SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Authentication
Mandatory vacation
Patent
Hearsay Evidence
2. Also known as a tunnel)
Open network
VPN (Virtual Private Network)
Birthday attack
Callback Security/Call Forwarding
3. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Data Mart
Two-Factor Authentication
Patent
Honey pot
4. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Replay
ALE (Annualized Loss Expectancy)
Well-known ports
Telnet
5. A sandbox. Emulates an operating environment.
Virtual machine
CHAP
COOP
Asymmetric
6. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Warm Site
Hackers
Artificial Neural Networks (ANN)
Compiler
7. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
ARP (Address Resolution Protocol)
Polymorphic
Format 7 times
CEO
8. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
BIA
Caesar Cipher
OLE
SSL/TLS
9. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Common criteria
Block cipher
Buffer overflow
Two-Factor Authentication
10. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Caesar Cipher
/etc/passwd
Dictionary Attack
Clipping levels
11. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Caesar Cipher
Patriot Act
Expert System
Diffie-Hellman
12. A site that has some equipment in place - and can be up within days
Polymorphism
Replay
Warm Site
Embezzlement
13. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
War driving
Security Awareness Training
Brute force
Finger printing
14. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Multitasking
Aggregation
Hacker
ActiveX Object Linking and Embedding
15. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Security Perimeter
Replay
Keystroke logging
CRC (Cyclic Redundancy Check)
16. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Degausser
Copyright
Normalization
Decentralized
17. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Joke
l0pht
FAR/FRR/CER
Audit Trail
18. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Software librarian
Burden of Proof
Logic bomb
Back door/ trap door/maintenance hook
19. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Inference
Trademark
Job rotation
SESAME
20. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Transposition
Rolling hot sites
Non-repudiation
CCTV
21. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Artificial Neural Networks (ANN)
Copyright
Debug
Two-Factor Authentication
22. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
AES (Advanced Encryption Standard)
CHAP
Data remanence
Embezzlement
23. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
WTLS (Wireless Transport Layer Security)
Motion detector
Raid 0 - 1 - 3 - 5
Dumpster diving
24. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
SYN Flood
Brewer-Nash model
Hoax
Repeaters
25. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
DCOM
CRC (Cyclic Redundancy Check)
Multiprocessing
Aggregation
26. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Switches / Bridges
Non-repudiation
CORBA
ALE (Annualized Loss Expectancy)
27. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Common criteria
SLE (Single Loss Expectancy or Exposure)
Fire extinguisher
Private Addressing
28. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Macro
Trademark
SSO (Single sign-on)
/etc/passwd
29. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Skipjack
Joke
Multipartite
WAP (Wireless Application Protocol)
30. Scanning the airwaves for radio transmissions
IRC
TCB
Trademark
Scanning
31. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Probing
Security Awareness Training
Detective - Preventive - Corrective
Stream cipher
32. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
SLE (Single Loss Expectancy or Exposure)
Honey pot
Firewall types
Sniffing
33. Someone who hacks
Centralized
TCSEC
Out of band
Hacker
34. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Certification
Entrapment
Object Oriented Programming
DHCP
35. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
Stream cipher
DAD
User
36. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
Trade Secret
Transposition
Hardware
37. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Content dependant
Wiretapping
Fraud
Keystroke logging
38. A network that uses proprietary protocols
Closed network
WAP (Wireless Application Protocol)
Malware
SESAME
39. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Diffie-Hellman
Custodian
Degausser
RADIUS (Remote authentication dial-in user service)
40. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Clipping levels
Digital certificates
Firewall types
Detective - Preventive - Corrective
41. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Attenuation
CCTV
Multitasking
Trojan horses
42. Relating to quality or kind. This assigns a level of importance to something.
Cryptanalysis
Qualitative
Centralized
Incentive programs
43. Assuming someone's session who is unaware of what you are doing
Session Hijacking
Java
Asset Value
ARP (Address Resolution Protocol)
44. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Replay
Due Diligence
Echelon
Accreditation
45. These can be used to verify that public keys belong to certain individuals.
Digital certificates
Brewer-Nash model
Packet Sniffing
Open network
46. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Security Awareness Training
SSL/TLS
Expert systems
Masquerade
47. An instance of a scripting language
Scanning
COOP
Script
Motion detector
48. The practice of obtaining confidential information by manipulation of legitimate users.
Raid 0 - 1 - 3 - 5
Social engineering
Rijndael
Bastion hosts
49. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
PAP (Password Authentication Protocol)
Patriot Act
Bugtraq
Trojan horses
50. Basic Input/Output System
Dictionary Attack
Phreaker
BIOS
Accreditation