SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Joke
DMZ
Patriot Act
Brewer-Nash model
2. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Embezzlement
Wiretapping
Dictionary Attack
Sabotage
3. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Software development lifecycle
Base-64
Clipping levels
UUEncode
4. Be at least 8 foot tall and have three strands of barbed wire.
Multitasking
Stream cipher
Fences
Biometrics
5. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Masquerade
TEMPEST
Private Addressing
Username/password
6. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Security Perimeter
Birthday attack
Packet Sniffing
Burden of Proof
7. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Service packs
DAD
RADIUS (Remote authentication dial-in user service)
DDOS
8. A system designed to stop piggybacking.
Smart cards
Motion detector
Polymorphic
Man trap
9. In cryptography - it is a block cipher
Security through obscurity
Biometrics
Skipjack
ARP (Address Resolution Protocol)
10. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Wiretapping
CHAP
Termination procedures
Hoax
11. The act of identifying yourself. Providing your identity to a system
Dictionary Attack
Motion detector
Identification
Authorization creep
12. 'If you cant see it - its secure'. Bad policy to live by.
Security through obscurity
Buffer overflow
Nonce
CRC (Cyclic Redundancy Check)
13. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Penetration testing
Keystroke logging
Custodian
Detective - Preventive - Corrective
14. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Embezzlement
Firmware
Rolling hot sites
Symmetric
15. The process of reducing your risks to an acceptable level based on your risk analysis
Masquerade
Risk Mitigation
ALE (Annualized Loss Expectancy)
Raid 0 - 1 - 3 - 5
16. A sandbox. Emulates an operating environment.
Entrapment
Dumpster diving
Virtual machine
Security Perimeter
17. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Software
Separation of duties
DDOS
Dictionary Attack
18. Scanning the airwaves for radio transmissions
Warm Site
Qualitative
Attenuation
Scanning
19. Entails planning and system actions to ensure that a project is following good quality management practices
MitM
Quality Assurance
Cold Site
Private Addressing
20. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Risk Management
Phreaker
Checksum
Macro
21. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Quantitative
Nonce
SESAME
Senior Management
22. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
Sniffing
Replay
WTLS (Wireless Transport Layer Security)
FAR/FRR/CER
23. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Mandatory vacation
Finger scanning
Risk Mitigation
Joke
24. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
Twisted pair
Digital signing
Noise & perturbation
VLANs
25. Internet Relay Chat.
Reciprocal agreement
IRC
MitM
Identification
26. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Wiretapping
AES (Advanced Encryption Standard)
Rijndael
Checksum
27. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
OSI Model
SESAME
CHAP
Aggregation
28. A military standard defining controls for emanation protection
Halon
Polymorphism
Fire extinguisher
TEMPEST
29. Method of authenticating to a system. Something that you supply and something you know.
Fire extinguisher
Username/password
Base-64
TACACS (Terminal access controller access control system)
30. A network entity that provides a single entrance / exit point to the Internet.
Toneloc
Authorization creep
Bastion hosts
Base-64
31. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Checksum
Enticement
Joke
Rolling hot sites
32. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Certification
Degausser
VLANs
Granularity
33. This is an open international standard for applications that use wireless communications.
OLE
ROT-13
Dictionary Attack
WAP (Wireless Application Protocol)
34. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Security kernel
Guards
CIO
CRC (Cyclic Redundancy Check)
35. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Man trap
Java
Rolling hot sites
Authorization creep
36. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
Security through obscurity
Bugtraq
Enticement
37. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Probing
Quality Assurance
CIRT
Biometrics
38. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Stream cipher
Compiler
DDOS
Transposition
39. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
OEP
Firmware
Data remanence
Service packs
40. Someone whose hacking is primarily targeted at the phone systems
Warm Site
BIOS
Smurf
Phreaker
41. Public Key Infrastructure
CHAP
DDOS
PKI
Security Perimeter
42. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
SSH
Worm
Mandatory vacation
TCSEC
43. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Data remanence
Out of band
Symmetric
Warm Site
44. A site that has some equipment in place - and can be up within days
CORBA
Multitasking
Routers
Warm Site
45. Continuation of Operations Plan
Halon
Termination procedures
COOP
PAP (Password Authentication Protocol)
46. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Burden of Proof
Decentralized
Tort
47. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Worm
Quality Assurance
Rijndael
OSI Model
48. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Block cipher
Security Awareness Training
Honey pot
Substitution
49. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Man trap
Quality Assurance
Multitasking
Audit Trail
50. Someone who hacks
Hacker
DNS cache poisoning
Centralized
Clipping levels