SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Patriot Act
Finger scanning
l0pht
Burden of Proof
2. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
DMZ
Job rotation
Termination procedures
Two-Factor Authentication
3. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Dumpster diving
War driving
Noise & perturbation
Termination procedures
4. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Carnivore
Fire extinguisher
Brute Force
Risk Analysis
5. Providing verification to a system
TCP Wrappers
RAM (Random-access memory)
Throughput of a Biometric System
Authentication
6. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Software development lifecycle
Closed network
Data Mart
DAD
7. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Telnet
Echelon
Quality Assurance
DNS cache poisoning
8. A network that uses proprietary protocols
Clipping levels
Multiprocessing
Closed network
Digest
9. A war dialing utility
Toneloc
Coax
Copyright
Sniffing
10. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Telnet
Block cipher
Passive attacks
Bugtraq
11. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
SQL (Structured Query Language)
ROM (Read-only memory)
Common criteria
SSH
12. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Entrapment
Halon
Embezzlement
Sniffing
13. Method of authenticating to a system. Something that you supply and something you know.
Toneloc
Scanning
Data Mart
Username/password
14. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
MOM
Halon
Data Mart
Data remanence
15. A network that uses standard protocols (TCP/IP)
Salami Slicing
Open network
Centralized
Patriot Act
16. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Artificial Neural Networks (ANN)
Scanning
MitM
IRC
17. Animals with teeth. Not as discriminate as guards
Brute Force
BIOS
CD-Rom
Dogs
18. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Security Perimeter
Virtual Memory/Pagefile.sys
MOM
Expert systems
19. CISSPs subscribe to a code of ethics for building up the security profession
Privacy Act of 1974
CHAP
Change management
Code of ethics
20. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Dictionary Attack
War dialing
Checksum
ARP (Address Resolution Protocol)
21. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Security through obscurity
Software
Qualitative
WTLS (Wireless Transport Layer Security)
22. Confidentiality - Integrity - and Availability
CIA
Authentication
Base-64
Substitution
23. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Biometrics
Macro
Incentive programs
Hot Site
24. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Wiretapping
Firmware
Risk Acceptance
Brewer-Nash model
25. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
OSI Model
Virtual Memory/Pagefile.sys
Bugtraq
Motion detector
26. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Patent
DNS cache poisoning
CD-Rom
Content dependant
27. A RFC standard. A mechanism for performing commands on a remote system
Software
Promiscuous mode
Guards
Telnet
28. Basic Input/Output System
ROT-13
PAP (Password Authentication Protocol)
BIOS
DOS
29. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Worm
COOP
Hot Site
Cold Site
30. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
SLE (Single Loss Expectancy or Exposure)
Throughput of a Biometric System
Risk Management
Risk Mitigation
31. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
DOS
Private Addressing
Vulnerability analysis tools
Multitasking
32. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Session Hijacking
l0pht
ActiveX Object Linking and Embedding
CEO
33. When two or more processes are linked and execute multiple programs simultaneously
War driving
Multiprocessing
SESAME
Checksum
34. Continuation of Operations Plan
Phreaker
Open network
COOP
Debug
35. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
Digital certificates
TACACS (Terminal access controller access control system)
Dumpster diving
36. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Joke
Risk Transferring
OLE
Phreaker
37. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Spoofing
Replay
Exit interview
Risk Analysis
38. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Username/password
Finger scanning
Cyphertext only
Debug
39. In the broadest sense - a fraud is a deception made for personal gain
Switches / Bridges
Qualitative
Repeaters
Fraud
40. Closed Circuit Television
Packet Sniffing
CCTV
Eavesdropping
Accreditation
41. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
Finger scanning
VPN (Virtual Private Network)
Fraud
42. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Boot-sector Virus
Senior Management
Callback Security/Call Forwarding
Classes of IP networks
43. These can be used to verify that public keys belong to certain individuals.
Trademark
Digital certificates
RADIUS (Remote authentication dial-in user service)
ROT-13
44. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
PAP (Password Authentication Protocol)
Throughput of a Biometric System
Smurf
Hoax
45. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
CEO
Granularity
Smart cards
Hackers
46. These viruses usually infect both boot records and files.
Phreaker
Guards
DOS
Multipartite
47. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Exit interview
Session Hijacking
Smurf
Aggregation
48. Relating to quality or kind. This assigns a level of importance to something.
Qualitative
Code of ethics
Asset Value
Checksum
49. Internet Relay Chat.
IRC
Asymmetric
DAD
Brute force
50. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Spoofing
Block cipher
BIA
Normalization