SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The intercepting of conversations by unintended recipients
Worm
Eavesdropping
Hoax
Noise & perturbation
2. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
ARP (Address Resolution Protocol)
Patent
/etc/passwd
CHAP
3. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Fiber optic
Exit interview
Block cipher
Brewer-Nash model
4. A military standard defining controls for emanation protection
RADIUS (Remote authentication dial-in user service)
Authorization creep
Macro
TEMPEST
5. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Technical - Administrative - Physical
Well-known ports
Multithreading
Asymmetric
6. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Virtual machine
Hearsay Evidence
Authorization creep
Cold Site
7. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Motion detector
Qualitative
Wiretapping
Hardware
8. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
DCOM
Script
Hubs
Motion detector
9. Animals with teeth. Not as discriminate as guards
Firewall types
Dogs
Software
Sabotage
10. In the broadest sense - a fraud is a deception made for personal gain
Cyphertext only
Finger printing
ALE (Annualized Loss Expectancy)
Fraud
11. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Job rotation
Switches / Bridges
Routers
VLANs
12. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Carnivore
Security kernel
Data Mart
Security through obscurity
13. Also known as a tunnel)
Biometric profile
Worm
VPN (Virtual Private Network)
TCP Wrappers
14. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Service packs
Change management
PAP (Password Authentication Protocol)
CORBA
15. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Biometrics
RADIUS (Remote authentication dial-in user service)
SYN Flood
Diffie-Hellman
16. Method of authenticating to a system. Something that you supply and something you know.
Clipper Chip
Software development lifecycle
Repeaters
Username/password
17. Making individuals accountable for their actions on a system typically through the use of auditing
Accountability
MOM
VPN (Virtual Private Network)
Certification
18. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Echelon
Macro
Cyphertext only
RAM (Random-access memory)
19. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
/etc/passwd
CORBA
Format 7 times
Brute Force
20. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Packet Sniffing
Incentive programs
Open network
Key Escrow
21. Involving the measurement of quantity or amount.
Quantitative
Worm
Scanning
DMZ
22. Relating to quality or kind. This assigns a level of importance to something.
Change management
Qualitative
Nonce
Rolling hot sites
23. Common Object Request Broker Architecture.
Wiretapping
CORBA
Noise & perturbation
Virtual machine
24. Basic Input/Output System
BIOS
FAR/FRR/CER
Callback Security/Call Forwarding
Hackers
25. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Cryptanalysis
Multithreading
Risk Acceptance
SSO (Single sign-on)
26. Internet Relay Chat.
Authorization
IRC
Biometrics
DCOM
27. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Compiler
TCB
Trademark
SSH
28. Public Key Infrastructure
PKI
Nonce
Tort
Reciprocal agreement
29. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Tokens
Clipper Chip
Packet Sniffing
Rolling hot sites
30. 'If you cant see it - its secure'. Bad policy to live by.
Burden of Proof
Security through obscurity
Granularity
Change management
31. Entails planning and system actions to ensure that a project is following good quality management practices
Fire extinguisher
DNS cache poisoning
Quality Assurance
Well-known ports
32. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
DMZ
Raid 0 - 1 - 3 - 5
Caesar Cipher
Software development lifecycle
33. Random Number Base
Fiber optic
Callback Security/Call Forwarding
Brute Force
Nonce
34. The process of reducing your risks to an acceptable level based on your risk analysis
Detective - Preventive - Corrective
Trap Door
TCP Wrappers
Risk Mitigation
35. Network device that operates at layer 1. Concentrator.
Hubs
Brute force
Sabotage
Tort
36. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
SSO (Single sign-on)
OEP
Trojan horses
SESAME
37. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
FAR/FRR/CER
CHAP
PKI
Accountability
38. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Asymmetric
Raid 0 - 1 - 3 - 5
Honey pot
NAT
39. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Digital signing
Base-64
Skipjack
Service packs
40. Jumping into dumpsters to retrieve information about someone/something/a company
Stream cipher
Authentication
OSI Model
Dumpster diving
41. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Fiber optic
Rijndael
Quantitative
Debug
42. Good for distance - longer than 100M
OEP
Entrapment
RADIUS (Remote authentication dial-in user service)
Coax
43. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Data Mart
Script
DMZ
Acceptable use
44. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Closed network
Toneloc
Call tree
Digital certificates
45. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
VLANs
DCOM
SLE (Single Loss Expectancy or Exposure)
Encryption
46. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Fire extinguisher
Degausser
Software development lifecycle
Hearsay Evidence
47. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
ActiveX Object Linking and Embedding
Well-known ports
Object Oriented Programming
Nonce
48. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Session Hijacking
Script kiddies
Data remanence
Back door/ trap door/maintenance hook
49. Software designed to infiltrate or damage a computer system - without the owner's consent.
Motion detector
Classes of IP networks
Embezzlement
Malware
50. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Skipjack
Biometrics
TCB
Mandatory vacation