SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Substitution
Carnivore
TCSEC
Fraggle
2. CISSPs subscribe to a code of ethics for building up the security profession
Hoax
Biometrics
Code of ethics
Eavesdropping
3. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Format 7 times
AES (Advanced Encryption Standard)
Expert systems
Back door/ trap door/maintenance hook
4. Also civil law
Raid 0 - 1 - 3 - 5
Tort
Authorization
Finger printing
5. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Checksum
OSI Model
Embezzlement
PKI
6. A gas used in fire suppression. Not human safe. Chemical reaction.
OLE
Authentication
Halon
Expert System
7. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
SQL (Structured Query Language)
l0pht
Teardrop
Due Care
8. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Cookies
Carnivore
Clipping levels
Cyphertext only
9. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Worm
Hash
Attenuation
Due Diligence
10. Data storage formats and equipment that allow the stored data to be accessed in any order
Open network
Hot Site
RAM (Random-access memory)
Coax
11. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
SLE (Single Loss Expectancy or Exposure)
Fiber optic
Passive attacks
Fraud
12. An attempt to trick the system into believing that something false is real
Service packs
Brewer-Nash model
Hoax
VLANs
13. This is an open international standard for applications that use wireless communications.
ROT-13
WAP (Wireless Application Protocol)
Raid 0 - 1 - 3 - 5
Data Mart
14. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Clipper Chip
Joke
Scanning
Mandatory vacation
15. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
CHAP
Software development lifecycle
Centralized
Debug
16. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Spoofing
Teardrop
MitM
Covert channels
17. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
TACACS (Terminal access controller access control system)
Fences
Multithreading
VLANs
18. Network devices that operate at layer 3. This device separates broadcast domains.
Expert System
Routers
Accountability
Worm
19. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
Echelon
Virtual machine
Termination procedures
20. Transferring your risk to someone else - typically an insurance company
Routers
Replay
Risk Transferring
Virtual machine
21. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Privacy Act of 1974
Key Escrow
OSI Model
Scanning
22. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Probing
Java
Echelon
Motion detector
23. Providing verification to a system
Covert channels
Multitasking
Authentication
Illegal/Unethical
24. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Java
Virtual Memory/Pagefile.sys
Acceptable use
Halon
25. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Brute force
War driving
Patriot Act
Object Oriented Programming
26. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Birthday attack
Dumpster diving
Out of band
Custodian
27. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
MOM
Symmetric
Script kiddies
UUEncode
28. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Multitasking
Inference
Debug
SYN Flood
29. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Mandatory vacation
Hubs
Cryptanalysis
Block cipher
30. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Security Perimeter
Embezzlement
/etc/passwd
Risk Acceptance
31. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Smart cards
Degausser
Enticement
Buffer overflow
32. The real cost of acquiring/maintaining/developing a system
Code of ethics
Virtual machine
Asset Value
Owner
33. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
NAT
Motion detector
Call tree
IAB
34. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
RAM (Random-access memory)
Reciprocal agreement
Call tree
SYN Flood
35. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
OLE
Senior Management
ARP (Address Resolution Protocol)
Back door/ trap door/maintenance hook
36. Personal - Network - and Application
CD-Rom
Burden of Proof
Firewall types
War driving
37. Software designed to infiltrate or damage a computer system - without the owner's consent.
Packet Sniffing
Masquerade
Malware
Crosstalk
38. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Digest
Teardrop
TCB
Risk Analysis
39. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Clipper Chip
Active attacks
Carnivore
Illegal/Unethical
40. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Compiler
Risk Acceptance
Coax
Telnet
41. A network that uses proprietary protocols
Smurf
Closed network
ROM (Read-only memory)
DOS
42. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Authentication
Vulnerability analysis tools
Cyphertext only
Diffie-Hellman
43. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Replay
Echelon
Custodian
Acceptable use
44. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
SSH
SYN Flood
Audit Trail
Accreditation
45. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Phreaker
Fiber optic
Noise & perturbation
Object Oriented Programming
46. Basic Input/Output System
Risk Acceptance
BIOS
OEP
VPN (Virtual Private Network)
47. Ethernet - Cat5 - Twisted to allow for longer runs.
Entrapment
Expert systems
CRC (Cyclic Redundancy Check)
Twisted pair
48. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Honey pot
TCB
Dictionary Attack
Fire extinguisher
49. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
CCTV
Data remanence
CGI (The Common Gateway Interface)
CRC (Cyclic Redundancy Check)
50. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
ISDN (Integrated Services Digital Network)
Brewer-Nash model
Joke