SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
Rijndael
Multitasking
Kerberos
2. The intercepting of conversations by unintended recipients
Acceptable use
Transposition
Nonce
Eavesdropping
3. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Private Addressing
DAD
Checksum
Sniffing
4. The real cost of acquiring/maintaining/developing a system
Asset Value
TEMPEST
Wiretapping
CIO
5. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Asymmetric
Finger printing
Social engineering
User
6. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Joke
Checksum
Technical - Administrative - Physical
Hardware
7. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Multiprocessing
BIA
Username/password
Software
8. When two or more processes are linked and execute multiple programs simultaneously
Burden of Proof
Guards
Multiprocessing
Separation of duties
9. Encompasses Risk Analysis and Risk Mitigation
Entrapment
Closed network
Expert System
Risk Management
10. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Acceptable use
Patriot Act
Wiretapping
Granularity
11. When security is managed at a central point in an organization
PAP (Password Authentication Protocol)
Centralized
Sabotage
Eavesdropping
12. Method of authenticating to a system. Something that you supply and something you know.
Data remanence
Keystroke logging
Call tree
Username/password
13. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Security kernel
Polymorphism
Trojan horses
ARP (Address Resolution Protocol)
14. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Twisted pair
Change management
Hoax
Multipartite
15. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Spoofing
SLE (Single Loss Expectancy or Exposure)
DDOS
l0pht
16. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
SSH
Coax
Digital signing
l0pht
17. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Attenuation
Software
TCSEC
Kerberos
18. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
CIO
Hardware
ALE (Annualized Loss Expectancy)
Risk Analysis
19. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Polymorphism
Man trap
EF (Exposure Factor)
Twisted pair
20. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Smart cards
SESAME
Fences
SSL/TLS
21. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Termination procedures
Key Escrow
RADIUS (Remote authentication dial-in user service)
Hackers
22. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Salami Slicing
Degausser
Sabotage
Cold Site
23. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Virtual Memory/Pagefile.sys
TEMPEST
Well-known ports
CORBA
24. The process of reducing your risks to an acceptable level based on your risk analysis
Risk Mitigation
Hacker
Birthday attack
Identification
25. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
FAR/FRR/CER
Back door/ trap door/maintenance hook
Motion detector
Code of ethics
26. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Privacy Act of 1974
AES (Advanced Encryption Standard)
Warm Site
Granularity
27. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic bomb
Rolling hot sites
Diffie-Hellman
VLANs
28. These can be used to verify that public keys belong to certain individuals.
Java
Digital certificates
Acceptable use
CGI (The Common Gateway Interface)
29. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Tokens
Key Escrow
Quality Assurance
OLE
30. A mechanism by which connections to TCP services on a system are allowed or disallowed
Hacker
COM
Multipartite
TCP Wrappers
31. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Boot-sector Virus
Multitasking
Software development lifecycle
DMZ
32. Dialing fixed sets telephone numbers looking for open modem connections to machines
OLE
War dialing
Private Addressing
Finger printing
33. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Packet Sniffing
Risk Acceptance
Teardrop
Block cipher
34. Continuation of Operations Plan
SSL/TLS
COOP
Kerberos
Rijndael
35. Network device that operates at layer 1. Concentrator.
Coax
Accreditation
Hubs
l0pht
36. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Hardware
Kerberos
Biometric profile
Authorization
37. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
IAB
Session Hijacking
Authorization creep
Masquerade
38. A network that uses standard protocols (TCP/IP)
Call tree
Symmetric
Open network
Wiretapping
39. Involving the measurement of quantity or amount.
Bastion hosts
Quantitative
CHAP
IAB
40. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Biometric profile
Fraggle
RAM (Random-access memory)
Toneloc
41. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Trojan horses
TCSEC
Honey pot
PKI
42. A site that has some equipment in place - and can be up within days
Authorization
Eavesdropping
Warm Site
Call tree
43. Basic Input/Output System
BIOS
Session Hijacking
Tailgating / Piggybacking
Hearsay Evidence
44. Ethernet - Cat5 - Twisted to allow for longer runs.
Risk Acceptance
Halon
Digest
Twisted pair
45. Occupant Emergency Plan - Employees are the most important!
Fraud
Security Awareness Training
OEP
Session Hijacking
46. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Hardware
Digital signing
Caesar Cipher
Burden of Proof
47. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Virtual machine
Debug
Risk Mitigation
CCTV
48. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
Buffer overflow
Malware
ROM (Read-only memory)
Privacy Act of 1974
49. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Centralized
Switches / Bridges
Joke
Senior Management
50. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Inference
Active attacks
Promiscuous mode
Skipjack