SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Random Number Base
Non-repudiation
BIA
Nonce
Risk Analysis
2. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
WTLS (Wireless Transport Layer Security)
Change management
Session Hijacking
Bugtraq
3. Same as a block cipher except that it is applied to a data stream one bit at a time
War driving
Polymorphism
Phreaker
Stream cipher
4. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Wiretapping
Multithreading
Joke
Passive attacks
5. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Software development lifecycle
COM
Authorization creep
Enticement
6. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Transposition
ActiveX Object Linking and Embedding
Toneloc
Throughput of a Biometric System
7. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Teardrop
Twisted pair
Debug
Penetration testing
8. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Risk Mitigation
Wiretapping
Checksum
Security through obscurity
9. A gas used in fire suppression. Not human safe. Chemical reaction.
Phreaker
Digital certificates
Artificial Neural Networks (ANN)
Halon
10. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Entrapment
VLANs
Risk Acceptance
DAD
11. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Cold Site
Smart cards
Trade Secret
Hoax
12. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Object Oriented Programming
SYN Flood
Warm Site
Toneloc
13. Basic Input/Output System
SSH
BIOS
Macro
Quantitative
14. Defines the objects and their attributes that exist in a database.
ROM (Read-only memory)
SSL/TLS
Schema
VLANs
15. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Authorization creep
Carnivore
CGI (The Common Gateway Interface)
Joke
16. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Callback Security/Call Forwarding
Substitution
Compiler
IRC
17. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Keystroke logging
Firewall types
CD-Rom
Diffie-Hellman
18. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
Username/password
Exit interview
Schema
WTLS (Wireless Transport Layer Security)
19. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Active attacks
MOM
WAP (Wireless Application Protocol)
Job rotation
20. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
Fire extinguisher
Cryptanalysis
Hackers
21. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Centralized
Reciprocal agreement
Termination procedures
Open network
22. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
CRC (Cyclic Redundancy Check)
Virtual Memory/Pagefile.sys
Security Awareness Training
Birthday attack
23. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Sabotage
Call tree
Security Perimeter
Spoofing
24. A network that uses proprietary protocols
Closed network
SQL (Structured Query Language)
Rolling hot sites
Certification
25. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Artificial Neural Networks (ANN)
TCB
Accountability
Multiprocessing
26. To not be legal (as far as law is concerned) or ethical
Multiprocessing
TCP Wrappers
Illegal/Unethical
Software
27. Also civil law
Caesar Cipher
CIA
CHAP
Tort
28. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Callback Security/Call Forwarding
VLANs
OSI Model
Clipping levels
29. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
ISDN (Integrated Services Digital Network)
Quantitative
Tort
Buffer overflow
30. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Risk Acceptance
Well-known ports
Audit Trail
Twisted pair
31. Must be in place for you to use a biometric system
Biometric profile
Accreditation
WTLS (Wireless Transport Layer Security)
Attenuation
32. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Skipjack
Brewer-Nash model
ActiveX Object Linking and Embedding
Hash
33. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Hearsay Evidence
CGI (The Common Gateway Interface)
Security Perimeter
Artificial Neural Networks (ANN)
34. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
TACACS (Terminal access controller access control system)
Risk Acceptance
UUEncode
Trojan horses
35. These viruses usually infect both boot records and files.
Change management
Echelon
Multipartite
Aggregation
36. Chief Executive Officer
CORBA
Malware
RADIUS (Remote authentication dial-in user service)
CEO
37. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Halon
Service packs
SQL (Structured Query Language)
DCOM
38. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Authorization
Data remanence
Mandatory vacation
Certification
39. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Smart cards
DOS
Authorization creep
Symmetric
40. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Acceptable use
Java
Quantitative
TCSEC
41. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Authorization creep
CIA
VPN (Virtual Private Network)
Caesar Cipher
42. Object Linking and Embedding. The ability of an object to be embedded into another object.
TCP Wrappers
Echelon
COM
OLE
43. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Man trap
DMZ
Encryption
Hardware
44. Chief Information Officer
Mandatory vacation
CORBA
CIO
Reciprocal agreement
45. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Embezzlement
Block cipher
SSL/TLS
BIOS
46. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Substitution
Non-repudiation
Buffer overflow
Crosstalk
47. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Technical - Administrative - Physical
Accountability
SSH
Tokens
48. Disclosure - Alteration - Destruction. These things break the CIA triad
Stream cipher
COM
DAD
Probing
49. In cryptography - it is a block cipher
Key Escrow
Callback Security/Call Forwarding
MOM
Skipjack
50. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
SYN Flood
Caesar Cipher
COOP
Finger printing