SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Risk Analysis
Expert systems
TCB
Caesar Cipher
2. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Fraggle
Two-Factor Authentication
SSO (Single sign-on)
Hubs
3. Also civil law
Smart cards
Coax
Tort
SSH
4. Once authenticated - the level of access you have to a system
Guards
Hubs
Authorization
Classes of IP networks
5. The practice of obtaining confidential information by manipulation of legitimate users.
Teardrop
Social engineering
Virtual Memory/Pagefile.sys
Patriot Act
6. Scanning the airwaves for radio transmissions
Encryption
Fraud
Worm
Scanning
7. A site that is ready physically but has no hardware in place - all it has is HVAC
Halon
Cold Site
Firmware
Sabotage
8. Random Number Base
Nonce
Security through obscurity
Substitution
Termination procedures
9. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Rijndael
Firewall types
Tailgating / Piggybacking
Risk Management
10. Reasonable doubt
Burden of Proof
Guards
Packet Sniffing
Mandatory vacation
11. Transferring your risk to someone else - typically an insurance company
Security kernel
Owner
Risk Transferring
Toneloc
12. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Risk Management
Birthday attack
SYN Flood
CHAP
13. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Accountability
PKI
CD-Rom
FAR/FRR/CER
14. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Diffie-Hellman
Raid 0 - 1 - 3 - 5
SESAME
Finger scanning
15. Dynamic Host Configuration Protocol.
DHCP
Digest
Software librarian
Bastion hosts
16. These viruses usually infect both boot records and files.
Private Addressing
Risk Mitigation
Multipartite
Smart cards
17. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
COOP
WTLS (Wireless Transport Layer Security)
SSH
OLE
18. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Macro
Multithreading
Security Awareness Training
Back door/ trap door/maintenance hook
19. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Compiler
Brewer-Nash model
DOS
Biometrics
20. A sandbox. Emulates an operating environment.
Exit interview
Virtual machine
Classes of IP networks
Patriot Act
21. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Dictionary Attack
Cold Site
BIA
Repeaters
22. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
Private Addressing
Back door/ trap door/maintenance hook
Telnet
23. An instance of a scripting language
Trap Door
ARO (Annualized Rate of Occurrence)
Script
Digital certificates
24. Encompasses Risk Analysis and Risk Mitigation
Halon
Risk Management
Routers
Brute force
25. More discriminate than dogs
Custodian
Guards
Normalization
Format 7 times
26. Accepting all packets
NAT
Promiscuous mode
Classes of IP networks
Routers
27. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Call tree
Senior Management
Sniffing
Masquerade
28. The person that determines the permissions to files. The data owner.
Owner
Script
Embezzlement
Eavesdropping
29. Be at least 8 foot tall and have three strands of barbed wire.
CRC (Cyclic Redundancy Check)
Custodian
Switches / Bridges
Fences
30. Closed Circuit Television
Teardrop
CCTV
Expert System
WTLS (Wireless Transport Layer Security)
31. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Raid 0 - 1 - 3 - 5
Scanning
Accreditation
Fraud
32. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Block cipher
RADIUS (Remote authentication dial-in user service)
Debug
Compiler
33. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
Vulnerability analysis tools
Normalization
Logic bomb
34. The art of breaking code. Testing the strength of an algorithm.
SYN Flood
Cryptanalysis
DAD
Embezzlement
35. A hidden communications channel on a system that allows for the bypassing of the system security policy
Replay
Risk Transferring
Covert channels
Illegal/Unethical
36. Someone who hacks
Hacker
Attenuation
Bastion hosts
Hoax
37. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Penetration testing
DHCP
DAD
SQL (Structured Query Language)
38. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Cookies
TCSEC
Motion detector
COOP
39. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Trademark
Repeaters
DMZ
Granularity
40. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Compiler
Accreditation
Block cipher
41. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Qualitative
Owner
l0pht
Carnivore
42. When one key of a two-key pair has more encryption pattern than the other
Asymmetric
AES (Advanced Encryption Standard)
DMZ
Spoofing
43. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Risk Acceptance
Clipper Chip
Probing
CD-Rom
44. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
CIA
Clipper Chip
Macro
Due Diligence
45. Involving the measurement of quantity or amount.
Quantitative
CEO
TCB
Raid 0 - 1 - 3 - 5
46. The real cost of acquiring/maintaining/developing a system
SSO (Single sign-on)
Asset Value
Bugtraq
Throughput of a Biometric System
47. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
User
ALE (Annualized Loss Expectancy)
Birthday attack
Packet Sniffing
48. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Cyphertext only
Degausser
FAR/FRR/CER
Format 7 times
49. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Two-Factor Authentication
COOP
Reciprocal agreement
Back door/ trap door/maintenance hook
50. Public Key Infrastructure
Due Care
PKI
Key Escrow
Normalization
