Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A sandbox. Emulates an operating environment.
Virtual machine
ARO (Annualized Rate of Occurrence)
/etc/passwd
Digital certificates

2. Ethernet - Cat5 - Twisted to allow for longer runs.
Service packs
EF (Exposure Factor)
Twisted pair
Clipper Chip

3. When two or more processes are linked and execute multiple programs simultaneously
Hoax
Multiprocessing
Private Addressing
Qualitative

4. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Hacker
Telnet
Wiretapping
Scanning

5. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Change management
Brute force
Termination procedures
Two-Factor Authentication

6. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
SQL (Structured Query Language)
Compiler
Raid 0 - 1 - 3 - 5
Masquerade

7. Relating to quality or kind. This assigns a level of importance to something.
Throughput of a Biometric System
Qualitative
Java
Exit interview

8. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
OLE
Hearsay Evidence
Out of band
Detective - Preventive - Corrective

9. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
RAM (Random-access memory)
War driving
Dogs
Noise & perturbation

10. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Hacker
ROT-13
ARO (Annualized Rate of Occurrence)
IAB

11. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Active attacks
DDOS
Kerberos
Skipjack

12. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Honey pot
Fiber optic
Smurf
IAB

13. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Artificial Neural Networks (ANN)
Biometrics
Replay
Common criteria

14. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Dumpster diving
COM
Diffie-Hellman
TCSEC

15. Setting up the user to access the honeypot for reasons other than the intent to harm.
Entrapment
Asset Value
Repeaters
NAT

16. The process of reducing your risks to an acceptable level based on your risk analysis
Passive attacks
Risk Mitigation
CCTV
RADIUS (Remote authentication dial-in user service)

17. Encompasses Risk Analysis and Risk Mitigation
Service packs
Owner
Two-Factor Authentication
Risk Management

18. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Debug
Keystroke logging
Firewall types
Tort

19. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Raid 0 - 1 - 3 - 5
Switches / Bridges
SSH
Illegal/Unethical

20. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
CORBA
Halon
Transposition
Virtual machine

21. A war dialing utility
Salami Slicing
Toneloc
Bugtraq
CD-Rom

22. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Embezzlement
Open network
OLE
Hot Site

23. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Echelon
Back door/ trap door/maintenance hook
DMZ
Risk Analysis

24. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Telnet
Classes of IP networks
Halon
Tokens

25. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Classes of IP networks
Fiber optic
Authorization creep
Accreditation

26. Public Key Infrastructure
Block cipher
PKI
Expert systems
Aggregation

27. This is an open international standard for applications that use wireless communications.
Coax
Keystroke logging
Phreaker
WAP (Wireless Application Protocol)

28. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Patent
Classes of IP networks
Telnet
Senior Management

29. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Multitasking
Data Mart
Senior Management
SSO (Single sign-on)

30. Occupant Emergency Plan - Employees are the most important!
Detective - Preventive - Corrective
Tort
OEP
Granularity

31. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Noise & perturbation
DDOS
Fire extinguisher
Salami Slicing

32. The output of a hash function is a digest.
Digest
Reciprocal agreement
Software
Eavesdropping

33. Scanning the airwaves for radio transmissions
Due Care
Routers
CCTV
Scanning

34. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Diffie-Hellman
CRC (Cyclic Redundancy Check)
Stream cipher
Worm

35. Accepting all packets
Custodian
Symmetric
Virtual Memory/Pagefile.sys
Promiscuous mode

36. An instance of a scripting language
Script
Call tree
Degausser
User

37. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Qualitative
Polymorphic
Spoofing
Authorization creep

38. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
ALE (Annualized Loss Expectancy)
Risk Transferring
Trojan horses
Custodian

39. In the broadest sense - a fraud is a deception made for personal gain
Fraud
Two-Factor Authentication
Data remanence
Centralized

40. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
Finger scanning
PKI
ARP (Address Resolution Protocol)

41. Distributed Component Object Model. Microsoft's implementation of CORBA.
ISDN (Integrated Services Digital Network)
Fraggle
Hacker
DCOM

42. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Encryption
Qualitative
Salami Slicing
Copyright

43. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Security Perimeter
Detective - Preventive - Corrective
OSI Model
CRC (Cyclic Redundancy Check)

44. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
PKI
Quality Assurance
Back door/ trap door/maintenance hook
AES (Advanced Encryption Standard)

45. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Risk Analysis
Asymmetric
Brewer-Nash model
Routers

46. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Caesar Cipher
ROT-13
Quality Assurance
Salami Slicing

47. 'If you cant see it - its secure'. Bad policy to live by.
Dictionary Attack
OEP
Coax
Security through obscurity

48. Access control method for database based on the content of the database to provide granular access
Active attacks
WTLS (Wireless Transport Layer Security)
Granularity
Content dependant

49. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Entrapment
FAR/FRR/CER
Tailgating / Piggybacking
MOM

50. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Finger printing
Job rotation
Classes of IP networks
SYN Flood