SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Motion detector
Script kiddies
Finger printing
Halon
2. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Identification
Logic bomb
Keystroke logging
TACACS (Terminal access controller access control system)
3. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Dumpster diving
Probing
DDOS
Salami Slicing
4. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
OEP
Polymorphic
Honey pot
Accreditation
5. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Risk Transferring
Software librarian
PAP (Password Authentication Protocol)
Call tree
6. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Classes of IP networks
Back door/ trap door/maintenance hook
SYN Flood
Fire extinguisher
7. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Expert System
Switches / Bridges
Buffer overflow
Block cipher
8. When two or more processes are linked and execute multiple programs simultaneously
Multiprocessing
Smurf
Joke
Penetration testing
9. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Vulnerability analysis tools
RADIUS (Remote authentication dial-in user service)
Inference
Salami Slicing
10. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Block cipher
Private Addressing
Patriot Act
Hoax
11. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Format 7 times
Security Perimeter
Termination procedures
Wiretapping
12. The frequency with which a threat is expected to occur.
Owner
Base-64
ARO (Annualized Rate of Occurrence)
SESAME
13. Basic Input/Output System
Virtual machine
Echelon
Phreaker
BIOS
14. A technique to eliminate data redundancy.
OSI Model
DMZ
Transposition
Normalization
15. Network device that operates at layer 1. Concentrator.
Hubs
Crosstalk
Promiscuous mode
Honey pot
16. The intercepting of conversations by unintended recipients
Custodian
Eavesdropping
DAD
Object Oriented Programming
17. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Audit Trail
UUEncode
Software librarian
Format 7 times
18. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Nonce
Script kiddies
Telnet
TCSEC
19. Once authenticated - the level of access you have to a system
Authorization
Sniffing
SQL (Structured Query Language)
Due Diligence
20. 'If you cant see it - its secure'. Bad policy to live by.
Teardrop
Buffer overflow
Risk Management
Security through obscurity
21. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
IAB
Boot-sector Virus
MitM
DAD
22. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Polymorphism
Patriot Act
Granularity
Buffer overflow
23. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Fraggle
Change management
Vulnerability analysis tools
Entrapment
24. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Expert System
DCOM
Polymorphism
Risk Analysis
25. The person that controls access to the data
Custodian
Man trap
Keystroke logging
CHAP
26. The process of reducing your risks to an acceptable level based on your risk analysis
Smart cards
Risk Mitigation
Phreaker
TCSEC
27. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Buffer overflow
Smart cards
SQL (Structured Query Language)
ALE (Annualized Loss Expectancy)
28. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Mandatory vacation
Java
Out of band
Granularity
29. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Symmetric
Covert channels
Checksum
MOM
30. Defines the objects and their attributes that exist in a database.
Man trap
Schema
Virtual Memory/Pagefile.sys
Symmetric
31. An attempt to trick the system into believing that something false is real
Hoax
TACACS (Terminal access controller access control system)
SSO (Single sign-on)
Spoofing
32. CISSPs subscribe to a code of ethics for building up the security profession
Code of ethics
Senior Management
Exit interview
Privacy Act of 1974
33. The art of breaking code. Testing the strength of an algorithm.
Malware
Cryptanalysis
Entrapment
SSO (Single sign-on)
34. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
CHAP
Trojan horses
Reciprocal agreement
Embezzlement
35. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Hearsay Evidence
Multithreading
Separation of duties
Reciprocal agreement
36. To not be legal (as far as law is concerned) or ethical
Dogs
Coax
Illegal/Unethical
CCTV
37. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Digest
Format 7 times
Crosstalk
Halon
38. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Data Mart
Polymorphism
Code of ethics
Throughput of a Biometric System
39. Method of authenticating to a system. Something that you supply and something you know.
Echelon
Call tree
NAT
Username/password
40. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Identification
Debug
Due Care
Granularity
41. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Phreaker
Key Escrow
Wiretapping
CIO
42. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
CRC (Cyclic Redundancy Check)
Throughput of a Biometric System
Digital signing
Back door/ trap door/maintenance hook
43. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Hot Site
CIO
Accountability
Encryption
44. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Nonce
Reciprocal agreement
Custodian
Security Perimeter
45. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Guards
Acceptable use
RAM (Random-access memory)
Brewer-Nash model
46. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Illegal/Unethical
CHAP
Checksum
Security Perimeter
47. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Illegal/Unethical
Senior Management
Exit interview
Honey pot
48. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Fences
Masquerade
Data Mart
Brute force
49. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Birthday attack
Normalization
DMZ
BIOS
50. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Warm Site
FAR/FRR/CER
ALE (Annualized Loss Expectancy)
Dictionary Attack