SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Honey pot
Java
Hoax
Transposition
2. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Privacy Act of 1974
CORBA
Due Care
Throughput of a Biometric System
3. The real cost of acquiring/maintaining/developing a system
Asset Value
Due Care
Masquerade
SSO (Single sign-on)
4. Using ICMP to diagram a network
Probing
Senior Management
CHAP
/etc/passwd
5. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Authorization creep
Cyphertext only
Finger printing
Multitasking
6. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Asset Value
WAP (Wireless Application Protocol)
Smart cards
Quality Assurance
7. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Packet Sniffing
RAM (Random-access memory)
Promiscuous mode
Active attacks
8. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Transposition
Vulnerability analysis tools
Halon
Data remanence
9. Providing verification to a system
Block cipher
Brute force
Authentication
CHAP
10. The person that determines the permissions to files. The data owner.
Owner
Risk Transferring
Normalization
Malware
11. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Polymorphism
Cyphertext only
Risk Acceptance
TACACS (Terminal access controller access control system)
12. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Twisted pair
Boot-sector Virus
Data remanence
Normalization
13. A network that uses standard protocols (TCP/IP)
Data remanence
Open network
Dogs
IRC
14. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Substitution
Replay
Man trap
Noise & perturbation
15. Relating to quality or kind. This assigns a level of importance to something.
Quantitative
ALE (Annualized Loss Expectancy)
Qualitative
War dialing
16. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
TCB
Sabotage
IRC
Echelon
17. Common Object Request Broker Architecture.
UUEncode
Quality Assurance
Reciprocal agreement
CORBA
18. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Scanning
Schema
Fiber optic
Incentive programs
19. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Software librarian
Halon
Telnet
Spoofing
20. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Service packs
Virtual Memory/Pagefile.sys
Block cipher
DAD
21. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Granularity
Security Perimeter
Separation of duties
Data Mart
22. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Motion detector
WTLS (Wireless Transport Layer Security)
Aggregation
Firmware
23. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
TCB
Risk Acceptance
Reciprocal agreement
War dialing
24. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Symmetric
Security Perimeter
Security kernel
CCTV
25. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Symmetric
Trademark
Expert systems
Trap Door
26. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Exit interview
Centralized
Inference
Common criteria
27. The process of reducing your risks to an acceptable level based on your risk analysis
Polymorphism
Risk Mitigation
Burden of Proof
Centralized
28. The user
Polymorphism
Tokens
Exit interview
User
29. Internet Relay Chat.
RADIUS (Remote authentication dial-in user service)
Classes of IP networks
IRC
Multipartite
30. An instance of a scripting language
Closed network
Script
Multipartite
CIA
31. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Key Escrow
Passive attacks
MitM
Probing
32. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Digest
DDOS
Vulnerability analysis tools
Fiber optic
33. To not be legal (as far as law is concerned) or ethical
Detective - Preventive - Corrective
Routers
Exit interview
Illegal/Unethical
34. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Asymmetric
Degausser
Routers
Script
35. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Vulnerability analysis tools
Fire extinguisher
Stream cipher
Keystroke logging
36. When security is managed at a central point in an organization
Logic bomb
Centralized
Inference
Multiprocessing
37. Closed Circuit Television
CCTV
Data remanence
Hoax
TCP Wrappers
38. Personal - Network - and Application
Encryption
CIA
Firewall types
Script
39. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Well-known ports
Eavesdropping
Hardware
EF (Exposure Factor)
40. Dynamic Host Configuration Protocol.
DHCP
Technical - Administrative - Physical
Finger scanning
COM
41. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Boot-sector Virus
SSO (Single sign-on)
Authentication
Content dependant
42. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Enticement
Callback Security/Call Forwarding
Nonce
Smurf
43. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Open network
Tailgating / Piggybacking
Logic bomb
Routers
44. In a separation of duties model - this is where code is checked in and out
OSI Model
Software librarian
DAD
Salami Slicing
45. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Hot Site
Software
Digital signing
Multithreading
46. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
MitM
Cold Site
Raid 0 - 1 - 3 - 5
Birthday attack
47. A network that uses proprietary protocols
Closed network
Fiber optic
Boot-sector Virus
Coax
48. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Inference
OLE
Salami Slicing
SSH
49. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Entrapment
Script kiddies
SSH
Biometric profile
50. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Honey pot
Authentication
Job rotation
Non-repudiation
