SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
WAP (Wireless Application Protocol)
Encryption
Normalization
Security Perimeter
2. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Inference
FAR/FRR/CER
Patriot Act
Trade Secret
3. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Polymorphism
DAD
Skipjack
DMZ
4. Network Address Translation
Scanning
NAT
UUEncode
ARO (Annualized Rate of Occurrence)
5. Someone who hacks
Certification
Hacker
TCSEC
Tort
6. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Tokens
Passive attacks
Toneloc
Cold Site
7. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Telnet
Hearsay Evidence
Masquerade
Halon
8. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Security through obscurity
Content dependant
VPN (Virtual Private Network)
Due Diligence
9. Emanations from one wire coupling with another wire
Key Escrow
WAP (Wireless Application Protocol)
Crosstalk
Audit Trail
10. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
PAP (Password Authentication Protocol)
BIOS
Active attacks
WTLS (Wireless Transport Layer Security)
11. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
Certification
ROM (Read-only memory)
CIO
Enticement
12. Confidentiality - Integrity - and Availability
CIA
TEMPEST
SSH
OEP
13. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Audit Trail
Transposition
Symmetric
Macro
14. Component Object Model.
COM
Fences
ARP (Address Resolution Protocol)
Malware
15. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
l0pht
Sabotage
Digest
Skipjack
16. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Packet Sniffing
Nonce
Trademark
Digital certificates
17. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Change management
Hearsay Evidence
Dogs
Smart cards
18. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Degausser
Cookies
Trade Secret
Penetration testing
19. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
WAP (Wireless Application Protocol)
Termination procedures
Patent
20. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Risk Mitigation
DHCP
Technical - Administrative - Physical
Termination procedures
21. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
COM
Switches / Bridges
Cookies
CORBA
22. 'If you cant see it - its secure'. Bad policy to live by.
Security through obscurity
Digest
VLANs
Authentication
23. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Digital signing
Acceptable use
Checksum
Phreaker
24. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Passive attacks
Script kiddies
Logic bomb
Dumpster diving
25. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Social engineering
Smart cards
Cold Site
Virtual Memory/Pagefile.sys
26. A network that uses standard protocols (TCP/IP)
Open network
Mandatory vacation
Security Awareness Training
IRC
27. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
SESAME
Patent
Code of ethics
Firewall types
28. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Crosstalk
Worm
Patent
Kerberos
29. A RFC standard. A mechanism for performing commands on a remote system
Phreaker
AES (Advanced Encryption Standard)
Data remanence
Telnet
30. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Cold Site
Expert systems
ActiveX Object Linking and Embedding
Hash
31. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Multipartite
SESAME
TACACS (Terminal access controller access control system)
Twisted pair
32. The act of identifying yourself. Providing your identity to a system
PAP (Password Authentication Protocol)
Active attacks
Virtual machine
Identification
33. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
DDOS
EF (Exposure Factor)
Call tree
Session Hijacking
34. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Honey pot
Common criteria
AES (Advanced Encryption Standard)
Raid 0 - 1 - 3 - 5
35. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Multipartite
Rolling hot sites
Nonce
Privacy Act of 1974
36. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Risk Management
CORBA
Normalization
Hackers
37. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Due Care
Polymorphic
SESAME
Skipjack
38. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Macro
Brewer-Nash model
Multitasking
Java
39. Encompasses Risk Analysis and Risk Mitigation
Tailgating / Piggybacking
Risk Management
Inference
Motion detector
40. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Privacy Act of 1974
Degausser
Joke
VPN (Virtual Private Network)
41. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Throughput of a Biometric System
Fraud
Nonce
Firmware
42. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Quantitative
Smart cards
Logic bomb
Object Oriented Programming
43. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Back door/ trap door/maintenance hook
CEO
VPN (Virtual Private Network)
Expert System
44. Also civil law
ALE (Annualized Loss Expectancy)
Tort
Clipper Chip
Custodian
45. Dialing fixed sets telephone numbers looking for open modem connections to machines
Decentralized
War dialing
Embezzlement
Incentive programs
46. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Inference
Audit Trail
Risk Analysis
SSO (Single sign-on)
47. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Embezzlement
Replay
Degausser
ALE (Annualized Loss Expectancy)
48. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
VPN (Virtual Private Network)
Clipper Chip
Aggregation
Active attacks
49. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
OSI Model
Brewer-Nash model
Brute force
War driving
50. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Spoofing
Out of band
Incentive programs
Format 7 times