SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Wiretapping
Fire extinguisher
Macro
Mandatory vacation
2. Assuming someone's session who is unaware of what you are doing
Classes of IP networks
DMZ
Caesar Cipher
Session Hijacking
3. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
Data Mart
Covert channels
EF (Exposure Factor)
Smurf
4. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
Cryptanalysis
Call tree
CCTV
5. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Switches / Bridges
FAR/FRR/CER
Trade Secret
Clipping levels
6. Transferring your risk to someone else - typically an insurance company
Risk Transferring
VPN (Virtual Private Network)
CHAP
Accountability
7. Something used to put out a fire. Can be in Classes A - B - C - D - or H
TEMPEST
UUEncode
Fire extinguisher
Well-known ports
8. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Security kernel
Centralized
Username/password
Script kiddies
9. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
Incentive programs
CD-Rom
Rolling hot sites
Aggregation
10. Scanning the airwaves for radio transmissions
Scanning
Biometrics
Multitasking
Security through obscurity
11. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Echelon
Packet Sniffing
Two-Factor Authentication
Teardrop
12. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Senior Management
UUEncode
Fraggle
Repeaters
13. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Routers
Due Care
Job rotation
ROT-13
14. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Dictionary Attack
Due Diligence
Skipjack
Brute Force
15. Network Address Translation
Accreditation
NAT
Packet Sniffing
DNS cache poisoning
16. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Key Escrow
Back door/ trap door/maintenance hook
Custodian
Degausser
17. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Out of band
Common criteria
Accreditation
Separation of duties
18. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Worm
Phreaker
Hackers
Fire extinguisher
19. To not be legal (as far as law is concerned) or ethical
Illegal/Unethical
Copyright
ROM (Read-only memory)
RAM (Random-access memory)
20. Defines the objects and their attributes that exist in a database.
Schema
Fire extinguisher
Risk Management
Normalization
21. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Hackers
Hash
Owner
Back door/ trap door/maintenance hook
22. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Clipper Chip
Object Oriented Programming
Passive attacks
CRC (Cyclic Redundancy Check)
23. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Patriot Act
Fiber optic
Expert System
MitM
24. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Honey pot
DMZ
BIA
Toneloc
25. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Multithreading
Hash
VLANs
Expert systems
26. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Active attacks
Granularity
Virtual Memory/Pagefile.sys
Job rotation
27. Closed Circuit Television
Transposition
Bastion hosts
CCTV
Social engineering
28. In the broadest sense - a fraud is a deception made for personal gain
Fraud
Accreditation
DMZ
WTLS (Wireless Transport Layer Security)
29. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
SYN Flood
Risk Transferring
Back door/ trap door/maintenance hook
SQL (Structured Query Language)
30. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Granularity
CRC (Cyclic Redundancy Check)
Separation of duties
Eavesdropping
31. A network that uses standard protocols (TCP/IP)
Polymorphism
Nonce
Open network
Repeaters
32. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Copyright
Script kiddies
DDOS
MitM
33. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Data remanence
Expert System
Quality Assurance
ROM (Read-only memory)
34. A network entity that provides a single entrance / exit point to the Internet.
DOS
Nonce
Authorization
Bastion hosts
35. Be at least 8 foot tall and have three strands of barbed wire.
Checksum
Fences
Fraud
Patent
36. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Multiprocessing
RAM (Random-access memory)
Penetration testing
Private Addressing
37. Emanations from one wire coupling with another wire
COM
TCSEC
Diffie-Hellman
Crosstalk
38. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Compiler
TCSEC
COOP
ISDN (Integrated Services Digital Network)
39. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Certification
TCSEC
TEMPEST
MOM
40. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Risk Analysis
Format 7 times
Clipping levels
Risk Transferring
41. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
CRC (Cyclic Redundancy Check)
Service packs
SSO (Single sign-on)
Quality Assurance
42. A network that uses proprietary protocols
Call tree
Spoofing
Closed network
Rolling hot sites
43. Involving the measurement of quantity or amount.
DDOS
Enticement
Quantitative
Virtual Memory/Pagefile.sys
44. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
War dialing
Copyright
Smurf
Patriot Act
45. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Warm Site
Salami Slicing
Username/password
Dumpster diving
46. Component Object Model.
CD-Rom
Transposition
Finger scanning
COM
47. A site that is ready physically but has no hardware in place - all it has is HVAC
Cold Site
Software
Encryption
Crosstalk
48. Network device that operates at layer 1. Concentrator.
Software development lifecycle
Honey pot
Hubs
Authentication
49. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
ROT-13
Cyphertext only
Nonce
User
50. Reasonable doubt
l0pht
Embezzlement
Biometrics
Burden of Proof