SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Keystroke logging
Script
Substitution
Finger scanning
2. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
OSI Model
Worm
Hardware
Risk Analysis
3. Closed Circuit Television
CCTV
Sabotage
DOS
Probing
4. The frequency with which a threat is expected to occur.
Virtual machine
ARO (Annualized Rate of Occurrence)
Software development lifecycle
Authorization creep
5. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Packet Sniffing
TACACS (Terminal access controller access control system)
BIOS
War driving
6. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
BIA
Authorization creep
Tokens
Data Mart
7. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Risk Transferring
Worm
UUEncode
Smurf
8. Providing verification to a system
Mandatory vacation
Burden of Proof
Authentication
War dialing
9. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
PAP (Password Authentication Protocol)
Polymorphic
SYN Flood
Acceptable use
10. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Asymmetric
War driving
Kerberos
Rolling hot sites
11. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Certification
Digest
Copyright
Scanning
12. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Virtual Memory/Pagefile.sys
CRC (Cyclic Redundancy Check)
Digital certificates
Fences
13. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Wiretapping
Worm
Exit interview
Separation of duties
14. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Hackers
/etc/passwd
Artificial Neural Networks (ANN)
Closed network
15. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
Smurf
Transposition
Custodian
16. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Senior Management
Trap Door
TCSEC
Patriot Act
17. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Routers
Scanning
COM
Separation of duties
18. Must be in place for you to use a biometric system
Biometric profile
Risk Acceptance
Debug
Identification
19. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Accreditation
Firewall types
Checksum
Nonce
20. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Callback Security/Call Forwarding
CEO
Buffer overflow
Granularity
21. The intercepting of conversations by unintended recipients
Audit Trail
RAM (Random-access memory)
Eavesdropping
Job rotation
22. The real cost of acquiring/maintaining/developing a system
Classes of IP networks
Asset Value
Hackers
Due Diligence
23. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
IAB
Caesar Cipher
Exit interview
Qualitative
24. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Cryptanalysis
Script kiddies
Virtual Memory/Pagefile.sys
Granularity
25. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Username/password
Digital certificates
Technical - Administrative - Physical
Trap Door
26. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Multithreading
Birthday attack
Macro
DOS
27. A mechanism by which connections to TCP services on a system are allowed or disallowed
Degausser
Session Hijacking
Certification
TCP Wrappers
28. Occupant Emergency Plan - Employees are the most important!
Digital certificates
OEP
Cold Site
Buffer overflow
29. Good for distance - longer than 100M
Clipper Chip
Coax
Echelon
TACACS (Terminal access controller access control system)
30. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Reciprocal agreement
l0pht
Degausser
Rijndael
31. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
OSI Model
Bastion hosts
Mandatory vacation
Cold Site
32. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Debug
/etc/passwd
Buffer overflow
RAM (Random-access memory)
33. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Echelon
Granularity
Dictionary Attack
Stream cipher
34. Object Linking and Embedding. The ability of an object to be embedded into another object.
Exit interview
WTLS (Wireless Transport Layer Security)
OLE
Man trap
35. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
Hubs
Digital certificates
COOP
36. The person that controls access to the data
Promiscuous mode
Custodian
Tokens
Noise & perturbation
37. Public Key Infrastructure
PKI
WTLS (Wireless Transport Layer Security)
Wiretapping
Biometrics
38. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Hardware
Diffie-Hellman
Separation of duties
Mandatory vacation
39. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Vulnerability analysis tools
Clipper Chip
Back door/ trap door/maintenance hook
VPN (Virtual Private Network)
40. 'If you cant see it - its secure'. Bad policy to live by.
Service packs
Software
Security through obscurity
Brute force
41. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
ROT-13
Masquerade
Buffer overflow
Sniffing
42. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Risk Transferring
Active attacks
SYN Flood
Cookies
43. Defines the objects and their attributes that exist in a database.
Schema
Fiber optic
Hearsay Evidence
Motion detector
44. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Nonce
Throughput of a Biometric System
Asset Value
ROT-13
45. Encompasses Risk Analysis and Risk Mitigation
Kerberos
Risk Mitigation
Risk Management
Identification
46. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
OLE
Noise & perturbation
VLANs
Logic bomb
47. The person that determines the permissions to files. The data owner.
Owner
Back door/ trap door/maintenance hook
Asymmetric
ActiveX Object Linking and Embedding
48. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Callback Security/Call Forwarding
Private Addressing
Hacker
Virtual Memory/Pagefile.sys
49. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Data Mart
Motion detector
Cryptanalysis
Brute force
50. This is an open international standard for applications that use wireless communications.
WAP (Wireless Application Protocol)
Multipartite
Firmware
Stream cipher