SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Method of authenticating to a system. Something that you supply and something you know.
Security through obscurity
Detective - Preventive - Corrective
Username/password
ISDN (Integrated Services Digital Network)
2. Chief Executive Officer
CEO
Job rotation
Attenuation
Call tree
3. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Buffer overflow
SQL (Structured Query Language)
Bastion hosts
Session Hijacking
4. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
Attenuation
ROM (Read-only memory)
ROT-13
Biometric profile
5. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Format 7 times
Boot-sector Virus
Salami Slicing
Social engineering
6. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
l0pht
Acceptable use
Schema
Polymorphism
7. Animals with teeth. Not as discriminate as guards
Dogs
Expert System
PAP (Password Authentication Protocol)
NAT
8. In the broadest sense - a fraud is a deception made for personal gain
Risk Management
Fraud
VLANs
Clipping levels
9. Object Linking and Embedding. The ability of an object to be embedded into another object.
Accreditation
OLE
Dictionary Attack
Brute Force
10. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Session Hijacking
Non-repudiation
Noise & perturbation
Caesar Cipher
11. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Tailgating / Piggybacking
Cookies
ROT-13
Due Care
12. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Exit interview
Hearsay Evidence
Tokens
COM
13. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
VPN (Virtual Private Network)
DDOS
Digital certificates
Classes of IP networks
14. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Biometric profile
Embezzlement
Promiscuous mode
Call tree
15. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Key Escrow
Twisted pair
Hash
Passive attacks
16. Someone who hacks
Hacker
Custodian
Authentication
Joke
17. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Bugtraq
Firmware
War dialing
Base-64
18. Dialing fixed sets telephone numbers looking for open modem connections to machines
Polymorphic
Toneloc
War dialing
Dogs
19. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
DCOM
SYN Flood
Java
Change management
20. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Scanning
Software librarian
Well-known ports
Attenuation
21. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
COOP
Spoofing
Hash
Risk Acceptance
22. The frequency with which a threat is expected to occur.
Termination procedures
ARO (Annualized Rate of Occurrence)
ROM (Read-only memory)
Privacy Act of 1974
23. A RFC standard. A mechanism for performing commands on a remote system
Man trap
Telnet
Patriot Act
VPN (Virtual Private Network)
24. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Polymorphism
Virtual Memory/Pagefile.sys
War dialing
Java
25. Relating to quality or kind. This assigns a level of importance to something.
DDOS
Enticement
TCB
Qualitative
26. Also known as a tunnel)
Social engineering
Service packs
VPN (Virtual Private Network)
Security Awareness Training
27. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Coax
Wiretapping
Multipartite
Salami Slicing
28. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
l0pht
Data Mart
Salami Slicing
Patent
29. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Joke
Fiber optic
SSO (Single sign-on)
Logic bomb
30. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Halon
Polymorphic
EF (Exposure Factor)
TACACS (Terminal access controller access control system)
31. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Wiretapping
Carnivore
Penetration testing
Username/password
32. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Dogs
Penetration testing
Script
Common criteria
33. A mechanism by which connections to TCP services on a system are allowed or disallowed
RADIUS (Remote authentication dial-in user service)
TCP Wrappers
Penetration testing
Session Hijacking
34. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Brute Force
Sniffing
Motion detector
Nonce
35. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
RAM (Random-access memory)
Change management
Noise & perturbation
Risk Analysis
36. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Multipartite
Trojan horses
IAB
CIRT
37. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Warm Site
Technical - Administrative - Physical
Polymorphic
DNS cache poisoning
38. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
SSH
TCB
Data Mart
OSI Model
39. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
Artificial Neural Networks (ANN)
VLANs
Software librarian
ARO (Annualized Rate of Occurrence)
40. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Dumpster diving
Keystroke logging
Technical - Administrative - Physical
Joke
41. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
BIA
Rijndael
MOM
Teardrop
42. Dynamic Host Configuration Protocol.
DHCP
Privacy Act of 1974
PKI
Mandatory vacation
43. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Script
Authorization
Technical - Administrative - Physical
Granularity
44. Data storage formats and equipment that allow the stored data to be accessed in any order
Biometric profile
CD-Rom
RAM (Random-access memory)
ISDN (Integrated Services Digital Network)
45. This is an open international standard for applications that use wireless communications.
DMZ
Polymorphism
SSL/TLS
WAP (Wireless Application Protocol)
46. To not be legal (as far as law is concerned) or ethical
Throughput of a Biometric System
Smart cards
Illegal/Unethical
WAP (Wireless Application Protocol)
47. Be at least 8 foot tall and have three strands of barbed wire.
Fences
Inference
Dictionary Attack
Biometric profile
48. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
Biometric profile
Digital signing
Checksum
CD-Rom
49. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Macro
Asymmetric
Enticement
Granularity
50. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Schema
Polymorphic
OEP
Two-Factor Authentication