SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Quality Assurance
Change management
Well-known ports
Patent
2. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
CHAP
Bastion hosts
Finger scanning
Rolling hot sites
3. This is an open international standard for applications that use wireless communications.
WAP (Wireless Application Protocol)
Encryption
Owner
Substitution
4. An instance of a scripting language
Passive attacks
CORBA
Script
Malware
5. A system designed to stop piggybacking.
Polymorphic
Man trap
SYN Flood
Joke
6. When two or more processes are linked and execute multiple programs simultaneously
Hardware
Trade Secret
Security Awareness Training
Multiprocessing
7. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Cold Site
Dictionary Attack
Biometrics
Illegal/Unethical
8. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Repeaters
SQL (Structured Query Language)
Checksum
Certification
9. In a separation of duties model - this is where code is checked in and out
Checksum
Software librarian
Brewer-Nash model
Acceptable use
10. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Granularity
Script kiddies
ROM (Read-only memory)
Brewer-Nash model
11. Once authenticated - the level of access you have to a system
Authorization
SYN Flood
Callback Security/Call Forwarding
Copyright
12. Basic Input/Output System
BIOS
UUEncode
DOS
CIO
13. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Vulnerability analysis tools
Inference
Brute force
Asset Value
14. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Keystroke logging
Passive attacks
Finger scanning
Fraud
15. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Hot Site
IRC
Twisted pair
CGI (The Common Gateway Interface)
16. Relating to quality or kind. This assigns a level of importance to something.
Qualitative
Trademark
Hardware
FAR/FRR/CER
17. CISSPs subscribe to a code of ethics for building up the security profession
Out of band
Code of ethics
OEP
Session Hijacking
18. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Quantitative
Scanning
BIA
/etc/passwd
19. Involving the measurement of quantity or amount.
Quantitative
Normalization
Privacy Act of 1974
ARO (Annualized Rate of Occurrence)
20. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
PAP (Password Authentication Protocol)
ARP (Address Resolution Protocol)
Aggregation
Kerberos
21. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Smart cards
Normalization
DNS cache poisoning
DMZ
22. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Accreditation
l0pht
Packet Sniffing
Privacy Act of 1974
23. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Change management
Rolling hot sites
Accreditation
RADIUS (Remote authentication dial-in user service)
24. A site that has some equipment in place - and can be up within days
Warm Site
Closed network
WTLS (Wireless Transport Layer Security)
Raid 0 - 1 - 3 - 5
25. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Brute force
Penetration testing
Routers
Macro
26. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
SSO (Single sign-on)
Accreditation
Motion detector
Quality Assurance
27. The process of reducing your risks to an acceptable level based on your risk analysis
Substitution
Risk Mitigation
Throughput of a Biometric System
Tailgating / Piggybacking
28. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Script
Virtual Memory/Pagefile.sys
Attenuation
Acceptable use
29. Network Address Translation
Toneloc
NAT
Keystroke logging
Trap Door
30. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Smurf
Patent
Call tree
DHCP
31. Internet Relay Chat.
Centralized
IRC
Covert channels
Identification
32. The ability to have more than one thread associated with a process
MitM
Multithreading
Hardware
Polymorphic
33. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
UUEncode
Carnivore
/etc/passwd
Hubs
34. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Schema
DNS cache poisoning
Diffie-Hellman
Polymorphism
35. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Cold Site
Halon
Call tree
Audit Trail
36. After implementing countermeasures - accepting risk for the amount of vulnerability left over
CORBA
Hash
Risk Acceptance
Fraggle
37. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Expert System
SSL/TLS
Motion detector
ARP (Address Resolution Protocol)
38. Someone who hacks
Compiler
Multitasking
Hacker
Service packs
39. The person that controls access to the data
Twisted pair
Noise & perturbation
Custodian
Transposition
40. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
PKI
Out of band
Base-64
BIA
41. Chief Information Officer
CIO
Security kernel
Worm
Noise & perturbation
42. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Smurf
Multitasking
DMZ
Diffie-Hellman
43. A network that uses proprietary protocols
Closed network
Authorization
Data Mart
Covert channels
44. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Tailgating / Piggybacking
Reciprocal agreement
Due Diligence
Salami Slicing
45. Continuation of Operations Plan
COOP
Risk Management
Carnivore
BIOS
46. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Hearsay Evidence
Expert systems
VPN (Virtual Private Network)
Diffie-Hellman
47. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
SSH
Schema
Caesar Cipher
Accreditation
48. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Crosstalk
TACACS (Terminal access controller access control system)
Certification
Inference
49. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
Script kiddies
Firmware
ARP (Address Resolution Protocol)
Crosstalk
50. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Asymmetric
Software development lifecycle
Finger printing
Username/password