SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptography - it is a block cipher
CRC (Cyclic Redundancy Check)
Tailgating / Piggybacking
Hacker
Skipjack
2. Same as a block cipher except that it is applied to a data stream one bit at a time
Clipper Chip
Carnivore
Stream cipher
Symmetric
3. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Technical - Administrative - Physical
Out of band
Common criteria
Eavesdropping
4. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Virtual Memory/Pagefile.sys
Debug
Cyphertext only
Separation of duties
5. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Termination procedures
Switches / Bridges
ARP (Address Resolution Protocol)
Penetration testing
6. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Raid 0 - 1 - 3 - 5
Embezzlement
Expert systems
DOS
7. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Granularity
Brute Force
COOP
Software development lifecycle
8. The process of reducing your risks to an acceptable level based on your risk analysis
Risk Mitigation
COOP
Cookies
NAT
9. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
ROT-13
Skipjack
Script kiddies
Non-repudiation
10. A technique to eliminate data redundancy.
Security Awareness Training
SSH
ISDN (Integrated Services Digital Network)
Normalization
11. 'If you cant see it - its secure'. Bad policy to live by.
CORBA
TCSEC
Security through obscurity
Multiprocessing
12. Method of authenticating to a system. Something that you supply and something you know.
Repeaters
CCTV
Username/password
User
13. In the broadest sense - a fraud is a deception made for personal gain
Cryptanalysis
ROT-13
Masquerade
Fraud
14. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
DMZ
Diffie-Hellman
MitM
Burden of Proof
15. The frequency with which a threat is expected to occur.
Joke
Software
Masquerade
ARO (Annualized Rate of Occurrence)
16. Software designed to infiltrate or damage a computer system - without the owner's consent.
Malware
Granularity
Owner
Block cipher
17. Disclosure - Alteration - Destruction. These things break the CIA triad
Fraud
DAD
Data remanence
Exit interview
18. Personal - Network - and Application
Firewall types
Dictionary Attack
Security Perimeter
Accountability
19. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Kerberos
Salami Slicing
Inference
Polymorphic
20. Relating to quality or kind. This assigns a level of importance to something.
Qualitative
DMZ
Script
Social engineering
21. Internet Relay Chat.
Rijndael
Privacy Act of 1974
IRC
Embezzlement
22. The output of a hash function is a digest.
Digest
Privacy Act of 1974
UUEncode
Base-64
23. Must be in place for you to use a biometric system
FAR/FRR/CER
Data remanence
Asset Value
Biometric profile
24. Occupant Emergency Plan - Employees are the most important!
Java
Teardrop
l0pht
OEP
25. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Technical - Administrative - Physical
CD-Rom
Risk Mitigation
DAD
26. The intercepting of conversations by unintended recipients
Smurf
Eavesdropping
Firewall types
Separation of duties
27. Network devices that operate at layer 3. This device separates broadcast domains.
Trap Door
Routers
Authorization
Decentralized
28. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Substitution
DNS cache poisoning
Halon
Patent
29. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Joke
Certification
DCOM
TACACS (Terminal access controller access control system)
30. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Termination procedures
SYN Flood
Private Addressing
Aggregation
31. A network that mimics the brain
PAP (Password Authentication Protocol)
Biometrics
Security kernel
Artificial Neural Networks (ANN)
32. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Fire extinguisher
Worm
Two-Factor Authentication
Twisted pair
33. Reasonable doubt
Burden of Proof
Rolling hot sites
Smart cards
Software librarian
34. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Transposition
CIA
Clipper Chip
Toneloc
35. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
IAB
NAT
SYN Flood
Software development lifecycle
36. Network Address Translation
NAT
TCSEC
Packet Sniffing
Patent
37. Chief Information Officer
Coax
Software development lifecycle
Tort
CIO
38. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Masquerade
Cookies
Skipjack
CIRT
39. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Reciprocal agreement
Encryption
Software development lifecycle
Virtual machine
40. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Block cipher
Mandatory vacation
Keystroke logging
Due Care
41. The person that determines the permissions to files. The data owner.
Degausser
Owner
Switches / Bridges
SQL (Structured Query Language)
42. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Packet Sniffing
Dogs
Change management
Honey pot
43. Entails planning and system actions to ensure that a project is following good quality management practices
Closed network
Quality Assurance
/etc/passwd
Granularity
44. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Script kiddies
Teardrop
Throughput of a Biometric System
Security through obscurity
45. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Promiscuous mode
Copyright
Burden of Proof
Brute Force
46. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Encryption
Degausser
Fire extinguisher
Boot-sector Virus
47. Also known as a tunnel)
AES (Advanced Encryption Standard)
VPN (Virtual Private Network)
Qualitative
Bastion hosts
48. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Artificial Neural Networks (ANN)
Degausser
Tailgating / Piggybacking
Vulnerability analysis tools
49. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Promiscuous mode
OSI Model
Trap Door
Authorization
50. Good for distance - longer than 100M
Callback Security/Call Forwarding
Risk Mitigation
Coax
Joke
