SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Covert channels
Firmware
Security kernel
ActiveX Object Linking and Embedding
2. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Polymorphic
Degausser
Worm
Hacker
3. In the broadest sense - a fraud is a deception made for personal gain
Rijndael
Transposition
TCB
Fraud
4. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Hackers
Hot Site
CIA
Switches / Bridges
5. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
Polymorphism
Bastion hosts
CD-Rom
l0pht
6. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Switches / Bridges
CORBA
Data remanence
UUEncode
7. A network that uses standard protocols (TCP/IP)
Teardrop
Open network
Patent
Spoofing
8. An attempt to trick the system into believing that something false is real
Security Awareness Training
TCSEC
Hoax
DHCP
9. Same as a block cipher except that it is applied to a data stream one bit at a time
Stream cipher
Penetration testing
RAM (Random-access memory)
Java
10. Occupant Emergency Plan - Employees are the most important!
Eavesdropping
Boot-sector Virus
OEP
Quantitative
11. Repeats the signal. It amplifies the signal before sending it on.
CCTV
Repeaters
Attenuation
Social engineering
12. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Exit interview
Content dependant
OEP
Honey pot
13. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Cyphertext only
Halon
OSI Model
Brute force
14. Entails planning and system actions to ensure that a project is following good quality management practices
OSI Model
Caesar Cipher
Senior Management
Quality Assurance
15. Software designed to infiltrate or damage a computer system - without the owner's consent.
Debug
Open network
Malware
Tokens
16. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Due Diligence
CGI (The Common Gateway Interface)
Authorization
Script kiddies
17. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Call tree
Enticement
CCTV
WAP (Wireless Application Protocol)
18. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
TEMPEST
Certification
Twisted pair
Fraggle
19. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Substitution
Privacy Act of 1974
RAM (Random-access memory)
Technical - Administrative - Physical
20. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Authorization
SSH
ROM (Read-only memory)
TCB
21. A site that has some equipment in place - and can be up within days
Birthday attack
OEP
Switches / Bridges
Warm Site
22. Once authenticated - the level of access you have to a system
Authorization
Object Oriented Programming
Promiscuous mode
Security through obscurity
23. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Well-known ports
Debug
Content dependant
Security through obscurity
24. A mechanism by which connections to TCP services on a system are allowed or disallowed
Session Hijacking
TCP Wrappers
Virtual machine
Telnet
25. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Trap Door
BIA
Aggregation
Biometrics
26. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Digital certificates
Software development lifecycle
Risk Acceptance
COM
27. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
l0pht
MitM
Granularity
Bugtraq
28. Also civil law
Block cipher
ALE (Annualized Loss Expectancy)
Tort
SSO (Single sign-on)
29. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
CHAP
Risk Mitigation
Non-repudiation
PKI
30. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
l0pht
DOS
Inference
CRC (Cyclic Redundancy Check)
31. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Virtual Memory/Pagefile.sys
Polymorphic
Scanning
Risk Transferring
32. The real cost of acquiring/maintaining/developing a system
TCP Wrappers
Substitution
Attenuation
Asset Value
33. Scanning the airwaves for radio transmissions
Tailgating / Piggybacking
Scanning
Security through obscurity
Birthday attack
34. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Replay
Teardrop
Aggregation
BIA
35. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Raid 0 - 1 - 3 - 5
SYN Flood
Repeaters
Digest
36. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
SSH
Encryption
Technical - Administrative - Physical
Accountability
37. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Cookies
Spoofing
Compiler
PAP (Password Authentication Protocol)
38. The act of identifying yourself. Providing your identity to a system
Code of ethics
Identification
Logic bomb
Hubs
39. Animals with teeth. Not as discriminate as guards
SYN Flood
Dogs
SQL (Structured Query Language)
Security Awareness Training
40. This is an open international standard for applications that use wireless communications.
Script
Asset Value
WAP (Wireless Application Protocol)
Fire extinguisher
41. Personal - Network - and Application
Switches / Bridges
Coax
Firewall types
CORBA
42. Closed Circuit Television
CCTV
Honey pot
Common criteria
IRC
43. Emanations from one wire coupling with another wire
Crosstalk
Biometric profile
Username/password
Throughput of a Biometric System
44. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
ActiveX Object Linking and Embedding
Owner
Data remanence
TCSEC
45. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
Non-repudiation
WTLS (Wireless Transport Layer Security)
Throughput of a Biometric System
ROT-13
46. A hidden communications channel on a system that allows for the bypassing of the system security policy
Coax
Covert channels
Tailgating / Piggybacking
Reciprocal agreement
47. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Salami Slicing
ROT-13
Format 7 times
VLANs
48. Dynamic Host Configuration Protocol.
War dialing
Man trap
Bastion hosts
DHCP
49. Signal degradation as it moves farther from its source
Common criteria
Attenuation
Accreditation
WTLS (Wireless Transport Layer Security)
50. When one key of a two-key pair has more encryption pattern than the other
Asymmetric
Security through obscurity
Promiscuous mode
Brute Force