SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Reciprocal agreement
Content dependant
/etc/passwd
CCTV
2. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Separation of duties
Centralized
User
Fraggle
3. Random Number Base
War dialing
Smart cards
Skipjack
Nonce
4. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Classes of IP networks
Attenuation
MOM
SSO (Single sign-on)
5. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Sniffing
Digital signing
Entrapment
Security Awareness Training
6. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Data Mart
Firmware
Accreditation
Multiprocessing
7. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
Probing
Hot Site
War dialing
8. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Job rotation
Polymorphic
Private Addressing
EF (Exposure Factor)
9. Computer Incident Response Team
Object Oriented Programming
CIRT
Fraud
ALE (Annualized Loss Expectancy)
10. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Man trap
Out of band
Teardrop
Replay
11. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Object Oriented Programming
Joke
Scanning
Smart cards
12. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
DDOS
Biometric profile
Reciprocal agreement
Throughput of a Biometric System
13. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
IRC
Salami Slicing
Debug
Packet Sniffing
14. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Hubs
OLE
Separation of duties
Passive attacks
15. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
CEO
Rolling hot sites
SQL (Structured Query Language)
Replay
16. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Audit Trail
OSI Model
Carnivore
SSO (Single sign-on)
17. The person that determines the permissions to files. The data owner.
Software
RADIUS (Remote authentication dial-in user service)
Authorization creep
Owner
18. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Centralized
Trademark
Tokens
Format 7 times
19. Internet Relay Chat.
Java
IRC
Compiler
Dictionary Attack
20. More discriminate than dogs
ActiveX Object Linking and Embedding
RADIUS (Remote authentication dial-in user service)
Honey pot
Guards
21. Making individuals accountable for their actions on a system typically through the use of auditing
OSI Model
Accountability
Multiprocessing
Content dependant
22. Chief Information Officer
Code of ethics
CIO
Fraggle
Well-known ports
23. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Hoax
Sniffing
Accreditation
DNS cache poisoning
24. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
VLANs
Data remanence
Non-repudiation
Hackers
25. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Qualitative
Boot-sector Virus
IRC
TCSEC
26. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Scanning
Digital signing
Stream cipher
Trademark
27. Rolling command center with UPS - satellite - uplink - power - etc.
Rolling hot sites
CEO
Spoofing
ARP (Address Resolution Protocol)
28. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Software development lifecycle
Symmetric
Entrapment
Exit interview
29. Data storage formats and equipment that allow the stored data to be accessed in any order
Risk Mitigation
Replay
Firmware
RAM (Random-access memory)
30. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Rolling hot sites
Base-64
Tokens
Non-repudiation
31. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Patriot Act
Joke
Teardrop
Entrapment
32. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Username/password
UUEncode
DDOS
Certification
33. Method of authenticating to a system. Something that you supply and something you know.
Nonce
TCB
CIO
Username/password
34. Component Object Model.
COM
Hoax
Kerberos
Out of band
35. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
CIO
Trademark
Noise & perturbation
Dictionary Attack
36. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Noise & perturbation
CD-Rom
Hot Site
Carnivore
37. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
SYN Flood
ROM (Read-only memory)
Accountability
CRC (Cyclic Redundancy Check)
38. Ethernet - Cat5 - Twisted to allow for longer runs.
Diffie-Hellman
Twisted pair
Termination procedures
Multitasking
39. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Authorization creep
Packet Sniffing
SSL/TLS
Decentralized
40. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Throughput of a Biometric System
Call tree
Security kernel
Base-64
41. The process of reducing your risks to an acceptable level based on your risk analysis
Username/password
Tokens
Risk Mitigation
Non-repudiation
42. Once authenticated - the level of access you have to a system
Smurf
DDOS
Worm
Authorization
43. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Detective - Preventive - Corrective
Fiber optic
Session Hijacking
Promiscuous mode
44. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
SESAME
SSL/TLS
ALE (Annualized Loss Expectancy)
DNS cache poisoning
45. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Data remanence
Senior Management
Checksum
Telnet
46. White hat l0pht
Bugtraq
Smurf
OSI Model
Software librarian
47. Object Linking and Embedding. The ability of an object to be embedded into another object.
SESAME
Logic bomb
Virtual machine
OLE
48. Occupant Emergency Plan - Employees are the most important!
Cyphertext only
Service packs
OEP
Job rotation
49. A system designed to stop piggybacking.
CIA
Degausser
Man trap
Digital signing
50. Continuation of Operations Plan
Bugtraq
COOP
Normalization
ALE (Annualized Loss Expectancy)
