SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
DOS
Owner
Carnivore
Caesar Cipher
2. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
Digest
Script kiddies
Hacker
CD-Rom
3. When one key of a two-key pair has more encryption pattern than the other
Finger scanning
WTLS (Wireless Transport Layer Security)
Asymmetric
Switches / Bridges
4. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Logic bomb
Due Care
TACACS (Terminal access controller access control system)
Joke
5. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Data Mart
SQL (Structured Query Language)
OEP
Hoax
6. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Polymorphism
ROT-13
Brewer-Nash model
Well-known ports
7. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Common criteria
Format 7 times
Hacker
CRC (Cyclic Redundancy Check)
8. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Passive attacks
Call tree
Illegal/Unethical
SLE (Single Loss Expectancy or Exposure)
9. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Wiretapping
Bugtraq
Trap Door
Session Hijacking
10. Accepting all packets
Aggregation
EF (Exposure Factor)
Promiscuous mode
Diffie-Hellman
11. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Smurf
Audit Trail
COOP
ISDN (Integrated Services Digital Network)
12. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Covert channels
Sabotage
Switches / Bridges
Classes of IP networks
13. Disclosure - Alteration - Destruction. These things break the CIA triad
DAD
Mandatory vacation
Risk Transferring
Hash
14. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Packet Sniffing
Call tree
CEO
Active attacks
15. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Inference
War driving
Tailgating / Piggybacking
Noise & perturbation
16. Entails planning and system actions to ensure that a project is following good quality management practices
Code of ethics
RAM (Random-access memory)
TEMPEST
Quality Assurance
17. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
ARO (Annualized Rate of Occurrence)
Artificial Neural Networks (ANN)
Hackers
Tokens
18. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Base-64
MOM
CHAP
Acceptable use
19. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Salami Slicing
Buffer overflow
Compiler
Fraud
20. A sandbox. Emulates an operating environment.
Well-known ports
Virtual machine
Software development lifecycle
CCTV
21. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Private Addressing
Teardrop
Reciprocal agreement
Risk Acceptance
22. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Java
Telnet
Digital certificates
Finger scanning
23. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Tort
Phreaker
Penetration testing
Motion detector
24. Involving the measurement of quantity or amount.
Skipjack
Phreaker
Quantitative
Malware
25. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Repeaters
Key Escrow
Teardrop
Telnet
26. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Buffer overflow
DMZ
Probing
Rijndael
27. Distributed Component Object Model. Microsoft's implementation of CORBA.
Telnet
Closed network
Multitasking
DCOM
28. Closed Circuit Television
UUEncode
Penetration testing
CCTV
Cold Site
29. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
Code of ethics
Detective - Preventive - Corrective
Polymorphic
VLANs
30. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Brute force
Copyright
Clipper Chip
Finger printing
31. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Block cipher
Smart cards
Trap Door
Custodian
32. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
WTLS (Wireless Transport Layer Security)
Diffie-Hellman
Granularity
Tokens
33. Be at least 8 foot tall and have three strands of barbed wire.
SLE (Single Loss Expectancy or Exposure)
Stream cipher
ARO (Annualized Rate of Occurrence)
Fences
34. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Sniffing
Risk Transferring
Repeaters
SSO (Single sign-on)
35. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
ROT-13
Sniffing
Masquerade
Key Escrow
36. Transferring your risk to someone else - typically an insurance company
Risk Transferring
Certification
Brewer-Nash model
DCOM
37. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
SESAME
Hardware
Quantitative
Raid 0 - 1 - 3 - 5
38. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Motion detector
Privacy Act of 1974
Nonce
Script kiddies
39. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Certification
Due Care
Fraggle
Service packs
40. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Trademark
Packet Sniffing
Crosstalk
Finger printing
41. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Firmware
Embezzlement
Polymorphic
Biometrics
42. Access control method for database based on the content of the database to provide granular access
CIA
Content dependant
Common criteria
Hubs
43. Personal - Network - and Application
Firewall types
Smart cards
Buffer overflow
Senior Management
44. Repeats the signal. It amplifies the signal before sending it on.
Aggregation
Service packs
Repeaters
Stream cipher
45. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Digital signing
Rijndael
Detective - Preventive - Corrective
VLANs
46. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Active attacks
Code of ethics
Telnet
ROM (Read-only memory)
47. The ability to have more than one thread associated with a process
Illegal/Unethical
Multithreading
Scanning
WTLS (Wireless Transport Layer Security)
48. The act of identifying yourself. Providing your identity to a system
NAT
Eavesdropping
Identification
Sabotage
49. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Patent
Change management
SSH
FAR/FRR/CER
50. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
DMZ
SQL (Structured Query Language)
Privacy Act of 1974
Multitasking