SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Noise & perturbation
Masquerade
RAM (Random-access memory)
DNS cache poisoning
2. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Cryptanalysis
Patriot Act
Finger printing
Brute Force
3. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Replay
Change management
Acceptable use
Logic bomb
4. Encompasses Risk Analysis and Risk Mitigation
Risk Management
Bugtraq
Brute Force
SYN Flood
5. These viruses usually infect both boot records and files.
Multipartite
WTLS (Wireless Transport Layer Security)
Accountability
Risk Transferring
6. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Accreditation
Repeaters
DDOS
War driving
7. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Cryptanalysis
Key Escrow
Dictionary Attack
Boot-sector Virus
8. Occupant Emergency Plan - Employees are the most important!
IAB
Mandatory vacation
Object Oriented Programming
OEP
9. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
DMZ
Hardware
DAD
Symmetric
10. Accepting all packets
Out of band
Promiscuous mode
Normalization
Man trap
11. A hidden communications channel on a system that allows for the bypassing of the system security policy
Schema
CD-Rom
Asset Value
Covert channels
12. Relating to quality or kind. This assigns a level of importance to something.
TCB
EF (Exposure Factor)
Qualitative
Illegal/Unethical
13. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Termination procedures
Virtual machine
SLE (Single Loss Expectancy or Exposure)
Two-Factor Authentication
14. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Fraud
Java
Teardrop
Burden of Proof
15. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Macro
OLE
RAM (Random-access memory)
Service packs
16. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Script kiddies
Schema
Hash
l0pht
17. Transferring your risk to someone else - typically an insurance company
Keystroke logging
Risk Transferring
Closed network
Asymmetric
18. The person that controls access to the data
WAP (Wireless Application Protocol)
Custodian
COOP
Throughput of a Biometric System
19. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Cold Site
Trojan horses
Repeaters
Entrapment
20. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Due Diligence
CGI (The Common Gateway Interface)
Polymorphism
Fraud
21. Be at least 8 foot tall and have three strands of barbed wire.
Multitasking
BIOS
Fences
l0pht
22. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Replay
Risk Analysis
Trap Door
Decentralized
23. Signal degradation as it moves farther from its source
Malware
FAR/FRR/CER
Promiscuous mode
Attenuation
24. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Cyphertext only
Crosstalk
Cold Site
Incentive programs
25. A military standard defining controls for emanation protection
TEMPEST
Finger printing
Security through obscurity
Hearsay Evidence
26. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Centralized
Inference
CEO
Dumpster diving
27. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
War dialing
Firmware
WTLS (Wireless Transport Layer Security)
Finger printing
28. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Noise & perturbation
Penetration testing
Scanning
Block cipher
29. In the broadest sense - a fraud is a deception made for personal gain
Fraud
Guards
Dogs
Halon
30. These can be used to verify that public keys belong to certain individuals.
Digital certificates
Base-64
Code of ethics
Entrapment
31. The real cost of acquiring/maintaining/developing a system
DNS cache poisoning
Asset Value
Risk Analysis
Tokens
32. Entails planning and system actions to ensure that a project is following good quality management practices
Quality Assurance
Exit interview
Software
IAB
33. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Fire extinguisher
Skipjack
Hash
Cyphertext only
34. Closed Circuit Television
Crosstalk
CCTV
Brewer-Nash model
TCB
35. Random Number Base
SLE (Single Loss Expectancy or Exposure)
Repeaters
Nonce
VLANs
36. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
CCTV
SYN Flood
Quantitative
Block cipher
37. Providing verification to a system
Authentication
PAP (Password Authentication Protocol)
SESAME
Classes of IP networks
38. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Sabotage
Fraggle
CHAP
Trojan horses
39. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Termination procedures
Closed network
Skipjack
SQL (Structured Query Language)
40. Animals with teeth. Not as discriminate as guards
Separation of duties
Patent
Dogs
Hubs
41. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Diffie-Hellman
Senior Management
Hackers
Risk Analysis
42. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
IAB
Probing
Passive attacks
Cyphertext only
43. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Penetration testing
Bastion hosts
Compiler
Aggregation
44. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Teardrop
OLE
Probing
Hash
45. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Polymorphism
Decentralized
Substitution
Joke
46. When two or more processes are linked and execute multiple programs simultaneously
COM
TCP Wrappers
Centralized
Multiprocessing
47. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
BIOS
Teardrop
Crosstalk
Due Care
48. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Trademark
ALE (Annualized Loss Expectancy)
Dogs
Software development lifecycle
49. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Multithreading
Hash
Privacy Act of 1974
Expert systems
50. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Session Hijacking
SLE (Single Loss Expectancy or Exposure)
SSL/TLS
Throughput of a Biometric System
