SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Trojan horses
Packet Sniffing
Teardrop
FAR/FRR/CER
2. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Stream cipher
DCOM
Security kernel
CORBA
3. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
IAB
SSL/TLS
Expert systems
TCP Wrappers
4. Good for distance - longer than 100M
Nonce
Cold Site
Enticement
Coax
5. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
COOP
Risk Mitigation
Smurf
SQL (Structured Query Language)
6. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Coax
Buffer overflow
Script
Brute force
7. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Software
Birthday attack
Rolling hot sites
Inference
8. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Passive attacks
Boot-sector Virus
User
Multitasking
9. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Security Awareness Training
Copyright
Clipping levels
10. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Polymorphic
Illegal/Unethical
EF (Exposure Factor)
CGI (The Common Gateway Interface)
11. A RFC standard. A mechanism for performing commands on a remote system
Telnet
Cookies
Warm Site
Debug
12. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Hoax
Raid 0 - 1 - 3 - 5
Promiscuous mode
FAR/FRR/CER
13. Random Number Base
Nonce
Warm Site
OSI Model
Two-Factor Authentication
14. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Degausser
SSO (Single sign-on)
DDOS
VLANs
15. In the broadest sense - a fraud is a deception made for personal gain
Guards
Fraud
Vulnerability analysis tools
Dumpster diving
16. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Macro
Salami Slicing
ROM (Read-only memory)
MOM
17. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Virtual Memory/Pagefile.sys
Trademark
CGI (The Common Gateway Interface)
Brute Force
18. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Trojan horses
Birthday attack
Granularity
Sniffing
19. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Fiber optic
TCB
Fraud
ARP (Address Resolution Protocol)
20. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Birthday attack
Cookies
Expert System
FAR/FRR/CER
21. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Nonce
Cookies
Out of band
Entrapment
22. Involving the measurement of quantity or amount.
War driving
Dictionary Attack
Quantitative
Security kernel
23. Closed Circuit Television
CCTV
Security Awareness Training
Enticement
Coax
24. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Multithreading
Burden of Proof
Multitasking
SSL/TLS
25. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Open network
Fiber optic
Format 7 times
Active attacks
26. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
FAR/FRR/CER
Cryptanalysis
Block cipher
Hot Site
27. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
SLE (Single Loss Expectancy or Exposure)
DMZ
RADIUS (Remote authentication dial-in user service)
Twisted pair
28. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Security kernel
Detective - Preventive - Corrective
DDOS
Copyright
29. The user
Qualitative
Security through obscurity
Accountability
User
30. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Well-known ports
Enticement
SSO (Single sign-on)
Polymorphic
31. These viruses usually infect both boot records and files.
ISDN (Integrated Services Digital Network)
Kerberos
Multipartite
Brute force
32. The output of a hash function is a digest.
Qualitative
WTLS (Wireless Transport Layer Security)
Hoax
Digest
33. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Patent
Dictionary Attack
Cold Site
Termination procedures
34. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Format 7 times
Trade Secret
ALE (Annualized Loss Expectancy)
Nonce
35. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Copyright
Private Addressing
Normalization
Risk Analysis
36. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Smart cards
Echelon
Probing
Inference
37. Access control method for database based on the content of the database to provide granular access
Content dependant
Due Diligence
Noise & perturbation
Risk Acceptance
38. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Macro
Active attacks
Termination procedures
Risk Analysis
39. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
ActiveX Object Linking and Embedding
Patent
Scanning
Trademark
40. A sandbox. Emulates an operating environment.
CGI (The Common Gateway Interface)
Virtual machine
Risk Analysis
Trademark
41. Occupant Emergency Plan - Employees are the most important!
Brewer-Nash model
Custodian
DOS
OEP
42. Also known as a tunnel)
AES (Advanced Encryption Standard)
VPN (Virtual Private Network)
Crosstalk
Dogs
43. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Normalization
Keystroke logging
Non-repudiation
Halon
44. Chief Executive Officer
Block cipher
CEO
Call tree
SESAME
45. In cryptography - it is a block cipher
Spoofing
Biometrics
Skipjack
Entrapment
46. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Crosstalk
Tailgating / Piggybacking
Privacy Act of 1974
SQL (Structured Query Language)
47. The frequency with which a threat is expected to occur.
Vulnerability analysis tools
ARO (Annualized Rate of Occurrence)
Encryption
Telnet
48. Reasonable doubt
Entrapment
Software development lifecycle
Burden of Proof
Back door/ trap door/maintenance hook
49. White hat l0pht
Software development lifecycle
Bugtraq
Fraud
Risk Acceptance
50. A system designed to stop piggybacking.
Man trap
Risk Mitigation
Halon
Software
