SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Polymorphism
Buffer overflow
l0pht
Polymorphic
2. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Private Addressing
Checksum
Termination procedures
Salami Slicing
3. Encompasses Risk Analysis and Risk Mitigation
Risk Management
Data Mart
MitM
PKI
4. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
BIA
Asymmetric
Accountability
Salami Slicing
5. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Stream cipher
Eavesdropping
Inference
Data remanence
6. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
CEO
BIOS
Finger scanning
Artificial Neural Networks (ANN)
7. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
MOM
DDOS
Acceptable use
Hash
8. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Transposition
Digital signing
Separation of duties
EF (Exposure Factor)
9. A mechanism by which connections to TCP services on a system are allowed or disallowed
TCP Wrappers
Debug
Repeaters
War dialing
10. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Acceptable use
Masquerade
Quantitative
Tokens
11. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
CGI (The Common Gateway Interface)
Active attacks
Replay
COOP
12. Disclosure - Alteration - Destruction. These things break the CIA triad
DAD
CIO
Clipper Chip
SESAME
13. Computer Incident Response Team
War dialing
CIRT
Biometrics
TEMPEST
14. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Honey pot
Risk Transferring
Keystroke logging
Trademark
15. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
CD-Rom
Entrapment
Carnivore
Finger printing
16. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Active attacks
RADIUS (Remote authentication dial-in user service)
Patent
Software librarian
17. Distributed Component Object Model. Microsoft's implementation of CORBA.
Multipartite
Packet Sniffing
DCOM
Risk Management
18. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Base-64
Joke
Multipartite
Boot-sector Virus
19. Entails planning and system actions to ensure that a project is following good quality management practices
Callback Security/Call Forwarding
Quantitative
Decentralized
Quality Assurance
20. Providing verification to a system
Authentication
Due Care
SSL/TLS
Rolling hot sites
21. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Change management
Illegal/Unethical
Cold Site
Technical - Administrative - Physical
22. To not be legal (as far as law is concerned) or ethical
Bastion hosts
Illegal/Unethical
Scanning
IRC
23. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Logic bomb
Virtual machine
Coax
Brute force
24. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Risk Transferring
Clipping levels
Call tree
Session Hijacking
25. Motivational tools for employee awareness to get them to report security flaws in an organization
Throughput of a Biometric System
Salami Slicing
Object Oriented Programming
Incentive programs
26. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Job rotation
ISDN (Integrated Services Digital Network)
AES (Advanced Encryption Standard)
RAM (Random-access memory)
27. The person that controls access to the data
Risk Mitigation
Multiprocessing
Custodian
UUEncode
28. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Separation of duties
Java
Salami Slicing
ARO (Annualized Rate of Occurrence)
29. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Authorization creep
Sabotage
Two-Factor Authentication
FAR/FRR/CER
30. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Twisted pair
Brute Force
Multitasking
Logic bomb
31. Scanning the airwaves for radio transmissions
Penetration testing
Scanning
Compiler
Script
32. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Security kernel
VPN (Virtual Private Network)
Security through obscurity
Schema
33. White hat l0pht
Common criteria
Macro
Out of band
Bugtraq
34. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Software development lifecycle
Throughput of a Biometric System
WTLS (Wireless Transport Layer Security)
Keystroke logging
35. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Promiscuous mode
Vulnerability analysis tools
Smart cards
PKI
36. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
Replay
Base-64
CCTV
37. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Hubs
Code of ethics
Block cipher
Detective - Preventive - Corrective
38. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Warm Site
Repeaters
Due Diligence
WTLS (Wireless Transport Layer Security)
39. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Stream cipher
Digest
Compiler
Qualitative
40. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
War dialing
Salami Slicing
RADIUS (Remote authentication dial-in user service)
Risk Management
41. CISSPs subscribe to a code of ethics for building up the security profession
Tokens
Code of ethics
Hoax
Switches / Bridges
42. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
SYN Flood
Throughput of a Biometric System
Covert channels
Expert systems
43. A sandbox. Emulates an operating environment.
SLE (Single Loss Expectancy or Exposure)
Macro
VPN (Virtual Private Network)
Virtual machine
44. In a separation of duties model - this is where code is checked in and out
COOP
Software librarian
Burden of Proof
Expert System
45. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Replay
Checksum
Termination procedures
Code of ethics
46. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
War driving
Polymorphism
Base-64
Symmetric
47. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Authorization creep
Digital certificates
Worm
Hoax
48. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Birthday attack
Scanning
Software development lifecycle
ActiveX Object Linking and Embedding
49. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Back door/ trap door/maintenance hook
SQL (Structured Query Language)
Promiscuous mode
Software
50. A war dialing utility
Copyright
Trojan horses
Toneloc
Accreditation