Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
IAB
Sniffing
Senior Management
Biometrics

2. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
ActiveX Object Linking and Embedding
Authorization
Multitasking
Phreaker

3. Method of authenticating to a system. Something that you supply and something you know.
War dialing
Halon
Routers
Username/password

4. Motivational tools for employee awareness to get them to report security flaws in an organization
Teardrop
Incentive programs
Firewall types
Expert System

5. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Due Diligence
Malware
CIA
Tailgating / Piggybacking

6. Once authenticated - the level of access you have to a system
Finger printing
Motion detector
Authorization
ROM (Read-only memory)

7. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Hash
OSI Model
Identification
Software librarian

8. White hat l0pht
Checksum
DCOM
Bugtraq
ISDN (Integrated Services Digital Network)

9. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Well-known ports
Incentive programs
SQL (Structured Query Language)
Certification

10. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
DAD
Biometrics
Illegal/Unethical
Caesar Cipher

11. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Exit interview
Acceptable use
Risk Analysis
Closed network

12. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Common criteria
VPN (Virtual Private Network)
ROM (Read-only memory)
Clipper Chip

13. Chief Executive Officer
Malware
CEO
Digest
TCSEC

14. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Owner
Expert System
CRC (Cyclic Redundancy Check)
Covert channels

15. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Cryptanalysis
CHAP
Owner
Separation of duties

16. Transferring your risk to someone else - typically an insurance company
Schema
Risk Mitigation
Fraggle
Risk Transferring

17. Internet Relay Chat.
CCTV
Raid 0 - 1 - 3 - 5
IRC
Hash

18. The person that controls access to the data
Custodian
CIRT
Multitasking
VPN (Virtual Private Network)

19. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Hardware
Teardrop
Key Escrow
DDOS

20. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Guards
PAP (Password Authentication Protocol)
Crosstalk
Security Perimeter

21. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Identification
Passive attacks
Clipper Chip
Trade Secret

22. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
IRC
Substitution
Wiretapping
Multiprocessing

23. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Data Mart
Embezzlement
COOP
Hardware

24. A gas used in fire suppression. Not human safe. Chemical reaction.
IAB
Halon
Finger scanning
Diffie-Hellman

25. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Rolling hot sites
Scanning
Joke
Keystroke logging

26. Involving the measurement of quantity or amount.
Software development lifecycle
Twisted pair
Quantitative
DHCP

27. A site that has some equipment in place - and can be up within days
Warm Site
WAP (Wireless Application Protocol)
ActiveX Object Linking and Embedding
Quality Assurance

28. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
CCTV
Polymorphic
Closed network
Script kiddies

29. Personal - Network - and Application
Termination procedures
Firewall types
Two-Factor Authentication
Digest

30. Same as a block cipher except that it is applied to a data stream one bit at a time
Social engineering
Stream cipher
Hubs
Hash

31. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
SLE (Single Loss Expectancy or Exposure)
CIO
CD-Rom
DMZ

32. A system designed to stop piggybacking.
SLE (Single Loss Expectancy or Exposure)
Man trap
Authentication
CIRT

33. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Script
Logic bomb
Carnivore
Caesar Cipher

34. Providing verification to a system
Authentication
Virtual Memory/Pagefile.sys
TCP Wrappers
MitM

35. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Debug
Worm
Macro
Well-known ports

36. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
SSO (Single sign-on)
CORBA
TCB
Replay

37. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Owner
Format 7 times
Brute force
Data remanence

38. A mechanism by which connections to TCP services on a system are allowed or disallowed
Kerberos
TCP Wrappers
VLANs
Private Addressing

39. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Audit Trail
Trademark
Aggregation
Certification

40. A war dialing utility
Toneloc
Decentralized
Skipjack
Wiretapping

41. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Checksum
Common criteria
WAP (Wireless Application Protocol)
ARP (Address Resolution Protocol)

42. Motive - Opportunity - and Means. These deal with crime.
Malware
MOM
Script
Kerberos

43. Disclosure - Alteration - Destruction. These things break the CIA triad
Content dependant
Risk Management
DAD
Detective - Preventive - Corrective

44. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Session Hijacking
Fraggle
Normalization
l0pht

45. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Quantitative
Block cipher
Security Awareness Training
Certification

46. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Smart cards
CD-Rom
Substitution
Termination procedures

47. CISSPs subscribe to a code of ethics for building up the security profession
OLE
Code of ethics
Patent
Expert systems

48. A military standard defining controls for emanation protection
Trademark
TEMPEST
DHCP
Privacy Act of 1974

49. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
ALE (Annualized Loss Expectancy)
ROM (Read-only memory)
Fences
Salami Slicing

50. Good for distance - longer than 100M
Man trap
Acceptable use
Coax
Illegal/Unethical