Home > CompTIA Security+ Certification > Quizzes > CompTIA Security+ SY0-601 Certification Exam Terms To Know
CompTIA Security+ SY0-601 Certification Exam Terms To Know
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 100% Most missed: “a situation that seems like it could be legitimate but often results from people…”
The CompTIA Security+ (SY0-601) Exam covers these skills: Compare Security Roles and Security Controls Explain Threat Actors and Threat Intelligence Perform Security Assessments Identify Social Engineering and Malware Summarize Basic Cryptographic Concepts Implement Public Key Infrastructure Implement Authentication Controls Implement Identity and Account Management Controls Implement Secure Network Designs Implement Network Security Appliances Implement Secure Network Protocols Implement Host Security Solutions Implement Secure Mobile Solutions Summarize Secure Application... Show more
CompTIA Security+ SY0-601 Certification Exam Terms To Know
Time left 00:00
25 Questions

1. A protocol based on the Advanced Encryption Standard (AES) encryption cipher.

2. A picture that preserves the entire state and data of a virtual machine at the time it is taken.

3. A mechanism to prevent the compromise of a private key used to create session keys from compromising past session keys.

4. A type of contract that establishes the responsibilities of each partner.

5. Attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack.

6. A malware analysis tool that provides results of what a file does when executed in an isolated environment.

7. A command-line shell and scripting interface for Microsoft Windows environments.

8. unsolicited email

9. A network scanning tool used for locating network hosts, detecting operating systems, and identifying services.

10. A strategy that involves moving risk to hosted providers who assume the responsibility for recovery and restoration or acquiring insurance to cover the costs of equipment theft or data exposure.

11. A command-line packet analysis tool that captures packets sent and received on an interface.

12. An access control method in which access rights are configured at the discretion of accounts with authority over each resource, including the capability to extend administrative rights through the same mechanism.

13. Broadly, any data that can be used to identify an individual.

14. A physical site that is immediately available for continuing computer operations if an emergency arises. It typically has all the necessary hardware and software loaded and configured, and it it available continuously. Compare this with warm and cold sites.

15. A security method that combines MAC and DAC. RBAC uses profiles, which are defined for specific roles within a company, and then users are assigned to such roles. This facilitates administration in a large group of users because when you modify a role and assign it new permissions, those settings are automatically conveyed to all users assigned to that role.

16. An algorithm that transforms a message from plaintext (unencrypted form) to ciphertext (encrypted form), one piece at a time. The block size represents a standard chunk of data that is transformed in a single operation.

17. A binding, collaborative agreement entered into by two or more parties.

18. continuity of operations planning (COOP) An initiative issued to ensure that government departments and agencies are able to continue operation in case of natural, human-caused, or technological threats and national security emergencies.

19. A list generated by a CA that enumerates digital certificates that are no longer valid and the reasons they are no longer valid.

20. Address Resolution Protocol - A protocol that resolves a device's assigned IP address to its MAC hardware address.

21. A testing method that combines white box and black box techniques. It can be thought of as being translucent as the tester has some understanding of or limited knowledge of the inner workings of the system being tested.

22. An alternative control that is intended to reduce the risk of an existing or potential control weakness.

23. The process of creating and managing cryptographic keys and digital certificates.

24. An exploitation technique that enables the tester to gain additional compromising information.

25. An assessment needed for any organization that collects, uses, stores, or processes personal information such as PII or PHI.