Layer Security)
Dumpster diving
Replay
DAD
30. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Expert System
Data Mart
Kerberos
Due Diligence
31. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
Acceptable use
ROT-13
Multiprocessing
32. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Patent
Honey pot
Callback Security/Call Forwarding
l0pht
33. Someone whose hacking is primarily targeted at the phone systems
Salami Slicing
DCOM
Phreaker
/etc/passwd
34. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Hearsay Evidence
Salami Slicing
Fraggle
Qualitative
35. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Coax
Accreditation
CHAP
COM
36. A sandbox. Emulates an operating environment.
Virtual machine
Quality Assurance
l0pht
Certification
37. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Trojan horses
Key Escrow
Privacy Act of 1974
Smurf
38. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Burden of Proof
Authentication
Software
Decentralized
39. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Diffie-Hellman
Keystroke logging
Separation of duties
Job rotation
40. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Hash
Checksum
Repeaters
Hot Site
41. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Degausser
Hubs
Repeaters
Object Oriented Programming
42. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Eavesdropping
COM
PKI
SYN Flood
43. Animals with teeth. Not as discriminate as guards
Privacy Act of 1974
Dogs
DHCP
ARO (Annualized Rate of Occurrence)
44. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Buffer overflow
DNS cache poisoning
Due Care
Firewall types
45. Component Object Model.
Multipartite
Due Diligence
Dumpster diving
COM
46. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Promiscuous mode
TCB
Trademark
Worm
47. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Guards
Rolling hot sites
Out of band
Switches / Bridges
48. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Rijndael
Kerberos
Substitution
COM
49. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Checksum
SESAME
SYN Flood
Phreaker
50. Access control method for database based on the content of the database to provide granular access
Asset Value
Termination procedures
Content dependant
Virtual machine