SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Jumping into dumpsters to retrieve information about someone/something/a company
Risk Mitigation
ActiveX Object Linking and Embedding
Dumpster diving
Caesar Cipher
2. The person that determines the permissions to files. The data owner.
Owner
Crosstalk
SESAME
Script kiddies
3. More discriminate than dogs
Telnet
Guards
Security Perimeter
Reciprocal agreement
4. In a separation of duties model - this is where code is checked in and out
Salami Slicing
Schema
Software librarian
War driving
5. The intercepting of conversations by unintended recipients
Content dependant
Trap Door
WAP (Wireless Application Protocol)
Eavesdropping
6. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
DAD
Fraggle
ActiveX Object Linking and Embedding
WTLS (Wireless Transport Layer Security)
7. A military standard defining controls for emanation protection
TEMPEST
Patent
CGI (The Common Gateway Interface)
CIRT
8. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Macro
Teardrop
Detective - Preventive - Corrective
Security Awareness Training
9. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
SYN Flood
TCB
Common criteria
Embezzlement
10. Signal degradation as it moves farther from its source
Fire extinguisher
Authorization creep
Attenuation
Phreaker
11. A war dialing utility
Toneloc
Due Diligence
Dumpster diving
Trade Secret
12. A network that uses standard protocols (TCP/IP)
Data remanence
Dogs
Open network
TCSEC
13. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Degausser
Granularity
Packet Sniffing
Biometrics
14. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
SESAME
Fiber optic
Substitution
DMZ
15. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Guards
SSL/TLS
Well-known ports
TCSEC
16. A network that uses proprietary protocols
Closed network
Identification
Honey pot
Degausser
17. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Illegal/Unethical
Virtual Memory/Pagefile.sys
Fire extinguisher
Privacy Act of 1974
18. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
War driving
Two-Factor Authentication
Open network
Identification
19. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Call tree
Kerberos
CORBA
Incentive programs
20. Occupant Emergency Plan - Employees are the most important!
Twisted pair
Phreaker
OEP
Biometrics
21. Network Address Translation
Artificial Neural Networks (ANN)
NAT
Checksum
Owner
22. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Custodian
Halon
Substitution
Raid 0 - 1 - 3 - 5
23. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
OEP
Patriot Act
Fiber optic
Switches / Bridges
24. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
DOS
DNS cache poisoning
Cookies
Closed network
25. Assuming someone's session who is unaware of what you are doing
Key Escrow
Hardware
Telnet
Session Hijacking
26. A network that mimics the brain
Mandatory vacation
Fiber optic
Artificial Neural Networks (ANN)
Quantitative
27. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
VLANs
UUEncode
Scanning
MitM
28. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Normalization
ARO (Annualized Rate of Occurrence)
Active attacks
Echelon
29. Dynamic Host Configuration Protocol.
Cold Site
Audit Trail
DHCP
TCSEC
30. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Separation of duties
Burden of Proof
Dumpster diving
Security through obscurity
31. These viruses usually infect both boot records and files.
Security Awareness Training
Crosstalk
Multipartite
Burden of Proof
32. The process of reducing your risks to an acceptable level based on your risk analysis
OEP
Enticement
Malware
Risk Mitigation
33. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Reciprocal agreement
Vulnerability analysis tools
l0pht
Keystroke logging
34. A sandbox. Emulates an operating environment.
Virtual machine
Caesar Cipher
Accreditation
Key Escrow
35. Also known as a tunnel)
SLE (Single Loss Expectancy or Exposure)
Dictionary Attack
VPN (Virtual Private Network)
SESAME
36. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
ActiveX Object Linking and Embedding
Out of band
Embezzlement
Termination procedures
37. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
Attenuation
Passive attacks
Coax
38. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Polymorphic
Software
AES (Advanced Encryption Standard)
DHCP
39. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Expert System
Script kiddies
Data Mart
Crosstalk
40. Repeats the signal. It amplifies the signal before sending it on.
Bugtraq
Repeaters
RAM (Random-access memory)
Out of band
41. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
TCSEC
Service packs
Spoofing
Java
42. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
COM
Boot-sector Virus
ROM (Read-only memory)
DMZ
43. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Centralized
Well-known ports
EF (Exposure Factor)
Acceptable use
44. Relating to quality or kind. This assigns a level of importance to something.
Hot Site
Caesar Cipher
Brute force
Qualitative
45. After implementing countermeasures - accepting risk for the amount of vulnerability left over
VLANs
Coax
Risk Acceptance
Cyphertext only
46. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Raid 0 - 1 - 3 - 5
Aggregation
Promiscuous mode
DAD
47. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
CD-Rom
FAR/FRR/CER
Penetration testing
Classes of IP networks
48. Component Object Model.
COM
Incentive programs
Expert systems
Trojan horses
49. Chief Information Officer
CIO
Authorization
OSI Model
Active attacks
50. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
ALE (Annualized Loss Expectancy)
Key Escrow
Smurf
PAP (Password Authentication Protocol)
