SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Active attacks
COM
SLE (Single Loss Expectancy or Exposure)
DHCP
2. The ability to have more than one thread associated with a process
Normalization
Multithreading
War dialing
Multipartite
3. Signal degradation as it moves farther from its source
Digital certificates
Risk Transferring
Digital signing
Attenuation
4. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Acceptable use
Trojan horses
NAT
Brute Force
5. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
NAT
AES (Advanced Encryption Standard)
Separation of duties
MOM
6. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Well-known ports
Content dependant
Out of band
Hot Site
7. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
COOP
Kerberos
Teardrop
Degausser
8. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Symmetric
Fraggle
Granularity
Script kiddies
9. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Multitasking
Twisted pair
Clipping levels
Packet Sniffing
10. Providing verification to a system
Caesar Cipher
PKI
Mandatory vacation
Authentication
11. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
CIO
Multitasking
ROM (Read-only memory)
Object Oriented Programming
12. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Clipper Chip
Symmetric
IAB
Hoax
13. Network Address Translation
OSI Model
Termination procedures
NAT
SESAME
14. Entails planning and system actions to ensure that a project is following good quality management practices
Quality Assurance
Code of ethics
Man trap
ARP (Address Resolution Protocol)
15. Object Linking and Embedding. The ability of an object to be embedded into another object.
Firmware
Scanning
PKI
OLE
16. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Brewer-Nash model
Dictionary Attack
UUEncode
Session Hijacking
17. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
Security kernel
ARP (Address Resolution Protocol)
Privacy Act of 1974
Firmware
18. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Finger printing
RADIUS (Remote authentication dial-in user service)
Patriot Act
Trade Secret
19. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
ROT-13
CIA
Honey pot
Noise & perturbation
20. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Caesar Cipher
Fiber optic
Code of ethics
SQL (Structured Query Language)
21. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
TCP Wrappers
UUEncode
Clipper Chip
IAB
22. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Carnivore
Biometrics
Worm
OEP
23. The person that controls access to the data
Custodian
SLE (Single Loss Expectancy or Exposure)
Kerberos
Logic bomb
24. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
TCB
Embezzlement
Smurf
25. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Birthday attack
Logic bomb
Halon
TACACS (Terminal access controller access control system)
26. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
ActiveX Object Linking and Embedding
CIO
Repeaters
Reciprocal agreement
27. These can be used to verify that public keys belong to certain individuals.
Digital certificates
Echelon
Code of ethics
Security kernel
28. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Security kernel
Masquerade
Brewer-Nash model
Vulnerability analysis tools
29. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Certification
SSO (Single sign-on)
Switches / Bridges
VPN (Virtual Private Network)
30. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Fire extinguisher
Cold Site
Two-Factor Authentication
Risk Management
31. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
COM
Hash
BIOS
Boot-sector Virus
32. Involving the measurement of quantity or amount.
Hash
Quantitative
Birthday attack
Man trap
33. A site that is ready physically but has no hardware in place - all it has is HVAC
Toneloc
Cold Site
User
Skipjack
34. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Risk Mitigation
Classes of IP networks
Brewer-Nash model
Dogs
35. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Service packs
ROT-13
Hoax
Diffie-Hellman
36. This is an open international standard for applications that use wireless communications.
Risk Acceptance
WAP (Wireless Application Protocol)
Technical - Administrative - Physical
NAT
37. Network devices that operate at layer 3. This device separates broadcast domains.
CIO
Finger printing
Routers
Security Awareness Training
38. Rolling command center with UPS - satellite - uplink - power - etc.
Stream cipher
Risk Analysis
Rolling hot sites
Symmetric
39. Ethernet - Cat5 - Twisted to allow for longer runs.
SSL/TLS
NAT
Dumpster diving
Twisted pair
40. Computer Incident Response Team
Session Hijacking
CIRT
Illegal/Unethical
Open network
41. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Decentralized
Diffie-Hellman
Sabotage
Custodian
42. A technique to eliminate data redundancy.
WAP (Wireless Application Protocol)
Fences
Normalization
Classes of IP networks
43. The real cost of acquiring/maintaining/developing a system
Trade Secret
Asset Value
CRC (Cyclic Redundancy Check)
Schema
44. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Technical - Administrative - Physical
Polymorphic
VPN (Virtual Private Network)
Telnet
45. Same as a block cipher except that it is applied to a data stream one bit at a time
Risk Transferring
Echelon
Stream cipher
RAM (Random-access memory)
46. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
DMZ
Caesar Cipher
Risk Management
Rijndael
47. When one key of a two-key pair has more encryption pattern than the other
Passive attacks
Boot-sector Virus
Asymmetric
Man trap
48. Occupant Emergency Plan - Employees are the most important!
Change management
Cyphertext only
Replay
OEP
49. A system designed to stop piggybacking.
COOP
Raid 0 - 1 - 3 - 5
Man trap
DMZ
50. Making individuals accountable for their actions on a system typically through the use of auditing
RADIUS (Remote authentication dial-in user service)
Software development lifecycle
Dumpster diving
Accountability