SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
DNS cache poisoning
Expert System
Encryption
Common criteria
2. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Accreditation
TCSEC
OLE
Closed network
3. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Patriot Act
OSI Model
Security Perimeter
Nonce
4. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Authentication
Salami Slicing
User
Debug
5. The ability to have more than one thread associated with a process
Multithreading
Brewer-Nash model
Burden of Proof
Classes of IP networks
6. The process of reducing your risks to an acceptable level based on your risk analysis
Finger scanning
Risk Mitigation
Virtual machine
Virtual Memory/Pagefile.sys
7. Method of authenticating to a system. Something that you supply and something you know.
Username/password
Fiber optic
Warm Site
Dogs
8. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Hardware
Brewer-Nash model
Non-repudiation
Brute force
9. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Asset Value
Privacy Act of 1974
Authorization
Separation of duties
10. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
CIO
IRC
CRC (Cyclic Redundancy Check)
Data remanence
11. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Non-repudiation
Tort
Guards
Teardrop
12. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
SSH
Technical - Administrative - Physical
CEO
AES (Advanced Encryption Standard)
13. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
CGI (The Common Gateway Interface)
Decentralized
Detective - Preventive - Corrective
SQL (Structured Query Language)
14. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Tokens
CIRT
DOS
Exit interview
15. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Asset Value
Fraggle
Quantitative
Promiscuous mode
16. Also civil law
Decentralized
Carnivore
Penetration testing
Tort
17. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Packet Sniffing
TACACS (Terminal access controller access control system)
Acceptable use
Birthday attack
18. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Key Escrow
Well-known ports
COOP
Hot Site
19. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
Polymorphic
ISDN (Integrated Services Digital Network)
Halon
Digital certificates
20. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Bastion hosts
Key Escrow
Reciprocal agreement
Inference
21. A site that has some equipment in place - and can be up within days
Termination procedures
Format 7 times
Warm Site
DNS cache poisoning
22. Personal - Network - and Application
TEMPEST
Security through obscurity
Firewall types
SQL (Structured Query Language)
23. The frequency with which a threat is expected to occur.
Degausser
ARO (Annualized Rate of Occurrence)
Sabotage
Smart cards
24. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Session Hijacking
DOS
Security Perimeter
Brute force
25. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Two-Factor Authentication
Open network
Software
Audit Trail
26. Accepting all packets
Trade Secret
Promiscuous mode
Service packs
Dumpster diving
27. A mechanism by which connections to TCP services on a system are allowed or disallowed
Patriot Act
TCP Wrappers
Fraggle
Telnet
28. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
TCB
Checksum
Noise & perturbation
War dialing
29. To not be legal (as far as law is concerned) or ethical
Scanning
Illegal/Unethical
Smurf
Nonce
30. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
SSL/TLS
Fences
Joke
Classes of IP networks
31. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Patriot Act
Callback Security/Call Forwarding
Trojan horses
Clipping levels
32. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Packet Sniffing
Quantitative
Debug
Privacy Act of 1974
33. Encompasses Risk Analysis and Risk Mitigation
Risk Management
Risk Analysis
Fences
DAD
34. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Mandatory vacation
DAD
Joke
Cyphertext only
35. Dialing fixed sets telephone numbers looking for open modem connections to machines
War dialing
Separation of duties
ActiveX Object Linking and Embedding
/etc/passwd
36. Jumping into dumpsters to retrieve information about someone/something/a company
Software development lifecycle
SSL/TLS
Dumpster diving
CIA
37. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Active attacks
Hearsay Evidence
DCOM
Granularity
38. Basic Input/Output System
BIOS
Crosstalk
SQL (Structured Query Language)
Active attacks
39. A network that uses proprietary protocols
DAD
Brewer-Nash model
Closed network
Entrapment
40. The real cost of acquiring/maintaining/developing a system
Rijndael
MitM
Virtual machine
Asset Value
41. Same as a block cipher except that it is applied to a data stream one bit at a time
FAR/FRR/CER
DAD
Echelon
Stream cipher
42. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Patriot Act
Accreditation
Risk Mitigation
SSO (Single sign-on)
43. 'If you cant see it - its secure'. Bad policy to live by.
Security through obscurity
Authorization creep
Clipper Chip
/etc/passwd
44. Chief Information Officer
Bastion hosts
CIO
ROT-13
Accreditation
45. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Degausser
Bastion hosts
Block cipher
Hearsay Evidence
46. Distributed Component Object Model. Microsoft's implementation of CORBA.
Trade Secret
Stream cipher
Non-repudiation
DCOM
47. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Exit interview
Software
Qualitative
FAR/FRR/CER
48. Random Number Base
Nonce
IRC
SESAME
Repeaters
49. A site that is ready physically but has no hardware in place - all it has is HVAC
Hardware
ROT-13
Scanning
Cold Site
50. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Hash
Private Addressing
TEMPEST
User
