SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An instance of a scripting language
Burden of Proof
Script
CD-Rom
Firmware
2. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Quantitative
Transposition
Polymorphic
Risk Mitigation
3. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Open network
Technical - Administrative - Physical
CD-Rom
Macro
4. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
WTLS (Wireless Transport Layer Security)
Debug
Brewer-Nash model
DCOM
5. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Carnivore
BIA
Guards
Script
6. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Callback Security/Call Forwarding
AES (Advanced Encryption Standard)
Security through obscurity
Rijndael
7. The act of identifying yourself. Providing your identity to a system
Social engineering
Identification
Base-64
Polymorphic
8. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Detective - Preventive - Corrective
Caesar Cipher
Security through obscurity
DMZ
9. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Software librarian
DAD
Joke
Caesar Cipher
10. Also known as a tunnel)
Well-known ports
VPN (Virtual Private Network)
Expert System
Throughput of a Biometric System
11. Scanning the airwaves for radio transmissions
Granularity
Mandatory vacation
Decentralized
Scanning
12. Component Object Model.
Due Diligence
Session Hijacking
Patriot Act
COM
13. Threat to physical security.
Authorization creep
CHAP
ALE (Annualized Loss Expectancy)
Sabotage
14. A military standard defining controls for emanation protection
TEMPEST
Hubs
Quality Assurance
Bastion hosts
15. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Bugtraq
CEO
Key Escrow
Incentive programs
16. These viruses usually infect both boot records and files.
Brewer-Nash model
Warm Site
Multipartite
Enticement
17. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Back door/ trap door/maintenance hook
Mandatory vacation
Hash
Buffer overflow
18. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Carnivore
FAR/FRR/CER
TACACS (Terminal access controller access control system)
CGI (The Common Gateway Interface)
19. A network entity that provides a single entrance / exit point to the Internet.
Debug
Risk Analysis
Bastion hosts
Reciprocal agreement
20. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Data remanence
Quantitative
Digital certificates
CORBA
21. To not be legal (as far as law is concerned) or ethical
Multiprocessing
Illegal/Unethical
Copyright
Encryption
22. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Inference
Passive attacks
Fire extinguisher
Termination procedures
23. Encompasses Risk Analysis and Risk Mitigation
Kerberos
Firewall types
ROM (Read-only memory)
Risk Management
24. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
l0pht
TEMPEST
Enticement
Trap Door
25. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
ROT-13
Risk Analysis
ARP (Address Resolution Protocol)
Tort
26. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Spoofing
Promiscuous mode
IRC
Biometric profile
27. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Transposition
Session Hijacking
ActiveX Object Linking and Embedding
Data remanence
28. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Dogs
Active attacks
Digest
Brute force
29. Basic Input/Output System
BIOS
Symmetric
Java
Promiscuous mode
30. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Replay
Fire extinguisher
Common criteria
Authorization
31. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
RADIUS (Remote authentication dial-in user service)
CD-Rom
Base-64
Cryptanalysis
32. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Due Diligence
Raid 0 - 1 - 3 - 5
ROT-13
Fire extinguisher
33. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Exit interview
SSH
Due Care
Cryptanalysis
34. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Object Oriented Programming
Non-repudiation
Rijndael
War dialing
35. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Multithreading
Digital certificates
SSL/TLS
IAB
36. A network that uses standard protocols (TCP/IP)
Open network
SESAME
Logic bomb
Security Awareness Training
37. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Cyphertext only
Normalization
DNS cache poisoning
Joke
38. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Tokens
Fiber optic
TCB
Fraggle
39. Also civil law
Tort
Separation of duties
Routers
Phreaker
40. Using ICMP to diagram a network
Trade Secret
Quality Assurance
Probing
Bugtraq
41. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
SYN Flood
AES (Advanced Encryption Standard)
Keystroke logging
Asymmetric
42. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
FAR/FRR/CER
Trade Secret
Due Care
Content dependant
43. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Security Perimeter
Qualitative
War driving
Two-Factor Authentication
44. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
CD-Rom
VLANs
ARP (Address Resolution Protocol)
Authorization
45. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
/etc/passwd
Noise & perturbation
Reciprocal agreement
Security Perimeter
46. Involving the measurement of quantity or amount.
ActiveX Object Linking and Embedding
Digital signing
Joke
Quantitative
47. Be at least 8 foot tall and have three strands of barbed wire.
Risk Transferring
Macro
Routers
Fences
48. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Custodian
MitM
Risk Acceptance
Skipjack
49. These can be used to verify that public keys belong to certain individuals.
CIA
Clipper Chip
Digital certificates
Security kernel
50. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Private Addressing
Rolling hot sites
Polymorphic
Noise & perturbation