Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Kerberos
Worm
Digital signing
Substitution

2. A site that is ready physically but has no hardware in place - all it has is HVAC
Cold Site
Active attacks
Data Mart
IAB

3. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
Due Diligence
Enticement
CD-Rom
Digital signing

4. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Patriot Act
Skipjack
Trademark
Passive attacks

5. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Clipping levels
Vulnerability analysis tools
Transposition
Coax

6. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Virtual machine
Diffie-Hellman
Spoofing
OSI Model

7. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
CIO
SSH
Certification
Cold Site

8. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Authorization creep
Social engineering
Attenuation
Patent

9. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
UUEncode
Smurf
Authorization creep
Substitution

10. CISSPs subscribe to a code of ethics for building up the security profession
Compiler
Sniffing
CHAP
Code of ethics

11. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Masquerade
Hardware
Rolling hot sites
Finger scanning

12. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Virtual Memory/Pagefile.sys
ROT-13
Security through obscurity
Due Care

13. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Copyright
Echelon
DCOM
TACACS (Terminal access controller access control system)

14. Method of authenticating to a system. Something that you supply and something you know.
Centralized
ARP (Address Resolution Protocol)
Reciprocal agreement
Username/password

15. These can be used to verify that public keys belong to certain individuals.
Owner
Fraud
Finger printing
Digital certificates

16. Providing verification to a system
Risk Acceptance
Sabotage
Authentication
Accreditation

17. Enticing people to hit your honeypot to see how they try to access your system.
Fraggle
Enticement
Twisted pair
Hoax

18. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Format 7 times
Classes of IP networks
Out of band
Asset Value

19. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Teardrop
TCB
Routers
Senior Management

20. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Call tree
Joke
Trademark
Script

21. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Brute force
Two-Factor Authentication
CHAP
Boot-sector Virus

22. A RFC standard. A mechanism for performing commands on a remote system
Telnet
Hoax
Hardware
Hubs

23. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Carnivore
Rijndael
Cryptanalysis
Expert System

24. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
COM
Diffie-Hellman
Symmetric
Multiprocessing

25. When security is managed at a central point in an organization
Sabotage
Fraud
Centralized
Multipartite

26. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Teardrop
Buffer overflow
Closed network
Asset Value

27. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Fire extinguisher
SLE (Single Loss Expectancy or Exposure)
Back door/ trap door/maintenance hook
SSH

28. Someone whose hacking is primarily targeted at the phone systems
Phreaker
Burden of Proof
Toneloc
TACACS (Terminal access controller access control system)

29. In a separation of duties model - this is where code is checked in and out
ALE (Annualized Loss Expectancy)
Software librarian
DOS
TCSEC

30. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Quantitative
Trademark
Buffer overflow
UUEncode

31. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
Risk Transferring
Firmware
Switches / Bridges
Birthday attack

32. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Attenuation
Privacy Act of 1974
Throughput of a Biometric System
Security Awareness Training

33. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Exit interview
Dictionary Attack
Audit Trail
Polymorphic

34. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
DDOS
Tort
Out of band

35. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Man trap
OEP
Throughput of a Biometric System
Multiprocessing

36. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Encryption
Termination procedures
Promiscuous mode
Telnet

37. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Noise & perturbation
Dogs
Job rotation
Code of ethics

38. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Mandatory vacation
Phreaker
Caesar Cipher
l0pht

39. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Risk Acceptance
TCSEC
Format 7 times
Entrapment

40. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
Boot-sector Virus
CRC (Cyclic Redundancy Check)
Well-known ports

41. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Raid 0 - 1 - 3 - 5
Biometric profile
IAB
Polymorphic

42. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Authentication
Routers
UUEncode
Open network

43. Continuation of Operations Plan
CEO
Sabotage
COOP
Change management

44. An attempt to trick the system into believing that something false is real
Multitasking
Wiretapping
PKI
Hoax

45. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Senior Management
Out of band
EF (Exposure Factor)
SSL/TLS

46. Personal - Network - and Application
Firewall types
Decentralized
Risk Transferring
Fences

47. The real cost of acquiring/maintaining/developing a system
Asset Value
Biometrics
MOM
Carnivore

48. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Script kiddies
Throughput of a Biometric System
Hardware
OSI Model

49. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Hackers
Mandatory vacation
Granularity
DDOS

50. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Expert System
Halon
Motion detector
MOM