SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Key Escrow
RAM (Random-access memory)
Expert System
Hacker
2. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Embezzlement
CCTV
Promiscuous mode
Degausser
3. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
SYN Flood
Audit Trail
Due Care
Worm
4. Using ICMP to diagram a network
Hubs
Probing
OEP
CORBA
5. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Masquerade
Tokens
Polymorphism
Mandatory vacation
6. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Trojan horses
Virtual machine
DAD
Service packs
7. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Finger scanning
OLE
Quantitative
Due Care
8. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Fiber optic
DHCP
TCSEC
Acceptable use
9. Also known as a tunnel)
VPN (Virtual Private Network)
Trade Secret
Masquerade
MitM
10. White hat l0pht
CGI (The Common Gateway Interface)
Content dependant
Bugtraq
Patriot Act
11. A RFC standard. A mechanism for performing commands on a remote system
Telnet
BIOS
Spoofing
Inference
12. Common Object Request Broker Architecture.
COOP
Incentive programs
CORBA
PKI
13. 'If you cant see it - its secure'. Bad policy to live by.
Software development lifecycle
Security through obscurity
Privacy Act of 1974
WAP (Wireless Application Protocol)
14. Dynamic Host Configuration Protocol.
DHCP
Content dependant
Change management
Illegal/Unethical
15. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Honey pot
Burden of Proof
MitM
Session Hijacking
16. In the broadest sense - a fraud is a deception made for personal gain
Accountability
Multithreading
Fraud
Sniffing
17. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Echelon
Keystroke logging
WAP (Wireless Application Protocol)
Active attacks
18. The art of breaking code. Testing the strength of an algorithm.
Risk Analysis
Asymmetric
Cryptanalysis
RADIUS (Remote authentication dial-in user service)
19. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Toneloc
Substitution
Kerberos
Twisted pair
20. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Back door/ trap door/maintenance hook
Technical - Administrative - Physical
MitM
ARP (Address Resolution Protocol)
21. Defines the objects and their attributes that exist in a database.
Active attacks
SSL/TLS
Schema
Asymmetric
22. When security is managed at a central point in an organization
Centralized
Throughput of a Biometric System
Sniffing
Substitution
23. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Tailgating / Piggybacking
Security Awareness Training
OSI Model
Worm
24. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Dumpster diving
Digest
Macro
Biometrics
25. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Sniffing
Aggregation
Biometric profile
Digital certificates
26. Continuation of Operations Plan
COOP
Patent
Phreaker
Authorization creep
27. Good for distance - longer than 100M
Brute Force
Coax
Dogs
Echelon
28. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Security Awareness Training
Callback Security/Call Forwarding
/etc/passwd
WTLS (Wireless Transport Layer Security)
29. CISSPs subscribe to a code of ethics for building up the security profession
Security through obscurity
Identification
Aggregation
Code of ethics
30. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
OLE
ARP (Address Resolution Protocol)
OEP
Custodian
31. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Authorization
Finger scanning
Smurf
CRC (Cyclic Redundancy Check)
32. The person that controls access to the data
Data remanence
Covert channels
Custodian
DCOM
33. Network devices that operate at layer 3. This device separates broadcast domains.
ARP (Address Resolution Protocol)
Tort
Probing
Routers
34. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Owner
Hardware
Trade Secret
Hot Site
35. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Substitution
Raid 0 - 1 - 3 - 5
Multitasking
Common criteria
36. Animals with teeth. Not as discriminate as guards
Sabotage
Dogs
Digital signing
Session Hijacking
37. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Content dependant
COM
SSL/TLS
TCSEC
38. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Reciprocal agreement
Packet Sniffing
Man trap
Software librarian
39. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Non-repudiation
Penetration testing
ARO (Annualized Rate of Occurrence)
Classes of IP networks
40. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
ISDN (Integrated Services Digital Network)
Finger printing
Kerberos
Call tree
41. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Embezzlement
Senior Management
CGI (The Common Gateway Interface)
Finger scanning
42. Once authenticated - the level of access you have to a system
SQL (Structured Query Language)
Authorization
Common criteria
Salami Slicing
43. A war dialing utility
Hearsay Evidence
VLANs
Artificial Neural Networks (ANN)
Toneloc
44. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Motion detector
Classes of IP networks
Joke
Schema
45. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Service packs
TCP Wrappers
Joke
SESAME
46. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Attenuation
Quantitative
OEP
Job rotation
47. Assuming someone's session who is unaware of what you are doing
Due Care
Session Hijacking
Polymorphic
Burden of Proof
48. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Worm
Open network
Brute force
Sniffing
49. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Clipping levels
Cookies
BIA
Termination procedures
50. Computer Incident Response Team
TCSEC
CIRT
Symmetric
Enticement