SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. More discriminate than dogs
Certification
Degausser
Honey pot
Guards
2. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
SESAME
Two-Factor Authentication
Penetration testing
SLE (Single Loss Expectancy or Exposure)
3. The process of reducing your risks to an acceptable level based on your risk analysis
CORBA
Hoax
Security Awareness Training
Risk Mitigation
4. Enticing people to hit your honeypot to see how they try to access your system.
Phreaker
Finger printing
Hash
Enticement
5. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Transposition
Patent
Man trap
Attenuation
6. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Noise & perturbation
SSL/TLS
TCSEC
Data remanence
7. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
TEMPEST
Open network
Senior Management
Macro
8. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Callback Security/Call Forwarding
IRC
Identification
Penetration testing
9. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Salami Slicing
CEO
DOS
/etc/passwd
10. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Brewer-Nash model
Throughput of a Biometric System
Detective - Preventive - Corrective
Base-64
11. When one key of a two-key pair has more encryption pattern than the other
Brewer-Nash model
Asymmetric
Birthday attack
Audit Trail
12. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
WAP (Wireless Application Protocol)
War driving
Carnivore
VPN (Virtual Private Network)
13. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Clipper Chip
CHAP
Replay
Biometrics
14. Confidentiality - Integrity - and Availability
Schema
CIA
NAT
SSO (Single sign-on)
15. The person that controls access to the data
CRC (Cyclic Redundancy Check)
Audit Trail
Polymorphic
Custodian
16. This is an open international standard for applications that use wireless communications.
WAP (Wireless Application Protocol)
SSO (Single sign-on)
Cyphertext only
OSI Model
17. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Spoofing
Motion detector
RAM (Random-access memory)
Copyright
18. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
DOS
Passive attacks
Risk Analysis
Eavesdropping
19. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
ARP (Address Resolution Protocol)
OLE
Twisted pair
Worm
20. A hidden communications channel on a system that allows for the bypassing of the system security policy
BIA
Covert channels
Phreaker
Patent
21. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Change management
Base-64
Multithreading
Digest
22. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
Buffer overflow
OEP
Biometrics
23. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Probing
Service packs
Trap Door
COOP
24. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Acceptable use
Non-repudiation
Tokens
Digital certificates
25. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
l0pht
Cold Site
Repeaters
OLE
26. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Object Oriented Programming
Hoax
Cyphertext only
Trojan horses
27. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
NAT
Diffie-Hellman
Active attacks
Qualitative
28. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Eavesdropping
Illegal/Unethical
Cookies
DOS
29. Threat to physical security.
Sabotage
Brewer-Nash model
Active attacks
BIA
30. To not be legal (as far as law is concerned) or ethical
Illegal/Unethical
Smart cards
Termination procedures
Risk Acceptance
31. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Tokens
Callback Security/Call Forwarding
Cold Site
ISDN (Integrated Services Digital Network)
32. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Macro
DNS cache poisoning
Hackers
Data remanence
33. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Macro
Decentralized
RADIUS (Remote authentication dial-in user service)
Software development lifecycle
34. Computer Incident Response Team
CIRT
Software librarian
Honey pot
Owner
35. These can be used to verify that public keys belong to certain individuals.
Digital certificates
Common criteria
COM
Fiber optic
36. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
CHAP
Hackers
SQL (Structured Query Language)
Halon
37. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Quantitative
Tokens
Hash
DOS
38. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Degausser
Dogs
Brewer-Nash model
Joke
39. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Echelon
Software librarian
Virtual Memory/Pagefile.sys
Packet Sniffing
40. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Guards
Wiretapping
ROT-13
Classes of IP networks
41. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
CEO
Security Perimeter
Promiscuous mode
SSL/TLS
42. Occupant Emergency Plan - Employees are the most important!
Accreditation
OEP
Fire extinguisher
Hearsay Evidence
43. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Tort
Spoofing
Raid 0 - 1 - 3 - 5
Separation of duties
44. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
DCOM
VLANs
WTLS (Wireless Transport Layer Security)
Key Escrow
45. Must be in place for you to use a biometric system
Fraggle
Biometric profile
Trade Secret
Crosstalk
46. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Brute Force
Risk Analysis
ActiveX Object Linking and Embedding
Passive attacks
47. Animals with teeth. Not as discriminate as guards
Fences
Termination procedures
Dogs
Callback Security/Call Forwarding
48. Motivational tools for employee awareness to get them to report security flaws in an organization
TACACS (Terminal access controller access control system)
Multitasking
Incentive programs
Copyright
49. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Detective - Preventive - Corrective
Rijndael
Scanning
Risk Acceptance
50. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
VLANs
Substitution
Smart cards
Brute force