SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Owner
Brute Force
Coax
Object Oriented Programming
2. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Halon
Data Mart
Degausser
Multithreading
3. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Software development lifecycle
l0pht
Two-Factor Authentication
Termination procedures
4. In a separation of duties model - this is where code is checked in and out
Software librarian
CIO
Birthday attack
Eavesdropping
5. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Key Escrow
Brewer-Nash model
Risk Acceptance
Tokens
6. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Copyright
User
Cyphertext only
Accreditation
7. The practice of obtaining confidential information by manipulation of legitimate users.
Social engineering
Packet Sniffing
DNS cache poisoning
Fire extinguisher
8. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Incentive programs
Firewall types
Worm
Exit interview
9. These viruses usually infect both boot records and files.
Inference
/etc/passwd
Multipartite
Embezzlement
10. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
EF (Exposure Factor)
CHAP
Throughput of a Biometric System
Buffer overflow
11. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Schema
Active attacks
Brewer-Nash model
Fiber optic
12. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
Security Awareness Training
Trap Door
Risk Transferring
13. Assuming someone's session who is unaware of what you are doing
Session Hijacking
Mandatory vacation
Hubs
SSL/TLS
14. Network devices that operate at layer 3. This device separates broadcast domains.
Routers
Software
Back door/ trap door/maintenance hook
Normalization
15. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
l0pht
Risk Mitigation
Security Perimeter
Telnet
16. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
IRC
Brute force
Change management
Non-repudiation
17. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
EF (Exposure Factor)
Acceptable use
Decentralized
Trade Secret
18. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Trojan horses
Cryptanalysis
DNS cache poisoning
Security Awareness Training
19. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
Security kernel
Multithreading
Brute force
20. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Motion detector
Fire extinguisher
ALE (Annualized Loss Expectancy)
Entrapment
21. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Echelon
Risk Mitigation
Detective - Preventive - Corrective
SLE (Single Loss Expectancy or Exposure)
22. Random Number Base
Nonce
Two-Factor Authentication
Sniffing
Schema
23. Also known as a tunnel)
Sabotage
VPN (Virtual Private Network)
Caesar Cipher
Birthday attack
24. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Authorization creep
Security Awareness Training
Fire extinguisher
Closed network
25. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Asset Value
Inference
Birthday attack
Joke
26. Must be in place for you to use a biometric system
Eavesdropping
Content dependant
Biometric profile
Covert channels
27. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Security kernel
Hackers
Technical - Administrative - Physical
Closed network
28. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
RAM (Random-access memory)
Mandatory vacation
Dictionary Attack
SSH
29. Setting up the user to access the honeypot for reasons other than the intent to harm.
Spoofing
Entrapment
Clipper Chip
BIA
30. These can be used to verify that public keys belong to certain individuals.
Digital certificates
Expert System
Eavesdropping
l0pht
31. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Carnivore
Security Perimeter
Fraggle
Due Care
32. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
DDOS
Caesar Cipher
Passive attacks
Owner
33. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
SESAME
CIO
Sabotage
Audit Trail
34. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Trojan horses
Virtual Memory/Pagefile.sys
Degausser
Callback Security/Call Forwarding
35. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Script kiddies
Hackers
Transposition
Separation of duties
36. When one key of a two-key pair has more encryption pattern than the other
TCSEC
Asymmetric
OEP
Software librarian
37. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
ARO (Annualized Rate of Occurrence)
Username/password
Guards
38. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
COOP
Replay
Data Mart
Raid 0 - 1 - 3 - 5
39. Be at least 8 foot tall and have three strands of barbed wire.
Honey pot
Biometrics
Incentive programs
Fences
40. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Multiprocessing
Tokens
Boot-sector Virus
Warm Site
41. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
ISDN (Integrated Services Digital Network)
Private Addressing
Hearsay Evidence
Cryptanalysis
42. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Exit interview
Well-known ports
Crosstalk
Boot-sector Virus
43. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
MOM
Classes of IP networks
Inference
Digital signing
44. The output of a hash function is a digest.
Repeaters
SQL (Structured Query Language)
Digest
Diffie-Hellman
45. Threat to physical security.
Sabotage
Hackers
MOM
DHCP
46. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Expert System
CGI (The Common Gateway Interface)
Active attacks
Polymorphic
47. The act of identifying yourself. Providing your identity to a system
DAD
Cyphertext only
Security Perimeter
Identification
48. Public Key Infrastructure
Out of band
OLE
Dictionary Attack
PKI
49. Using ICMP to diagram a network
Echelon
Probing
Quantitative
NAT
50. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Scanning
Mandatory vacation
Sabotage
Warm Site
