SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Be at least 8 foot tall and have three strands of barbed wire.
VLANs
Fences
Rijndael
SYN Flood
2. Someone whose hacking is primarily targeted at the phone systems
Patent
Logic bomb
Phreaker
Wiretapping
3. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Clipping levels
OEP
Cyphertext only
Back door/ trap door/maintenance hook
4. The intercepting of conversations by unintended recipients
Well-known ports
Eavesdropping
Virtual machine
Exit interview
5. Transferring your risk to someone else - typically an insurance company
Honey pot
Risk Transferring
Senior Management
Kerberos
6. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Compiler
Sabotage
Accreditation
Repeaters
7. Basic Input/Output System
Toneloc
Bastion hosts
BIOS
CIO
8. Enticing people to hit your honeypot to see how they try to access your system.
Virtual machine
Logic bomb
Enticement
Software development lifecycle
9. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Transposition
Rolling hot sites
Bugtraq
RADIUS (Remote authentication dial-in user service)
10. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Hubs
Clipping levels
Out of band
Separation of duties
11. In the broadest sense - a fraud is a deception made for personal gain
War driving
Fraud
War dialing
Polymorphism
12. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Sniffing
Coax
Debug
CCTV
13. The output of a hash function is a digest.
Non-repudiation
FAR/FRR/CER
COM
Digest
14. Motivational tools for employee awareness to get them to report security flaws in an organization
Illegal/Unethical
Entrapment
Incentive programs
Macro
15. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Clipper Chip
Phreaker
Smurf
CEO
16. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Normalization
DMZ
Audit Trail
Penetration testing
17. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Session Hijacking
ROT-13
VPN (Virtual Private Network)
Digital signing
18. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Active attacks
Scanning
Quality Assurance
Caesar Cipher
19. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
SSH
BIA
Hearsay Evidence
20. The real cost of acquiring/maintaining/developing a system
ROM (Read-only memory)
Asset Value
Hoax
ActiveX Object Linking and Embedding
21. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Degausser
Skipjack
Inference
CHAP
22. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
DDOS
Brute force
Multipartite
Social engineering
23. Network Address Translation
Detective - Preventive - Corrective
NAT
Accountability
ALE (Annualized Loss Expectancy)
24. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Private Addressing
Man trap
Teardrop
Security Awareness Training
25. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
EF (Exposure Factor)
Twisted pair
Cookies
Replay
26. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
FAR/FRR/CER
BIA
User
Due Diligence
27. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Cold Site
Inference
Security through obscurity
Trade Secret
28. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
ActiveX Object Linking and Embedding
TCSEC
Senior Management
Security Perimeter
29. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Due Care
Accountability
OEP
Finger scanning
30. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Entrapment
Reciprocal agreement
Brute Force
Bugtraq
31. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Fraggle
Content dependant
War dialing
Smart cards
32. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Quality Assurance
Smurf
Wiretapping
Incentive programs
33. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Sniffing
AES (Advanced Encryption Standard)
TCSEC
TEMPEST
34. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
SSH
Entrapment
Social engineering
SSL/TLS
35. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Virtual Memory/Pagefile.sys
Authorization
Software development lifecycle
Job rotation
36. Personal - Network - and Application
IAB
Trademark
Firewall types
CORBA
37. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Session Hijacking
Aggregation
Eavesdropping
Java
38. The user
User
Hackers
IRC
Guards
39. The ability to have more than one thread associated with a process
Multithreading
CIO
Decentralized
Sniffing
40. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Privacy Act of 1974
Authorization creep
Echelon
Risk Mitigation
41. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Smart cards
Block cipher
SSO (Single sign-on)
VLANs
42. The art of breaking code. Testing the strength of an algorithm.
Software librarian
BIA
ISDN (Integrated Services Digital Network)
Cryptanalysis
43. Making individuals accountable for their actions on a system typically through the use of auditing
Accountability
Data Mart
Carnivore
Multitasking
44. 'If you cant see it - its secure'. Bad policy to live by.
Quality Assurance
Keystroke logging
Authentication
Security through obscurity
45. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
IAB
Risk Management
Active attacks
CRC (Cyclic Redundancy Check)
46. Access control method for database based on the content of the database to provide granular access
Asymmetric
Fiber optic
Content dependant
Illegal/Unethical
47. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
DOS
Embezzlement
Encryption
Artificial Neural Networks (ANN)
48. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Authorization creep
Trap Door
Fire extinguisher
Joke
49. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Schema
Two-Factor Authentication
TCP Wrappers
Cookies
50. Jumping into dumpsters to retrieve information about someone/something/a company
Degausser
Session Hijacking
Eavesdropping
Dumpster diving