SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Object Oriented Programming
Technical - Administrative - Physical
Non-repudiation
Quality Assurance
2. The person that determines the permissions to files. The data owner.
Owner
CIRT
Code of ethics
Carnivore
3. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
TACACS (Terminal access controller access control system)
DCOM
Dogs
Fences
4. Once authenticated - the level of access you have to a system
Carnivore
VLANs
Polymorphic
Authorization
5. Using ICMP to diagram a network
Mandatory vacation
Probing
Burden of Proof
Out of band
6. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
Script kiddies
Job rotation
VLANs
Change management
7. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
SQL (Structured Query Language)
Joke
Due Diligence
Username/password
8. In the broadest sense - a fraud is a deception made for personal gain
ActiveX Object Linking and Embedding
Fraud
Hacker
Biometric profile
9. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
ActiveX Object Linking and Embedding
Script
CRC (Cyclic Redundancy Check)
Classes of IP networks
10. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Throughput of a Biometric System
Caesar Cipher
CIRT
Polymorphism
11. Network Address Translation
NAT
Private Addressing
DHCP
Change management
12. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Covert channels
Vulnerability analysis tools
Due Diligence
Digital certificates
13. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
PKI
ActiveX Object Linking and Embedding
Exit interview
Routers
14. These can be used to verify that public keys belong to certain individuals.
Digital certificates
Sabotage
Hardware
Skipjack
15. Closed Circuit Television
MitM
IAB
Toneloc
CCTV
16. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
UUEncode
Packet Sniffing
TEMPEST
Service packs
17. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Due Care
Closed network
Privacy Act of 1974
PKI
18. More discriminate than dogs
Patriot Act
Privacy Act of 1974
Brewer-Nash model
Guards
19. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
l0pht
Virtual machine
TCB
Embezzlement
20. Motivational tools for employee awareness to get them to report security flaws in an organization
FAR/FRR/CER
Social engineering
Incentive programs
User
21. The person that controls access to the data
Trap Door
CRC (Cyclic Redundancy Check)
Cyphertext only
Custodian
22. Transferring your risk to someone else - typically an insurance company
Bugtraq
Risk Transferring
Incentive programs
Logic bomb
23. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
/etc/passwd
Hardware
Clipping levels
SQL (Structured Query Language)
24. Be at least 8 foot tall and have three strands of barbed wire.
Fences
Data Mart
DNS cache poisoning
Java
25. Relating to quality or kind. This assigns a level of importance to something.
Hacker
Qualitative
War dialing
Crosstalk
26. Network devices that operate at layer 3. This device separates broadcast domains.
War dialing
TACACS (Terminal access controller access control system)
Routers
Hoax
27. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Risk Analysis
Callback Security/Call Forwarding
Fraggle
IAB
28. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
SLE (Single Loss Expectancy or Exposure)
Brute force
Checksum
Entrapment
29. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Risk Mitigation
Throughput of a Biometric System
Block cipher
Encryption
30. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Security Perimeter
Symmetric
Hearsay Evidence
Senior Management
31. These viruses usually infect both boot records and files.
ISDN (Integrated Services Digital Network)
Multipartite
Private Addressing
CHAP
32. A system designed to stop piggybacking.
Trojan horses
Man trap
Trap Door
Promiscuous mode
33. A network entity that provides a single entrance / exit point to the Internet.
Cookies
Bastion hosts
Dogs
Entrapment
34. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Carnivore
Certification
Phreaker
Well-known ports
35. A RFC standard. A mechanism for performing commands on a remote system
Object Oriented Programming
Halon
l0pht
Telnet
36. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Audit Trail
Content dependant
Hearsay Evidence
Patent
37. Random Number Base
Technical - Administrative - Physical
Hacker
Nonce
DCOM
38. Internet Architecture Board. This board is responsible for protecting the Internet.
Spoofing
IRC
TCB
IAB
39. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Authorization creep
Two-Factor Authentication
Substitution
Degausser
40. Encompasses Risk Analysis and Risk Mitigation
Worm
Skipjack
Brute force
Risk Management
41. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Vulnerability analysis tools
Out of band
Trojan horses
Switches / Bridges
42. The art of breaking code. Testing the strength of an algorithm.
Cryptanalysis
DHCP
Accountability
Multithreading
43. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Custodian
Compiler
Artificial Neural Networks (ANN)
VLANs
44. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Software development lifecycle
Fire extinguisher
COOP
Due Care
45. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Dictionary Attack
Hackers
Boot-sector Virus
Privacy Act of 1974
46. A site that has some equipment in place - and can be up within days
Multipartite
Warm Site
Transposition
Routers
47. 'If you cant see it - its secure'. Bad policy to live by.
Schema
Security through obscurity
Buffer overflow
ROT-13
48. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
RAM (Random-access memory)
Patriot Act
BIA
PAP (Password Authentication Protocol)
49. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
UUEncode
CIA
Fire extinguisher
Senior Management
50. White hat l0pht
Software
Kerberos
Bugtraq
Hearsay Evidence