SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
TEMPEST
Substitution
Honey pot
PAP (Password Authentication Protocol)
2. Distributed Component Object Model. Microsoft's implementation of CORBA.
Probing
Polymorphic
Cookies
DCOM
3. The art of breaking code. Testing the strength of an algorithm.
Keystroke logging
Cryptanalysis
Common criteria
Patent
4. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Reciprocal agreement
Birthday attack
SSH
Tokens
5. This is an open international standard for applications that use wireless communications.
Software development lifecycle
SSL/TLS
WAP (Wireless Application Protocol)
Common criteria
6. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Bastion hosts
FAR/FRR/CER
Qualitative
/etc/passwd
7. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Debug
WAP (Wireless Application Protocol)
Spoofing
Clipping levels
8. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Due Diligence
Authorization creep
Tort
Rijndael
9. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
CIA
SYN Flood
SESAME
Decentralized
10. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
TCSEC
Entrapment
FAR/FRR/CER
Certification
11. White hat l0pht
WAP (Wireless Application Protocol)
Bugtraq
Hubs
BIOS
12. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Biometric profile
Vulnerability analysis tools
Tort
Rijndael
13. A technique to eliminate data redundancy.
TCB
Smart cards
Normalization
Trap Door
14. Occupant Emergency Plan - Employees are the most important!
OEP
Embezzlement
Raid 0 - 1 - 3 - 5
Quality Assurance
15. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Teardrop
Kerberos
Tailgating / Piggybacking
Authorization creep
16. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Raid 0 - 1 - 3 - 5
Burden of Proof
AES (Advanced Encryption Standard)
Illegal/Unethical
17. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
CD-Rom
Polymorphic
Warm Site
Virtual Memory/Pagefile.sys
18. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Macro
Key Escrow
RADIUS (Remote authentication dial-in user service)
Covert channels
19. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Two-Factor Authentication
Senior Management
Debug
Hash
20. Signal degradation as it moves farther from its source
Incentive programs
Attenuation
SLE (Single Loss Expectancy or Exposure)
Centralized
21. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Separation of duties
Attenuation
Due Care
Passive attacks
22. A site that has some equipment in place - and can be up within days
Format 7 times
Warm Site
Illegal/Unethical
Fences
23. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
ARO (Annualized Rate of Occurrence)
PAP (Password Authentication Protocol)
Replay
VLANs
24. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Reciprocal agreement
Hackers
Digital certificates
Incentive programs
25. Chief Executive Officer
Noise & perturbation
CEO
CRC (Cyclic Redundancy Check)
Software
26. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Bugtraq
Multitasking
Attenuation
Finger scanning
27. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Separation of duties
SLE (Single Loss Expectancy or Exposure)
Accountability
CORBA
28. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Two-Factor Authentication
Brute Force
Certification
Cookies
29. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Hearsay Evidence
Masquerade
ActiveX Object Linking and Embedding
SSL/TLS
30. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Worm
Penetration testing
Mandatory vacation
Cyphertext only
31. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Polymorphism
Data Mart
ROT-13
Fraud
32. Access control method for database based on the content of the database to provide granular access
Risk Management
Software
War driving
Content dependant
33. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Security kernel
TACACS (Terminal access controller access control system)
ALE (Annualized Loss Expectancy)
Expert systems
34. The practice of obtaining confidential information by manipulation of legitimate users.
CGI (The Common Gateway Interface)
CORBA
Clipper Chip
Social engineering
35. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
DHCP
Vulnerability analysis tools
Coax
Packet Sniffing
36. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Fiber optic
Private Addressing
Risk Acceptance
Diffie-Hellman
37. Providing verification to a system
DCOM
Authentication
Fraggle
Vulnerability analysis tools
38. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
ALE (Annualized Loss Expectancy)
Hearsay Evidence
Script
Brewer-Nash model
39. Transferring your risk to someone else - typically an insurance company
Incentive programs
l0pht
Risk Transferring
User
40. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Security kernel
Finger printing
Hot Site
Tailgating / Piggybacking
41. Network devices that operate at layer 3. This device separates broadcast domains.
MOM
Two-Factor Authentication
Routers
Encryption
42. An attempt to trick the system into believing that something false is real
Patent
Hoax
Encryption
Back door/ trap door/maintenance hook
43. An instance of a scripting language
Script
Coax
Eavesdropping
Due Care
44. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
SSL/TLS
Entrapment
Wiretapping
Firewall types
45. A hidden communications channel on a system that allows for the bypassing of the system security policy
Cookies
Covert channels
FAR/FRR/CER
Raid 0 - 1 - 3 - 5
46. Motivational tools for employee awareness to get them to report security flaws in an organization
Incentive programs
Hubs
Schema
Reciprocal agreement
47. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Senior Management
Joke
Packet Sniffing
Centralized
48. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
TCB
Clipper Chip
Hubs
Asset Value
49. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
War driving
Skipjack
Artificial Neural Networks (ANN)
Trade Secret
50. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Aggregation
ROT-13
Object Oriented Programming
Coax