SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
AES (Advanced Encryption Standard)
Trap Door
Boot-sector Virus
Open network
2. An attempt to trick the system into believing that something false is real
Patriot Act
Risk Management
Hoax
Rijndael
3. Good for distance - longer than 100M
Coax
CORBA
Audit Trail
Covert channels
4. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Keystroke logging
Digest
Smurf
Finger printing
5. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Certification
Switches / Bridges
Virtual Memory/Pagefile.sys
CRC (Cyclic Redundancy Check)
6. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Acceptable use
Block cipher
Hackers
Data Mart
7. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
ISDN (Integrated Services Digital Network)
Noise & perturbation
Motion detector
Fraggle
8. Using ICMP to diagram a network
Probing
Debug
Social engineering
Illegal/Unethical
9. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
UUEncode
Symmetric
Dictionary Attack
Risk Acceptance
10. A gas used in fire suppression. Not human safe. Chemical reaction.
Halon
Vulnerability analysis tools
Rijndael
Audit Trail
11. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Virtual Memory/Pagefile.sys
DMZ
Biometrics
TEMPEST
12. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Digest
Polymorphism
Hackers
DNS cache poisoning
13. Common Object Request Broker Architecture.
Buffer overflow
Dogs
OLE
CORBA
14. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Two-Factor Authentication
WTLS (Wireless Transport Layer Security)
Patent
Decentralized
15. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Sniffing
Compiler
Man trap
ARP (Address Resolution Protocol)
16. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Symmetric
Wiretapping
Embezzlement
Change management
17. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
ROM (Read-only memory)
Security through obscurity
Multithreading
Attenuation
18. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Multipartite
Incentive programs
Joke
IRC
19. A network entity that provides a single entrance / exit point to the Internet.
SQL (Structured Query Language)
Tort
Illegal/Unethical
Bastion hosts
20. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
ActiveX Object Linking and Embedding
Wiretapping
Reciprocal agreement
Hot Site
21. In the broadest sense - a fraud is a deception made for personal gain
Hot Site
Polymorphism
Fraud
Multithreading
22. A technique to eliminate data redundancy.
Open network
War dialing
OSI Model
Normalization
23. Object Linking and Embedding. The ability of an object to be embedded into another object.
Biometric profile
OLE
Script
Out of band
24. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Security kernel
WTLS (Wireless Transport Layer Security)
Trade Secret
Risk Analysis
25. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Worm
Rolling hot sites
IRC
Risk Acceptance
26. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Debug
Switches / Bridges
Smart cards
Reciprocal agreement
27. In a separation of duties model - this is where code is checked in and out
DCOM
Social engineering
Owner
Software librarian
28. Emanations from one wire coupling with another wire
OEP
Separation of duties
Joke
Crosstalk
29. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
RADIUS (Remote authentication dial-in user service)
Out of band
Passive attacks
Encryption
30. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Hash
PAP (Password Authentication Protocol)
OSI Model
Decentralized
31. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Due Care
Private Addressing
Risk Mitigation
Caesar Cipher
32. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Software
Block cipher
CHAP
ISDN (Integrated Services Digital Network)
33. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
MitM
Software librarian
Trade Secret
Hacker
34. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
ActiveX Object Linking and Embedding
Warm Site
Bugtraq
BIOS
35. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
SSO (Single sign-on)
Trap Door
Hoax
Digital signing
36. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
OSI Model
Buffer overflow
Hardware
Multiprocessing
37. Basic Input/Output System
Multithreading
BIOS
Cookies
Two-Factor Authentication
38. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Identification
Termination procedures
CHAP
Rolling hot sites
39. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Trademark
Tokens
VLANs
Clipping levels
40. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
SYN Flood
Scanning
Entrapment
Polymorphic
41. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
DDOS
Boot-sector Virus
CD-Rom
Brewer-Nash model
42. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Active attacks
UUEncode
Software librarian
TACACS (Terminal access controller access control system)
43. Animals with teeth. Not as discriminate as guards
Firmware
SSH
Due Diligence
Dogs
44. Motive - Opportunity - and Means. These deal with crime.
Expert System
Wiretapping
MOM
Accreditation
45. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
CGI (The Common Gateway Interface)
Probing
CEO
Hacker
46. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Guards
Key Escrow
Bastion hosts
Risk Transferring
47. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Artificial Neural Networks (ANN)
Classes of IP networks
Brute force
Virtual machine
48. Public Key Infrastructure
Macro
Teardrop
Granularity
PKI
49. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Cookies
Fiber optic
Firmware
Software development lifecycle
50. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Fiber optic
SYN Flood
Dogs
Caesar Cipher