SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Noise & perturbation
DDOS
Back door/ trap door/maintenance hook
RADIUS (Remote authentication dial-in user service)
2. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Detective - Preventive - Corrective
Skipjack
Checksum
Senior Management
3. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Script kiddies
CORBA
Repeaters
Finger printing
4. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
MitM
Replay
Technical - Administrative - Physical
Fences
5. Someone who hacks
Hacker
OSI Model
Due Care
Software
6. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Fire extinguisher
CCTV
Call tree
Detective - Preventive - Corrective
7. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Hash
Callback Security/Call Forwarding
Authentication
Man trap
8. The process of reducing your risks to an acceptable level based on your risk analysis
Risk Mitigation
Security Perimeter
Rolling hot sites
Two-Factor Authentication
9. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
OLE
Substitution
Trademark
Tailgating / Piggybacking
10. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Patriot Act
SSH
Technical - Administrative - Physical
Penetration testing
11. Chief Executive Officer
RAM (Random-access memory)
CEO
Fiber optic
Brute force
12. Dialing fixed sets telephone numbers looking for open modem connections to machines
Fences
Sniffing
Biometrics
War dialing
13. Rolling command center with UPS - satellite - uplink - power - etc.
Rolling hot sites
Custodian
Cookies
Worm
14. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Risk Analysis
Hoax
Joke
Exit interview
15. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Hubs
Firewall types
User
Polymorphism
16. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Embezzlement
ARO (Annualized Rate of Occurrence)
Keystroke logging
Bugtraq
17. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Stream cipher
OEP
Classes of IP networks
Accreditation
18. Occupant Emergency Plan - Employees are the most important!
Granularity
Finger printing
OEP
Tokens
19. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Change management
Cookies
Warm Site
ActiveX Object Linking and Embedding
20. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
TACACS (Terminal access controller access control system)
Decentralized
Hardware
Brute force
21. Disclosure - Alteration - Destruction. These things break the CIA triad
Promiscuous mode
Finger scanning
Burden of Proof
DAD
22. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Owner
Switches / Bridges
SSH
Hardware
23. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Checksum
BIA
Fiber optic
Risk Acceptance
24. When security is managed at a central point in an organization
Smart cards
Centralized
Audit Trail
Worm
25. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Data remanence
Acceptable use
Substitution
DMZ
26. Access control method for database based on the content of the database to provide granular access
Content dependant
Security Perimeter
Buffer overflow
Certification
27. Signal degradation as it moves farther from its source
Attenuation
Clipping levels
Asymmetric
Session Hijacking
28. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Smart cards
Macro
Exit interview
Phreaker
29. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Biometric profile
Hash
IAB
MOM
30. The practice of obtaining confidential information by manipulation of legitimate users.
Social engineering
Dogs
Joke
Bastion hosts
31. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Authorization
Diffie-Hellman
Digital certificates
Throughput of a Biometric System
32. Defines the objects and their attributes that exist in a database.
Code of ethics
Custodian
Back door/ trap door/maintenance hook
Schema
33. Network device that operates at layer 1. Concentrator.
Hubs
Multipartite
Audit Trail
Risk Transferring
34. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Accountability
Technical - Administrative - Physical
Hackers
CRC (Cyclic Redundancy Check)
35. The intercepting of conversations by unintended recipients
Twisted pair
Eavesdropping
Expert systems
Data Mart
36. Basic Input/Output System
Stream cipher
BIOS
CD-Rom
ROT-13
37. CISSPs subscribe to a code of ethics for building up the security profession
Finger printing
Termination procedures
Code of ethics
Hearsay Evidence
38. Entails planning and system actions to ensure that a project is following good quality management practices
Cryptanalysis
Exit interview
ROT-13
Quality Assurance
39. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
WTLS (Wireless Transport Layer Security)
Quality Assurance
Dumpster diving
Privacy Act of 1974
40. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Session Hijacking
TCSEC
Well-known ports
CIRT
41. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
SSO (Single sign-on)
Active attacks
Rolling hot sites
42. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Dogs
Eavesdropping
Service packs
COM
43. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Social engineering
Vulnerability analysis tools
Two-Factor Authentication
Finger scanning
44. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
DAD
Copyright
Keystroke logging
Authorization creep
45. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
SSL/TLS
OEP
Firmware
Software librarian
46. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Termination procedures
Custodian
OSI Model
Data Mart
47. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Keystroke logging
Expert System
Debug
Closed network
48. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Job rotation
Twisted pair
Sniffing
Transposition
49. A mechanism by which connections to TCP services on a system are allowed or disallowed
VPN (Virtual Private Network)
Tokens
Hearsay Evidence
TCP Wrappers
50. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
CHAP
Entrapment
Separation of duties
WTLS (Wireless Transport Layer Security)