SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Signal degradation as it moves farther from its source
Attenuation
CD-Rom
CRC (Cyclic Redundancy Check)
Multithreading
2. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
COM
Well-known ports
Macro
Kerberos
3. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
Authorization creep
Smart cards
ARO (Annualized Rate of Occurrence)
4. Common Object Request Broker Architecture.
SLE (Single Loss Expectancy or Exposure)
Vulnerability analysis tools
CORBA
Virtual machine
5. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic bomb
Reciprocal agreement
IAB
Active attacks
6. Basic Input/Output System
BIOS
Multipartite
Patriot Act
PAP (Password Authentication Protocol)
7. To not be legal (as far as law is concerned) or ethical
ARO (Annualized Rate of Occurrence)
Multitasking
Hackers
Illegal/Unethical
8. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Script
Compiler
RAM (Random-access memory)
Carnivore
9. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Security kernel
Key Escrow
Software development lifecycle
Joke
10. Also civil law
Accreditation
Coax
Embezzlement
Tort
11. Setting up the user to access the honeypot for reasons other than the intent to harm.
Salami Slicing
Entrapment
Cold Site
Motion detector
12. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Senior Management
COOP
SLE (Single Loss Expectancy or Exposure)
Granularity
13. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Audit Trail
Authorization creep
/etc/passwd
Rijndael
14. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Cookies
Cold Site
Polymorphism
Birthday attack
15. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Degausser
OSI Model
Polymorphic
OEP
16. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Transposition
Clipping levels
Clipper Chip
Asymmetric
17. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Multiprocessing
Telnet
Fraud
Tokens
18. The act of identifying yourself. Providing your identity to a system
Digital signing
Script
TCSEC
Identification
19. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Expert systems
Security kernel
CCTV
Attenuation
20. Access control method for database based on the content of the database to provide granular access
Attenuation
EF (Exposure Factor)
Content dependant
Inference
21. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Cyphertext only
TCB
OLE
Risk Analysis
22. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
CIRT
Fire extinguisher
ARO (Annualized Rate of Occurrence)
Hackers
23. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Risk Management
Clipper Chip
Hackers
Trojan horses
24. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Twisted pair
FAR/FRR/CER
Object Oriented Programming
Due Care
25. Encompasses Risk Analysis and Risk Mitigation
Brewer-Nash model
Termination procedures
Biometric profile
Risk Management
26. Network device that operates at layer 1. Concentrator.
Authorization
Hubs
Termination procedures
Back door/ trap door/maintenance hook
27. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Software development lifecycle
Smurf
EF (Exposure Factor)
Enticement
28. Software designed to infiltrate or damage a computer system - without the owner's consent.
Multiprocessing
Malware
Hearsay Evidence
Session Hijacking
29. Occupant Emergency Plan - Employees are the most important!
Twisted pair
Polymorphic
OEP
CORBA
30. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Brewer-Nash model
Data remanence
Asset Value
Hearsay Evidence
31. Scanning the airwaves for radio transmissions
Digital certificates
Scanning
Compiler
Normalization
32. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Risk Mitigation
Fire extinguisher
Spoofing
Keystroke logging
33. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Replay
Birthday attack
IAB
Open network
34. Enticing people to hit your honeypot to see how they try to access your system.
ALE (Annualized Loss Expectancy)
Enticement
Due Diligence
Halon
35. Using ICMP to diagram a network
Probing
Kerberos
Noise & perturbation
SYN Flood
36. A RFC standard. A mechanism for performing commands on a remote system
SSH
Hardware
Mandatory vacation
Telnet
37. Good for distance - longer than 100M
Coax
Bugtraq
SYN Flood
WAP (Wireless Application Protocol)
38. Same as a block cipher except that it is applied to a data stream one bit at a time
Dumpster diving
WAP (Wireless Application Protocol)
Stream cipher
Finger printing
39. A site that is ready physically but has no hardware in place - all it has is HVAC
Out of band
Entrapment
Cold Site
Change management
40. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Tokens
Rijndael
Owner
Switches / Bridges
41. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Compiler
Trojan horses
Biometric profile
Software
42. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
WTLS (Wireless Transport Layer Security)
Username/password
Man trap
Inference
43. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Back door/ trap door/maintenance hook
VLANs
Hearsay Evidence
DDOS
44. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Macro
Identification
CEO
Content dependant
45. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Brute Force
Rijndael
Raid 0 - 1 - 3 - 5
Burden of Proof
46. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Routers
Fiber optic
Brewer-Nash model
ALE (Annualized Loss Expectancy)
47. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Out of band
DCOM
Sabotage
Boot-sector Virus
48. Someone whose hacking is primarily targeted at the phone systems
Aggregation
Granularity
Phreaker
Halon
49. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Firewall types
SQL (Structured Query Language)
Key Escrow
Penetration testing
50. When two or more processes are linked and execute multiple programs simultaneously
Masquerade
Brewer-Nash model
Risk Management
Multiprocessing
