SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The user
User
Teardrop
Closed network
Fire extinguisher
2. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
Key Escrow
DCOM
WTLS (Wireless Transport Layer Security)
ARP (Address Resolution Protocol)
3. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
ROM (Read-only memory)
Tort
CHAP
Decentralized
4. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Separation of duties
Hacker
Twisted pair
Illegal/Unethical
5. Basic Input/Output System
Risk Mitigation
Multithreading
Motion detector
BIOS
6. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Diffie-Hellman
Digest
Termination procedures
Technical - Administrative - Physical
7. Encompasses Risk Analysis and Risk Mitigation
Risk Management
Fraggle
Asset Value
Macro
8. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Digital signing
Finger scanning
ALE (Annualized Loss Expectancy)
Data Mart
9. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Keystroke logging
OLE
Content dependant
Security through obscurity
10. Involving the measurement of quantity or amount.
War driving
CCTV
l0pht
Quantitative
11. The person that controls access to the data
Symmetric
Packet Sniffing
Teardrop
Custodian
12. Ethernet - Cat5 - Twisted to allow for longer runs.
Software development lifecycle
Twisted pair
Polymorphic
PAP (Password Authentication Protocol)
13. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Hot Site
Crosstalk
TEMPEST
CRC (Cyclic Redundancy Check)
14. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Throughput of a Biometric System
ARP (Address Resolution Protocol)
IAB
Security Awareness Training
15. An instance of a scripting language
Penetration testing
Checksum
Script
Tokens
16. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Risk Analysis
Hearsay Evidence
Common criteria
Two-Factor Authentication
17. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
EF (Exposure Factor)
Nonce
War driving
Symmetric
18. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Boot-sector Virus
RAM (Random-access memory)
Brewer-Nash model
Dogs
19. Same as a block cipher except that it is applied to a data stream one bit at a time
Polymorphism
Common criteria
Halon
Stream cipher
20. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Decentralized
Script kiddies
RAM (Random-access memory)
Hot Site
21. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Debug
Hot Site
IRC
Termination procedures
22. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
Digital signing
ROT-13
CD-Rom
Security Awareness Training
23. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Fraggle
Digital signing
Accreditation
TACACS (Terminal access controller access control system)
24. Data storage formats and equipment that allow the stored data to be accessed in any order
IAB
Guards
Digital certificates
RAM (Random-access memory)
25. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Out of band
DDOS
Sniffing
Macro
26. The frequency with which a threat is expected to occur.
Well-known ports
ARO (Annualized Rate of Occurrence)
Social engineering
Active attacks
27. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Job rotation
Fences
Change management
Trojan horses
28. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Open network
Encryption
OLE
Due Care
29. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Degausser
SYN Flood
Firewall types
Salami Slicing
30. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Brewer-Nash model
Tailgating / Piggybacking
Worm
Finger printing
31. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
TEMPEST
Expert systems
Embezzlement
Salami Slicing
32. Jumping into dumpsters to retrieve information about someone/something/a company
Stream cipher
Dumpster diving
Reciprocal agreement
Data Mart
33. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Motion detector
SSL/TLS
Brute force
Digital certificates
34. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic bomb
Closed network
Symmetric
TACACS (Terminal access controller access control system)
35. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Cyphertext only
SSO (Single sign-on)
Raid 0 - 1 - 3 - 5
Mandatory vacation
36. The practice of obtaining confidential information by manipulation of legitimate users.
Social engineering
EF (Exposure Factor)
Security Perimeter
Caesar Cipher
37. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Authorization creep
Content dependant
Caesar Cipher
Clipper Chip
38. Network device that operates at layer 1. Concentrator.
Noise & perturbation
CRC (Cyclic Redundancy Check)
Boot-sector Virus
Hubs
39. Reasonable doubt
Burden of Proof
Scanning
AES (Advanced Encryption Standard)
Fences
40. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Joke
Fire extinguisher
Coax
Masquerade
41. White hat l0pht
Reciprocal agreement
Bugtraq
Authorization
FAR/FRR/CER
42. Disclosure - Alteration - Destruction. These things break the CIA triad
BIOS
Data Mart
Fraggle
DAD
43. Internet Relay Chat.
CIO
/etc/passwd
Job rotation
IRC
44. When security is managed at a central point in an organization
CCTV
Risk Acceptance
Centralized
Cyphertext only
45. The art of breaking code. Testing the strength of an algorithm.
Promiscuous mode
Senior Management
Cryptanalysis
DCOM
46. Using ICMP to diagram a network
WAP (Wireless Application Protocol)
Probing
Debug
Finger scanning
47. Accepting all packets
Phreaker
Separation of duties
Cyphertext only
Promiscuous mode
48. This is an open international standard for applications that use wireless communications.
WAP (Wireless Application Protocol)
OLE
Audit Trail
Security kernel
49. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Audit Trail
Twisted pair
Polymorphic
Normalization
50. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
CEO
Separation of duties
Cold Site
SESAME
