SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Stream cipher
Hardware
Reciprocal agreement
Security Awareness Training
2. Public Key Infrastructure
PKI
Detective - Preventive - Corrective
Digest
DNS cache poisoning
3. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Dictionary Attack
AES (Advanced Encryption Standard)
Routers
Toneloc
4. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Digital signing
Keystroke logging
DNS cache poisoning
SYN Flood
5. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Rijndael
Hot Site
Routers
Man trap
6. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
SSL/TLS
Java
ROT-13
Identification
7. The output of a hash function is a digest.
Open network
Brewer-Nash model
Digest
SSH
8. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
l0pht
Tailgating / Piggybacking
Granularity
CIRT
9. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Aggregation
Symmetric
Active attacks
Patriot Act
10. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Logic bomb
CRC (Cyclic Redundancy Check)
DCOM
DNS cache poisoning
11. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Script
Certification
NAT
Hardware
12. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Expert systems
RADIUS (Remote authentication dial-in user service)
Kerberos
TCB
13. Relating to quality or kind. This assigns a level of importance to something.
ARO (Annualized Rate of Occurrence)
Fiber optic
Qualitative
RAM (Random-access memory)
14. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Script kiddies
Java
SESAME
Asset Value
15. CISSPs subscribe to a code of ethics for building up the security profession
Firmware
Vulnerability analysis tools
Bugtraq
Code of ethics
16. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Embezzlement
Scanning
Sniffing
BIA
17. The practice of obtaining confidential information by manipulation of legitimate users.
Trade Secret
Social engineering
Packet Sniffing
Cookies
18. Motive - Opportunity - and Means. These deal with crime.
MOM
DMZ
ALE (Annualized Loss Expectancy)
User
19. Jumping into dumpsters to retrieve information about someone/something/a company
ROT-13
Salami Slicing
Artificial Neural Networks (ANN)
Dumpster diving
20. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
Embezzlement
Key Escrow
Routers
WTLS (Wireless Transport Layer Security)
21. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
BIA
Hearsay Evidence
Digest
Raid 0 - 1 - 3 - 5
22. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
SSO (Single sign-on)
ALE (Annualized Loss Expectancy)
Burden of Proof
Software
23. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Script
Passive attacks
Symmetric
CCTV
24. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
SESAME
Mandatory vacation
Joke
Stream cipher
25. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Out of band
SYN Flood
Tokens
Keystroke logging
26. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Block cipher
Cyphertext only
Transposition
Acceptable use
27. A network that uses proprietary protocols
Closed network
TACACS (Terminal access controller access control system)
Brute force
Decentralized
28. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Code of ethics
EF (Exposure Factor)
Inference
Brewer-Nash model
29. Once authenticated - the level of access you have to a system
Polymorphic
Encryption
Coax
Authorization
30. A site that is ready physically but has no hardware in place - all it has is HVAC
DAD
Accreditation
IRC
Cold Site
31. Access control method for database based on the content of the database to provide granular access
Content dependant
Identification
Digital certificates
Expert System
32. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
DAD
Hackers
Replay
ARP (Address Resolution Protocol)
33. Chief Information Officer
CIO
Crosstalk
Hot Site
MitM
34. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Trojan horses
CHAP
Callback Security/Call Forwarding
DAD
35. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Hearsay Evidence
Covert channels
Replay
Motion detector
36. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
Job rotation
ISDN (Integrated Services Digital Network)
SLE (Single Loss Expectancy or Exposure)
CEO
37. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
DCOM
l0pht
Firewall types
Macro
38. A network that uses standard protocols (TCP/IP)
Open network
Illegal/Unethical
Coax
Fences
39. Accepting all packets
Promiscuous mode
Certification
ROT-13
Brewer-Nash model
40. Transferring your risk to someone else - typically an insurance company
Caesar Cipher
Dictionary Attack
Risk Transferring
Brute Force
41. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
TACACS (Terminal access controller access control system)
Multitasking
Fraud
BIA
42. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
DOS
Authorization
Virtual Memory/Pagefile.sys
Digital signing
43. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
WTLS (Wireless Transport Layer Security)
Out of band
Change management
Quantitative
44. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Clipper Chip
Key Escrow
Crosstalk
Closed network
45. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Motion detector
Tailgating / Piggybacking
Classes of IP networks
Accreditation
46. Confidentiality - Integrity - and Availability
Raid 0 - 1 - 3 - 5
CIA
Cryptanalysis
Data remanence
47. Chief Executive Officer
VLANs
CEO
Cyphertext only
User
48. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
ROM (Read-only memory)
SYN Flood
Decentralized
Throughput of a Biometric System
49. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Custodian
Separation of duties
Acceptable use
Security through obscurity
50. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Fences
Quality Assurance
Trojan horses
Two-Factor Authentication