SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
SSL/TLS
OSI Model
Exit interview
Compiler
2. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Smart cards
WTLS (Wireless Transport Layer Security)
Hardware
Termination procedures
3. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Technical - Administrative - Physical
Hacker
Quality Assurance
Trojan horses
4. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
VLANs
ROM (Read-only memory)
Vulnerability analysis tools
Senior Management
5. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Separation of duties
Aggregation
Hoax
Security Perimeter
6. A gas used in fire suppression. Not human safe. Chemical reaction.
Hot Site
Illegal/Unethical
Halon
MOM
7. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
Risk Acceptance
Stream cipher
Technical - Administrative - Physical
8. Entails planning and system actions to ensure that a project is following good quality management practices
Finger scanning
Reciprocal agreement
Quality Assurance
Man trap
9. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Embezzlement
Cryptanalysis
Smart cards
CCTV
10. The output of a hash function is a digest.
Noise & perturbation
Digest
Worm
Session Hijacking
11. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Cookies
Risk Acceptance
EF (Exposure Factor)
Risk Management
12. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Probing
Finger printing
Noise & perturbation
DMZ
13. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Mandatory vacation
Out of band
Scanning
ActiveX Object Linking and Embedding
14. The person that determines the permissions to files. The data owner.
Hearsay Evidence
Owner
Clipper Chip
ActiveX Object Linking and Embedding
15. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
COOP
Substitution
Digital signing
Finger scanning
16. Internet Relay Chat.
IRC
Authentication
Session Hijacking
Software librarian
17. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Private Addressing
Cookies
Service packs
Digital certificates
18. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Biometrics
Risk Mitigation
Honey pot
Trap Door
19. More discriminate than dogs
Wiretapping
IAB
Guards
Firmware
20. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Masquerade
Promiscuous mode
SLE (Single Loss Expectancy or Exposure)
CHAP
21. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
CCTV
Artificial Neural Networks (ANN)
Joke
Brute force
22. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Hearsay Evidence
Multitasking
ActiveX Object Linking and Embedding
Owner
23. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
CRC (Cyclic Redundancy Check)
Risk Analysis
Risk Transferring
Sniffing
24. Repeats the signal. It amplifies the signal before sending it on.
Aggregation
CIRT
Hot Site
Repeaters
25. The real cost of acquiring/maintaining/developing a system
CHAP
Asset Value
Wiretapping
Dumpster diving
26. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
/etc/passwd
Normalization
Data Mart
Software librarian
27. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Java
Identification
Keystroke logging
Twisted pair
28. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Twisted pair
Brute Force
Artificial Neural Networks (ANN)
Back door/ trap door/maintenance hook
29. Once authenticated - the level of access you have to a system
Authorization
CGI (The Common Gateway Interface)
Call tree
SYN Flood
30. A network entity that provides a single entrance / exit point to the Internet.
DDOS
Artificial Neural Networks (ANN)
Bastion hosts
WTLS (Wireless Transport Layer Security)
31. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
Passive attacks
Social engineering
Packet Sniffing
32. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Polymorphic
War driving
Change management
Kerberos
33. In a separation of duties model - this is where code is checked in and out
Software librarian
Fiber optic
Promiscuous mode
Finger scanning
34. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Expert System
Privacy Act of 1974
Java
Due Care
35. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Nonce
Guards
Accreditation
MitM
36. Dynamic Host Configuration Protocol.
CORBA
DHCP
Fire extinguisher
Mandatory vacation
37. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Key Escrow
Malware
ALE (Annualized Loss Expectancy)
IAB
38. Chief Information Officer
Compiler
Logic bomb
CIO
Virtual machine
39. Disclosure - Alteration - Destruction. These things break the CIA triad
Patriot Act
Accountability
Phreaker
DAD
40. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Enticement
User
Halon
Hash
41. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
ActiveX Object Linking and Embedding
Encryption
Job rotation
Replay
42. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
CIO
Callback Security/Call Forwarding
Code of ethics
Phreaker
43. When security is managed at many different points in an organization
Symmetric
Decentralized
Coax
Software development lifecycle
44. Must be in place for you to use a biometric system
Tailgating / Piggybacking
CORBA
Biometric profile
DCOM
45. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
Buffer overflow
ISDN (Integrated Services Digital Network)
Schema
CORBA
46. The intercepting of conversations by unintended recipients
Eavesdropping
Inference
SQL (Structured Query Language)
Twisted pair
47. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Non-repudiation
Hot Site
Checksum
Exit interview
48. A military standard defining controls for emanation protection
TEMPEST
Boot-sector Virus
Noise & perturbation
Back door/ trap door/maintenance hook
49. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Smurf
Private Addressing
VPN (Virtual Private Network)
Motion detector
50. Setting up the user to access the honeypot for reasons other than the intent to harm.
Digital signing
Entrapment
COM
Diffie-Hellman
