SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
Comptia Security +: Vocab
Start Test
Study First
Subjects
:
certifications
,
comptia-security-+
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
VLANs
Toneloc
DNS cache poisoning
Certification
2. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
WTLS (Wireless Transport Layer Security)
Biometrics
PAP (Password Authentication Protocol)
Common criteria
3. Internet Architecture Board. This board is responsible for protecting the Internet.
IAB
Kerberos
Echelon
Privacy Act of 1974
4. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
PKI
Switches / Bridges
SQL (Structured Query Language)
Twisted pair
5. A network that uses standard protocols (TCP/IP)
Open network
CIO
Diffie-Hellman
Risk Management
6. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Digital certificates
Multiprocessing
Key Escrow
Copyright
7. Defines the objects and their attributes that exist in a database.
Clipping levels
Call tree
Schema
Symmetric
8. The art of breaking code. Testing the strength of an algorithm.
Closed network
Cryptanalysis
Virtual machine
Salami Slicing
9. A network entity that provides a single entrance / exit point to the Internet.
Cryptanalysis
Job rotation
Sniffing
Bastion hosts
10. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
DDOS
Clipper Chip
Software development lifecycle
Active attacks
11. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Open network
FAR/FRR/CER
Motion detector
Passive attacks
12. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
TACACS (Terminal access controller access control system)
Bastion hosts
Salami Slicing
Incentive programs
13. Encompasses Risk Analysis and Risk Mitigation
TCSEC
Fraud
Patriot Act
Risk Management
14. Method of authenticating to a system. Something that you supply and something you know.
NAT
WTLS (Wireless Transport Layer Security)
Username/password
Format 7 times
15. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Multiprocessing
Detective - Preventive - Corrective
Teardrop
Virtual Memory/Pagefile.sys
16. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
FAR/FRR/CER
Reciprocal agreement
Script kiddies
l0pht
17. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Raid 0 - 1 - 3 - 5
Cyphertext only
War dialing
Encryption
18. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Trojan horses
Certification
TCSEC
OLE
19. The process of reducing your risks to an acceptable level based on your risk analysis
Risk Mitigation
Multitasking
Risk Management
Man trap
20. Distributed Component Object Model. Microsoft's implementation of CORBA.
Smurf
Expert systems
DCOM
FAR/FRR/CER
21. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
ISDN (Integrated Services Digital Network)
Malware
Burden of Proof
Clipping levels
22. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Trojan horses
Risk Acceptance
SLE (Single Loss Expectancy or Exposure)
SSH
23. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Risk Management
Hash
Accreditation
Dictionary Attack
24. The intercepting of conversations by unintended recipients
WTLS (Wireless Transport Layer Security)
CIO
Eavesdropping
Mandatory vacation
25. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Common criteria
Change management
Centralized
Burden of Proof
26. Random Number Base
Patriot Act
Normalization
Nonce
Clipping levels
27. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Bugtraq
Digest
OLE
Keystroke logging
28. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Crosstalk
Trade Secret
Due Diligence
Classes of IP networks
29. Same as a block cipher except that it is applied to a data stream one bit at a time
IAB
Stream cipher
Brute Force
Custodian
30. In the broadest sense - a fraud is a deception made for personal gain
Granularity
Change management
Fraud
DAD
31. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
ISDN (Integrated Services Digital Network)
Mandatory vacation
DDOS
32. Network device that operates at layer 1. Concentrator.
Hubs
OSI Model
Warm Site
DNS cache poisoning
33. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Authorization creep
Data remanence
Technical - Administrative - Physical
Common criteria
34. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
ALE (Annualized Loss Expectancy)
Cookies
TCP Wrappers
War driving
35. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Sniffing
Trap Door
Reciprocal agreement
Brewer-Nash model
36. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Fire extinguisher
Trap Door
Brewer-Nash model
Boot-sector Virus
37. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
OSI Model
Authorization creep
Brute Force
Senior Management
38. The real cost of acquiring/maintaining/developing a system
IAB
WTLS (Wireless Transport Layer Security)
Asset Value
Detective - Preventive - Corrective
39. Relating to quality or kind. This assigns a level of importance to something.
Trademark
Qualitative
Senior Management
Software librarian
40. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Call tree
Honey pot
Exit interview
Coax
41. White hat l0pht
Bugtraq
EF (Exposure Factor)
Trap Door
Hacker
42. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Firmware
CRC (Cyclic Redundancy Check)
TCP Wrappers
Firewall types
43. Accepting all packets
SSO (Single sign-on)
Promiscuous mode
Qualitative
Tort
44. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Packet Sniffing
DCOM
Asset Value
Back door/ trap door/maintenance hook
45. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
l0pht
Hackers
Format 7 times
Caesar Cipher
46. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
IRC
Quality Assurance
Carnivore
Smurf
47. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Base-64
RADIUS (Remote authentication dial-in user service)
Quality Assurance
TCSEC
48. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
War dialing
Risk Analysis
Authorization creep
49. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
TCP Wrappers
Rolling hot sites
Tort
Polymorphism
50. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Twisted pair
ROT-13
Brute Force
VPN (Virtual Private Network)