SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Out of band
Back door/ trap door/maintenance hook
Debug
Incentive programs
2. Access control method for database based on the content of the database to provide granular access
FAR/FRR/CER
Content dependant
CIA
Patriot Act
3. Public Key Infrastructure
PKI
Crosstalk
Stream cipher
Identification
4. A sandbox. Emulates an operating environment.
Qualitative
Virtual machine
SQL (Structured Query Language)
Wiretapping
5. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Inference
SSL/TLS
Security through obscurity
Warm Site
6. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Hackers
AES (Advanced Encryption Standard)
Out of band
TCB
7. More discriminate than dogs
Guards
Rijndael
Degausser
Masquerade
8. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Buffer overflow
CORBA
Hash
Quantitative
9. Distributed Component Object Model. Microsoft's implementation of CORBA.
DCOM
Clipping levels
Script
COM
10. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Code of ethics
Risk Management
BIA
Joke
11. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Digital signing
l0pht
Script kiddies
Trap Door
12. Computer Incident Response Team
CIRT
RADIUS (Remote authentication dial-in user service)
Checksum
Worm
13. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Due Care
RAM (Random-access memory)
Carnivore
Biometric profile
14. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Phreaker
Separation of duties
Expert System
Open network
15. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Trademark
Key Escrow
OEP
Polymorphism
16. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Tokens
Virtual Memory/Pagefile.sys
BIA
Passive attacks
17. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Expert System
PAP (Password Authentication Protocol)
ARO (Annualized Rate of Occurrence)
ROM (Read-only memory)
18. A site that is ready physically but has no hardware in place - all it has is HVAC
Cold Site
Multiprocessing
Diffie-Hellman
Expert System
19. Signal degradation as it moves farther from its source
Expert System
DMZ
Enticement
Attenuation
20. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Patriot Act
Risk Management
Virtual Memory/Pagefile.sys
Java
21. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
OEP
Artificial Neural Networks (ANN)
MitM
Echelon
22. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Honey pot
Script
Firmware
Teardrop
23. Ethernet - Cat5 - Twisted to allow for longer runs.
SLE (Single Loss Expectancy or Exposure)
Twisted pair
Trade Secret
Fiber optic
24. Accepting all packets
Software librarian
Acceptable use
Promiscuous mode
Tailgating / Piggybacking
25. Software designed to infiltrate or damage a computer system - without the owner's consent.
Attenuation
Finger printing
Malware
Sniffing
26. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Risk Transferring
ALE (Annualized Loss Expectancy)
Change management
Tailgating / Piggybacking
27. Relating to quality or kind. This assigns a level of importance to something.
Qualitative
Mandatory vacation
Biometrics
DOS
28. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Reciprocal agreement
Carnivore
SSO (Single sign-on)
Virtual Memory/Pagefile.sys
29. In cryptography - it is a block cipher
DOS
SYN Flood
DNS cache poisoning
Skipjack
30. Threat to physical security.
Promiscuous mode
CRC (Cyclic Redundancy Check)
VPN (Virtual Private Network)
Sabotage
31. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Stream cipher
Hoax
Risk Management
Kerberos
32. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Script kiddies
WAP (Wireless Application Protocol)
Out of band
Joke
33. Occupant Emergency Plan - Employees are the most important!
OEP
Finger scanning
Enticement
Asset Value
34. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Tokens
Warm Site
SESAME
Fences
35. A network that mimics the brain
Artificial Neural Networks (ANN)
Symmetric
Centralized
Debug
36. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Hackers
Virtual Memory/Pagefile.sys
SESAME
CORBA
37. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
TCB
Two-Factor Authentication
Logic bomb
Keystroke logging
38. The process of reducing your risks to an acceptable level based on your risk analysis
Promiscuous mode
Risk Mitigation
Copyright
AES (Advanced Encryption Standard)
39. The art of breaking code. Testing the strength of an algorithm.
Cryptanalysis
Aggregation
Identification
Script kiddies
40. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Masquerade
Accreditation
PAP (Password Authentication Protocol)
Salami Slicing
41. Assuming someone's session who is unaware of what you are doing
CIA
PKI
Session Hijacking
Raid 0 - 1 - 3 - 5
42. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Cold Site
Tokens
Audit Trail
Passive attacks
43. The person that determines the permissions to files. The data owner.
SSL/TLS
CEO
Owner
Warm Site
44. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Nonce
Code of ethics
Cyphertext only
Format 7 times
45. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Security Awareness Training
Firewall types
Polymorphic
FAR/FRR/CER
46. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Common criteria
TACACS (Terminal access controller access control system)
Echelon
OEP
47. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Key Escrow
Vulnerability analysis tools
Software
IRC
48. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
MOM
Exit interview
DOS
Code of ethics
49. A system designed to stop piggybacking.
TACACS (Terminal access controller access control system)
Back door/ trap door/maintenance hook
Man trap
Debug
50. A mechanism by which connections to TCP services on a system are allowed or disallowed
DNS cache poisoning
Risk Acceptance
Smurf
TCP Wrappers