SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The intercepting of conversations by unintended recipients
User
Eavesdropping
Brute force
Tokens
2. A war dialing utility
Joke
Toneloc
Raid 0 - 1 - 3 - 5
SQL (Structured Query Language)
3. An attempt to trick the system into believing that something false is real
SLE (Single Loss Expectancy or Exposure)
Hoax
Privacy Act of 1974
Brute Force
4. Good for distance - longer than 100M
Coax
EF (Exposure Factor)
Software librarian
Buffer overflow
5. Must be in place for you to use a biometric system
Cold Site
Biometric profile
Multithreading
Identification
6. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Security kernel
Masquerade
Accreditation
Asset Value
7. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Rijndael
Clipping levels
CD-Rom
Change management
8. Public Key Infrastructure
WTLS (Wireless Transport Layer Security)
Attenuation
Twisted pair
PKI
9. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
DMZ
AES (Advanced Encryption Standard)
EF (Exposure Factor)
Embezzlement
10. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Stream cipher
Repeaters
Packet Sniffing
Hacker
11. White hat l0pht
Inference
Bugtraq
Risk Mitigation
SYN Flood
12. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
BIOS
Expert systems
Firmware
Biometrics
13. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Identification
Exit interview
TCSEC
Accreditation
14. Encompasses Risk Analysis and Risk Mitigation
Virtual machine
Social engineering
Risk Management
Teardrop
15. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Keystroke logging
Dictionary Attack
Mandatory vacation
Scanning
16. Also civil law
Scanning
OSI Model
Tort
DDOS
17. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Incentive programs
Joke
BIOS
Debug
18. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Entrapment
Kerberos
Vulnerability analysis tools
Illegal/Unethical
19. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
RADIUS (Remote authentication dial-in user service)
Nonce
Rolling hot sites
Polymorphic
20. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Back door/ trap door/maintenance hook
Routers
ALE (Annualized Loss Expectancy)
Change management
21. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
EF (Exposure Factor)
Asset Value
Smart cards
OSI Model
22. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Key Escrow
Man trap
Expert systems
Tailgating / Piggybacking
23. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Accountability
Inference
Finger scanning
Teardrop
24. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Tort
Promiscuous mode
Checksum
ROT-13
25. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
RADIUS (Remote authentication dial-in user service)
Asymmetric
Multipartite
Clipping levels
26. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Security kernel
WAP (Wireless Application Protocol)
Virtual machine
Brewer-Nash model
27. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Asymmetric
Script
Illegal/Unethical
Acceptable use
28. Threat to physical security.
CGI (The Common Gateway Interface)
l0pht
Sabotage
ISDN (Integrated Services Digital Network)
29. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Clipper Chip
Multipartite
Hubs
Digital signing
30. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Fire extinguisher
War driving
Checksum
DCOM
31. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Replay
NAT
WAP (Wireless Application Protocol)
COOP
32. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
MitM
Attenuation
Cookies
Telnet
33. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Fraggle
Tokens
Twisted pair
WTLS (Wireless Transport Layer Security)
34. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Granularity
Man trap
TACACS (Terminal access controller access control system)
Software development lifecycle
35. When security is managed at many different points in an organization
Illegal/Unethical
Decentralized
Sabotage
Aggregation
36. The output of a hash function is a digest.
Honey pot
Security Perimeter
Digest
CD-Rom
37. Basic Input/Output System
Tokens
BIOS
Open network
Brewer-Nash model
38. The practice of obtaining confidential information by manipulation of legitimate users.
ROT-13
Social engineering
Format 7 times
DOS
39. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Joke
Polymorphic
SSH
CIO
40. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Risk Mitigation
Fiber optic
Spoofing
Smurf
41. This is an open international standard for applications that use wireless communications.
MOM
Script kiddies
WAP (Wireless Application Protocol)
Quality Assurance
42. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Cryptanalysis
Trap Door
Back door/ trap door/maintenance hook
Repeaters
43. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Switches / Bridges
Decentralized
Compiler
Risk Acceptance
44. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Java
Hearsay Evidence
Coax
Clipping levels
45. When one key of a two-key pair has more encryption pattern than the other
IAB
SSO (Single sign-on)
Rolling hot sites
Asymmetric
46. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Salami Slicing
Audit Trail
Replay
Kerberos
47. A network entity that provides a single entrance / exit point to the Internet.
Format 7 times
Repeaters
Cyphertext only
Bastion hosts
48. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
TCSEC
SSL/TLS
Raid 0 - 1 - 3 - 5
Caesar Cipher
49. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Cyphertext only
Active attacks
SSH
Brewer-Nash model
50. The frequency with which a threat is expected to occur.
Risk Transferring
ARO (Annualized Rate of Occurrence)
Passive attacks
User