SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Involving the measurement of quantity or amount.
Centralized
Quantitative
SSL/TLS
Brewer-Nash model
2. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
VLANs
DDOS
Dogs
User
3. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Skipjack
Patent
l0pht
SSO (Single sign-on)
4. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Centralized
Java
Covert channels
Tokens
5. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Hardware
Digest
Twisted pair
DNS cache poisoning
6. Entails planning and system actions to ensure that a project is following good quality management practices
Smurf
Quality Assurance
NAT
Wiretapping
7. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Phreaker
Data Mart
Classes of IP networks
Qualitative
8. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Script kiddies
Authentication
Data Mart
/etc/passwd
9. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Base-64
Clipper Chip
Digest
SLE (Single Loss Expectancy or Exposure)
10. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Detective - Preventive - Corrective
War driving
Hoax
Motion detector
11. Dialing fixed sets telephone numbers looking for open modem connections to machines
SSL/TLS
Firmware
Multipartite
War dialing
12. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Switches / Bridges
Polymorphism
SLE (Single Loss Expectancy or Exposure)
Virtual machine
13. Component Object Model.
Echelon
Packet Sniffing
PAP (Password Authentication Protocol)
COM
14. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Incentive programs
Risk Acceptance
Block cipher
CRC (Cyclic Redundancy Check)
15. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Senior Management
Username/password
Kerberos
Caesar Cipher
16. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
BIA
Base-64
Noise & perturbation
Caesar Cipher
17. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Call tree
Salami Slicing
ISDN (Integrated Services Digital Network)
Detective - Preventive - Corrective
18. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Authorization
Security through obscurity
ARP (Address Resolution Protocol)
Cyphertext only
19. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Embezzlement
Enticement
Smart cards
CGI (The Common Gateway Interface)
20. Reasonable doubt
Tokens
Change management
Burden of Proof
l0pht
21. Scanning the airwaves for radio transmissions
Scanning
Stream cipher
Accountability
Fire extinguisher
22. Internet Architecture Board. This board is responsible for protecting the Internet.
Covert channels
Spoofing
Checksum
IAB
23. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Code of ethics
Java
OSI Model
Fraggle
24. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
Toneloc
Custodian
Digital signing
25. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Callback Security/Call Forwarding
Cryptanalysis
Software librarian
Risk Analysis
26. CISSPs subscribe to a code of ethics for building up the security profession
Carnivore
RAM (Random-access memory)
Code of ethics
Malware
27. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
OLE
Format 7 times
Smurf
Rolling hot sites
28. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
AES (Advanced Encryption Standard)
CRC (Cyclic Redundancy Check)
COM
Substitution
29. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
CIRT
DNS cache poisoning
Boot-sector Virus
Rolling hot sites
30. A war dialing utility
Toneloc
OEP
Symmetric
Software development lifecycle
31. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Certification
Software librarian
Risk Mitigation
Common criteria
32. Making individuals accountable for their actions on a system typically through the use of auditing
Packet Sniffing
CD-Rom
Accountability
Joke
33. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Toneloc
Illegal/Unethical
Hash
Brute Force
34. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
Malware
Spoofing
CORBA
ISDN (Integrated Services Digital Network)
35. Personal - Network - and Application
Firewall types
Decentralized
War driving
Termination procedures
36. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Multipartite
Clipper Chip
CIO
Packet Sniffing
37. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
PKI
Smart cards
Phreaker
Wiretapping
38. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Halon
Nonce
Firewall types
TACACS (Terminal access controller access control system)
39. Once authenticated - the level of access you have to a system
SLE (Single Loss Expectancy or Exposure)
Authorization
Joke
Exit interview
40. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
CRC (Cyclic Redundancy Check)
IRC
Throughput of a Biometric System
Granularity
41. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Boot-sector Virus
Trademark
Quantitative
Salami Slicing
42. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Attenuation
Polymorphic
Vulnerability analysis tools
Trojan horses
43. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
MitM
Bugtraq
Teardrop
44. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
SYN Flood
Digital signing
Certification
RADIUS (Remote authentication dial-in user service)
45. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Aggregation
NAT
Mandatory vacation
Acceptable use
46. A military standard defining controls for emanation protection
TEMPEST
Risk Management
Checksum
Quantitative
47. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Clipping levels
Common criteria
Polymorphic
CGI (The Common Gateway Interface)
48. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Callback Security/Call Forwarding
Cyphertext only
Vulnerability analysis tools
Masquerade
49. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Detective - Preventive - Corrective
BIA
Format 7 times
Callback Security/Call Forwarding
50. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
MitM
Change management
Due Diligence
Risk Analysis