SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Accepting all packets
Worm
Promiscuous mode
Crosstalk
TCB
2. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Noise & perturbation
/etc/passwd
Teardrop
SSH
3. Defines the objects and their attributes that exist in a database.
Schema
Virtual Memory/Pagefile.sys
Certification
Eavesdropping
4. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Two-Factor Authentication
Brute Force
Scanning
SQL (Structured Query Language)
5. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
SYN Flood
Masquerade
Firmware
Authorization creep
6. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Passive attacks
SLE (Single Loss Expectancy or Exposure)
Security through obscurity
Rolling hot sites
7. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Authorization
SSH
Degausser
Certification
8. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Buffer overflow
Asymmetric
DDOS
Common criteria
9. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Passive attacks
Username/password
Non-repudiation
Multiprocessing
10. The ability to have more than one thread associated with a process
Multithreading
Object Oriented Programming
Teardrop
Dumpster diving
11. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Passive attacks
Call tree
Man trap
Separation of duties
12. Providing verification to a system
Authentication
Well-known ports
Data Mart
Software
13. Emanations from one wire coupling with another wire
WAP (Wireless Application Protocol)
Halon
Crosstalk
Security Awareness Training
14. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
SSL/TLS
Risk Acceptance
Tailgating / Piggybacking
WTLS (Wireless Transport Layer Security)
15. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Diffie-Hellman
Accreditation
SSL/TLS
Fiber optic
16. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
ROM (Read-only memory)
Hearsay Evidence
Brewer-Nash model
DAD
17. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Reciprocal agreement
TCB
MitM
CD-Rom
18. Threat to physical security.
Fire extinguisher
Sabotage
Biometrics
Entrapment
19. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Promiscuous mode
Worm
SSO (Single sign-on)
PKI
20. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Honey pot
DNS cache poisoning
Due Care
Halon
21. Once authenticated - the level of access you have to a system
Authorization
CIA
Checksum
Clipper Chip
22. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
CEO
Authorization
Asymmetric
ActiveX Object Linking and Embedding
23. Same as a block cipher except that it is applied to a data stream one bit at a time
Coax
Stream cipher
Multithreading
SSH
24. These can be used to verify that public keys belong to certain individuals.
Compiler
Guards
Degausser
Digital certificates
25. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Termination procedures
SYN Flood
Accreditation
Acceptable use
26. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
DOS
Content dependant
Logic bomb
Phreaker
27. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
War dialing
Back door/ trap door/maintenance hook
EF (Exposure Factor)
28. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Repeaters
Hacker
TACACS (Terminal access controller access control system)
Promiscuous mode
29. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Firewall types
War dialing
Privacy Act of 1974
Dictionary Attack
30. More discriminate than dogs
Guards
CIO
Substitution
Trap Door
31. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Repeaters
TCSEC
Transposition
Compiler
32. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Trade Secret
Base-64
Keystroke logging
Security Awareness Training
33. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Acceptable use
Rolling hot sites
Two-Factor Authentication
Senior Management
34. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
Virtual Memory/Pagefile.sys
CD-Rom
Warm Site
Non-repudiation
35. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Finger printing
Sabotage
Hot Site
Security Perimeter
36. Chief Information Officer
TACACS (Terminal access controller access control system)
User
CIO
Trade Secret
37. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Senior Management
Phreaker
Penetration testing
Embezzlement
38. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Software
Masquerade
Hoax
Salami Slicing
39. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Active attacks
Sabotage
Detective - Preventive - Corrective
Digest
40. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Debug
DDOS
Asset Value
Object Oriented Programming
41. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Clipper Chip
Halon
Multitasking
SESAME
42. In a separation of duties model - this is where code is checked in and out
TCP Wrappers
DDOS
COM
Software librarian
43. Network Address Translation
Trojan horses
NAT
Toneloc
User
44. Also known as a tunnel)
Entrapment
Due Care
VPN (Virtual Private Network)
Embezzlement
45. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Callback Security/Call Forwarding
Cookies
Base-64
Centralized
46. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Multitasking
Format 7 times
Audit Trail
Keystroke logging
47. Public Key Infrastructure
PKI
Entrapment
Technical - Administrative - Physical
Cookies
48. Assuming someone's session who is unaware of what you are doing
Two-Factor Authentication
Session Hijacking
EF (Exposure Factor)
Fiber optic
49. Entails planning and system actions to ensure that a project is following good quality management practices
Change management
Data Mart
Quality Assurance
Joke
50. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Script kiddies
Raid 0 - 1 - 3 - 5
DNS cache poisoning
Attenuation
