SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Birthday attack
Firewall types
Keystroke logging
Non-repudiation
2. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Owner
Expert System
Hash
Malware
3. Rolling command center with UPS - satellite - uplink - power - etc.
Rolling hot sites
Expert System
Call tree
Qualitative
4. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Non-repudiation
Format 7 times
BIA
Skipjack
5. Chief Executive Officer
Centralized
OEP
CEO
Multithreading
6. Motive - Opportunity - and Means. These deal with crime.
Digital signing
Guards
Audit Trail
MOM
7. Involving the measurement of quantity or amount.
Virtual machine
Switches / Bridges
Quantitative
Key Escrow
8. After implementing countermeasures - accepting risk for the amount of vulnerability left over
VLANs
Risk Acceptance
DOS
Guards
9. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
ROT-13
Digest
Trap Door
Hacker
10. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
PKI
Change management
Audit Trail
RADIUS (Remote authentication dial-in user service)
11. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Fraud
Replay
Burden of Proof
Sniffing
12. Network devices that operate at layer 3. This device separates broadcast domains.
User
/etc/passwd
Routers
Dogs
13. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Classes of IP networks
Guards
War driving
Fraggle
14. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
Honey pot
OSI Model
ActiveX Object Linking and Embedding
15. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Owner
Reciprocal agreement
Caesar Cipher
Two-Factor Authentication
16. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
l0pht
DAD
SESAME
Tailgating / Piggybacking
17. Animals with teeth. Not as discriminate as guards
Transposition
Dogs
Guards
Common criteria
18. To not be legal (as far as law is concerned) or ethical
Private Addressing
Vulnerability analysis tools
Illegal/Unethical
Polymorphic
19. A network entity that provides a single entrance / exit point to the Internet.
Classes of IP networks
Mandatory vacation
Service packs
Bastion hosts
20. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Joke
CIO
Coax
Due Care
21. Closed Circuit Television
CCTV
DAD
IRC
Wiretapping
22. A network that uses proprietary protocols
Packet Sniffing
Acceptable use
Content dependant
Closed network
23. An attempt to trick the system into believing that something false is real
Multipartite
DOS
Throughput of a Biometric System
Hoax
24. The output of a hash function is a digest.
Private Addressing
Dictionary Attack
Digest
Skipjack
25. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Kerberos
Inference
CIA
Worm
26. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Data remanence
Classes of IP networks
Phreaker
Non-repudiation
27. Occupant Emergency Plan - Employees are the most important!
Multipartite
Authorization
OEP
Active attacks
28. A military standard defining controls for emanation protection
TEMPEST
IRC
Trojan horses
Risk Acceptance
29. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
BIA
Throughput of a Biometric System
CIO
Risk Analysis
30. Distributed Component Object Model. Microsoft's implementation of CORBA.
Open network
Raid 0 - 1 - 3 - 5
IRC
DCOM
31. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Vulnerability analysis tools
Non-repudiation
SSO (Single sign-on)
Buffer overflow
32. Software designed to infiltrate or damage a computer system - without the owner's consent.
Session Hijacking
Hot Site
Malware
SLE (Single Loss Expectancy or Exposure)
33. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Aggregation
Telnet
Halon
Brewer-Nash model
34. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Compiler
BIA
Code of ethics
TCSEC
35. This is an open international standard for applications that use wireless communications.
VPN (Virtual Private Network)
WAP (Wireless Application Protocol)
Sabotage
Sniffing
36. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
ROT-13
Patriot Act
Script
Spoofing
37. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
PKI
Motion detector
ROM (Read-only memory)
Dictionary Attack
38. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Copyright
Encryption
Callback Security/Call Forwarding
Out of band
39. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Software development lifecycle
Out of band
CGI (The Common Gateway Interface)
WAP (Wireless Application Protocol)
40. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Tailgating / Piggybacking
Private Addressing
Change management
Worm
41. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
CORBA
Routers
Key Escrow
Noise & perturbation
42. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
CCTV
Diffie-Hellman
OLE
43. A gas used in fire suppression. Not human safe. Chemical reaction.
Content dependant
Masquerade
Expert System
Halon
44. When security is managed at many different points in an organization
DAD
MOM
Risk Management
Decentralized
45. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Repeaters
Technical - Administrative - Physical
Dictionary Attack
Smurf
46. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
Symmetric
Classes of IP networks
Accreditation
47. Method of authenticating to a system. Something that you supply and something you know.
Username/password
PKI
Virtual machine
Session Hijacking
48. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Smurf
Patriot Act
Penetration testing
COOP
49. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Smart cards
DAD
Change management
Aggregation
50. These can be used to verify that public keys belong to certain individuals.
Smart cards
Digital certificates
OEP
Fences
