SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A network that uses proprietary protocols
Closed network
Risk Acceptance
Java
Entrapment
2. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Finger printing
Due Diligence
Out of band
Hubs
3. When two or more processes are linked and execute multiple programs simultaneously
Probing
/etc/passwd
Technical - Administrative - Physical
Multiprocessing
4. The process of reducing your risks to an acceptable level based on your risk analysis
Session Hijacking
ARP (Address Resolution Protocol)
Rolling hot sites
Risk Mitigation
5. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
TCB
Separation of duties
Granularity
Halon
6. Jumping into dumpsters to retrieve information about someone/something/a company
Spoofing
WAP (Wireless Application Protocol)
Dumpster diving
ALE (Annualized Loss Expectancy)
7. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Key Escrow
Clipping levels
Boot-sector Virus
Compiler
8. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Detective - Preventive - Corrective
Checksum
Common criteria
Cookies
9. Motivational tools for employee awareness to get them to report security flaws in an organization
Incentive programs
Raid 0 - 1 - 3 - 5
Hardware
Rolling hot sites
10. Something used to put out a fire. Can be in Classes A - B - C - D - or H
VPN (Virtual Private Network)
Fire extinguisher
Routers
Biometric profile
11. Computer Incident Response Team
Patriot Act
Nonce
CIRT
UUEncode
12. Network Address Translation
Malware
WAP (Wireless Application Protocol)
NAT
TCP Wrappers
13. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Birthday attack
Spoofing
Dumpster diving
Guards
14. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
WAP (Wireless Application Protocol)
Out of band
CEO
DCOM
15. Distributed Component Object Model. Microsoft's implementation of CORBA.
Exit interview
Termination procedures
SQL (Structured Query Language)
DCOM
16. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
MitM
Patent
Risk Mitigation
Multiprocessing
17. In cryptography - it is a block cipher
DHCP
OLE
Skipjack
Tort
18. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Object Oriented Programming
CHAP
ARO (Annualized Rate of Occurrence)
Raid 0 - 1 - 3 - 5
19. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Fiber optic
Halon
Tokens
DCOM
20. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Callback Security/Call Forwarding
Honey pot
Logic bomb
Diffie-Hellman
21. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Spoofing
CRC (Cyclic Redundancy Check)
Due Diligence
Finger printing
22. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
DMZ
Toneloc
Logic bomb
Well-known ports
23. Access control method for database based on the content of the database to provide granular access
Content dependant
Illegal/Unethical
Spoofing
Attenuation
24. A technique to eliminate data redundancy.
Bugtraq
ISDN (Integrated Services Digital Network)
Content dependant
Normalization
25. When one key of a two-key pair has more encryption pattern than the other
Hash
Asymmetric
Buffer overflow
SSO (Single sign-on)
26. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Risk Management
ISDN (Integrated Services Digital Network)
CEO
27. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Open network
Repeaters
Security kernel
ARP (Address Resolution Protocol)
28. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
SSO (Single sign-on)
Teardrop
Bugtraq
Raid 0 - 1 - 3 - 5
29. Once authenticated - the level of access you have to a system
Authorization
Man trap
Guards
Dogs
30. Chief Information Officer
Digital signing
CIO
Finger printing
Quality Assurance
31. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Closed network
ROT-13
DMZ
CGI (The Common Gateway Interface)
32. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
War dialing
EF (Exposure Factor)
Data Mart
IRC
33. Continuation of Operations Plan
Covert channels
IAB
Toneloc
COOP
34. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Java
Trojan horses
Dogs
DOS
35. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Block cipher
Bugtraq
Privacy Act of 1974
Illegal/Unethical
36. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Illegal/Unethical
Hackers
TCP Wrappers
Job rotation
37. Repeats the signal. It amplifies the signal before sending it on.
Security Awareness Training
Classes of IP networks
Two-Factor Authentication
Repeaters
38. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
SSH
ROT-13
Embezzlement
Spoofing
39. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Script
Data Mart
Worm
Finger printing
40. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
BIOS
DMZ
Multiprocessing
Brute Force
41. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Private Addressing
Hardware
Multipartite
/etc/passwd
42. Encompasses Risk Analysis and Risk Mitigation
Technical - Administrative - Physical
VLANs
Risk Management
CIO
43. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Dictionary Attack
Decentralized
Attenuation
Multiprocessing
44. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Due Care
Data Mart
Copyright
Motion detector
45. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
AES (Advanced Encryption Standard)
VLANs
Aggregation
MitM
46. Good for distance - longer than 100M
/etc/passwd
Coax
Routers
Rijndael
47. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Firmware
Guards
Warm Site
Tailgating / Piggybacking
48. An attempt to trick the system into believing that something false is real
COM
Decentralized
Trade Secret
Hoax
49. After implementing countermeasures - accepting risk for the amount of vulnerability left over
DAD
Quantitative
Risk Acceptance
Multipartite
50. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Active attacks
TCSEC
Security Perimeter
Hoax
