SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The frequency with which a threat is expected to occur.
Polymorphic
Bugtraq
Motion detector
ARO (Annualized Rate of Occurrence)
2. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Guards
Risk Analysis
Encryption
Tailgating / Piggybacking
3. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
DCOM
ARP (Address Resolution Protocol)
Symmetric
CCTV
4. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Quantitative
Security Awareness Training
Coax
Patriot Act
5. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
DHCP
Risk Transferring
ROT-13
Non-repudiation
6. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Well-known ports
Software
Hacker
Hardware
7. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Exit interview
Qualitative
Biometrics
Smurf
8. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Multitasking
PAP (Password Authentication Protocol)
Repeaters
Debug
9. A card that holds information that must be authenticated to before it can reveal the information that it is holding
ActiveX Object Linking and Embedding
Probing
Smart cards
Due Care
10. Assuming someone's session who is unaware of what you are doing
UUEncode
Session Hijacking
Tort
Fiber optic
11. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Replay
Packet Sniffing
Sabotage
DMZ
12. Dynamic Host Configuration Protocol.
DHCP
Format 7 times
Identification
AES (Advanced Encryption Standard)
13. A military standard defining controls for emanation protection
Hearsay Evidence
TEMPEST
Risk Transferring
Carnivore
14. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
SSO (Single sign-on)
Bastion hosts
Normalization
Brewer-Nash model
15. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Tailgating / Piggybacking
Penetration testing
SSL/TLS
Virtual Memory/Pagefile.sys
16. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Script kiddies
Exit interview
Code of ethics
User
17. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
SLE (Single Loss Expectancy or Exposure)
Encryption
Raid 0 - 1 - 3 - 5
Aggregation
18. Defines the objects and their attributes that exist in a database.
Security through obscurity
Cryptanalysis
Schema
Software librarian
19. Component Object Model.
Quantitative
COM
Digest
Man trap
20. Access control method for database based on the content of the database to provide granular access
MitM
CIA
Content dependant
Call tree
21. Jumping into dumpsters to retrieve information about someone/something/a company
Salami Slicing
Two-Factor Authentication
Dumpster diving
Trade Secret
22. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Diffie-Hellman
Script
DAD
Dumpster diving
23. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
Wiretapping
Digital signing
Brute force
Well-known ports
24. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
War driving
Crosstalk
Sabotage
SLE (Single Loss Expectancy or Exposure)
25. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
Audit Trail
DCOM
ROM (Read-only memory)
Granularity
26. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Illegal/Unethical
Risk Management
Keystroke logging
Firmware
27. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Brute force
Owner
Virtual Memory/Pagefile.sys
UUEncode
28. Object Linking and Embedding. The ability of an object to be embedded into another object.
CIRT
Two-Factor Authentication
Polymorphism
OLE
29. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
DDOS
Dictionary Attack
Object Oriented Programming
Repeaters
30. An instance of a scripting language
Halon
Script
War dialing
Coax
31. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Trojan horses
Twisted pair
Service packs
Quality Assurance
32. Entails planning and system actions to ensure that a project is following good quality management practices
Substitution
Quality Assurance
Reciprocal agreement
VPN (Virtual Private Network)
33. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Firmware
DAD
IRC
Entrapment
34. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
CD-Rom
Trap Door
War driving
Common criteria
35. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Fiber optic
Two-Factor Authentication
Nonce
Sniffing
36. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Job rotation
DMZ
SESAME
SSL/TLS
37. Accepting all packets
Quantitative
Promiscuous mode
Due Care
Fiber optic
38. Computer Incident Response Team
Certification
Nonce
CIRT
Entrapment
39. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
PAP (Password Authentication Protocol)
Teardrop
Separation of duties
ROM (Read-only memory)
40. The user
Buffer overflow
Twisted pair
Illegal/Unethical
User
41. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Fiber optic
Termination procedures
VLANs
Multitasking
42. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Caesar Cipher
VLANs
Incentive programs
Skipjack
43. The output of a hash function is a digest.
Digest
Format 7 times
Content dependant
Noise & perturbation
44. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Audit Trail
BIOS
Polymorphic
Compiler
45. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Attenuation
Guards
Granularity
FAR/FRR/CER
46. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Classes of IP networks
Birthday attack
TACACS (Terminal access controller access control system)
Trade Secret
47. Using ICMP to diagram a network
Repeaters
DAD
Probing
Qualitative
48. The art of breaking code. Testing the strength of an algorithm.
Vulnerability analysis tools
Back door/ trap door/maintenance hook
Cryptanalysis
SLE (Single Loss Expectancy or Exposure)
49. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Asset Value
Throughput of a Biometric System
CIRT
Switches / Bridges
50. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Raid 0 - 1 - 3 - 5
TCSEC
CRC (Cyclic Redundancy Check)
DOS