Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Accepting all packets
ROM (Read-only memory)
Hardware
Promiscuous mode
OSI Model

2. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Java
Bugtraq
Hearsay Evidence
Incentive programs

3. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Degausser
Virtual machine
Reciprocal agreement
Schema

4. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Risk Mitigation
Teardrop
Digital certificates
Joke

5. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Fraud
Throughput of a Biometric System
Fraggle
Vulnerability analysis tools

6. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Warm Site
Risk Analysis
Audit Trail
CIO

7. A system designed to stop piggybacking.
Granularity
Due Diligence
SQL (Structured Query Language)
Man trap

8. Also known as a tunnel)
Fiber optic
Hot Site
VPN (Virtual Private Network)
Toneloc

9. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Cold Site
Change management
Burden of Proof
Polymorphism

10. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
CIO
Security Perimeter
Macro
Back door/ trap door/maintenance hook

11. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Script kiddies
Non-repudiation
Promiscuous mode
War driving

12. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Senior Management
Finger printing
TCSEC
VPN (Virtual Private Network)

13. Public Key Infrastructure
Data remanence
Halon
PKI
Separation of duties

14. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
OSI Model
Asset Value
Passive attacks
Buffer overflow

15. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Enticement
Packet Sniffing
SSH
Raid 0 - 1 - 3 - 5

16. Data storage formats and equipment that allow the stored data to be accessed in any order
RAM (Random-access memory)
Identification
CCTV
Cyphertext only

17. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Call tree
Logic bomb
Well-known ports
Dictionary Attack

18. Using ICMP to diagram a network
Job rotation
TCB
Dictionary Attack
Probing

19. Random Number Base
Bugtraq
ROT-13
Nonce
Noise & perturbation

20. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Granularity
Call tree
ROM (Read-only memory)
Illegal/Unethical

21. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
Expert systems
CIO
Key Escrow

22. Method of authenticating to a system. Something that you supply and something you know.
OLE
Software
Qualitative
Username/password

23. A site that is ready physically but has no hardware in place - all it has is HVAC
Centralized
Cold Site
Exit interview
ActiveX Object Linking and Embedding

24. Jumping into dumpsters to retrieve information about someone/something/a company
Software
Symmetric
Teardrop
Dumpster diving

25. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Script
Brute force
Keystroke logging
Accountability

26. 'If you cant see it - its secure'. Bad policy to live by.
Cryptanalysis
Quality Assurance
Security through obscurity
VLANs

27. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Attenuation
Call tree
Multithreading
Trojan horses

28. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Telnet
Substitution
Digital signing
SESAME

29. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
OEP
Authorization creep
Fiber optic
Switches / Bridges

30. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
Decentralized
Software
Audit Trail
ARP (Address Resolution Protocol)

31. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Separation of duties
Security Perimeter
Probing
CGI (The Common Gateway Interface)

32. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
SESAME
Technical - Administrative - Physical
PKI
Base-64

33. Chief Executive Officer
CEO
RADIUS (Remote authentication dial-in user service)
Inference
Biometric profile

34. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
ALE (Annualized Loss Expectancy)
Software development lifecycle
Finger scanning
Boot-sector Virus

35. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
SSO (Single sign-on)
Separation of duties
Software
Sniffing

36. A site that has some equipment in place - and can be up within days
Halon
Out of band
Separation of duties
Warm Site

37. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Security kernel
Hubs
Identification
Artificial Neural Networks (ANN)

38. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Illegal/Unethical
Skipjack
Change management
Patent

39. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Repeaters
Compiler
Fences
Key Escrow

40. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Script kiddies
NAT
Routers
Tokens

41. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
ROT-13
Eavesdropping
Raid 0 - 1 - 3 - 5
Guards

42. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Salami Slicing
Echelon
Digest
Security through obscurity

43. When security is managed at a central point in an organization
Trojan horses
Symmetric
Macro
Centralized

44. Once authenticated - the level of access you have to a system
TCSEC
Man trap
WAP (Wireless Application Protocol)
Authorization

45. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Security Perimeter
Symmetric
Risk Management
Stream cipher

46. The real cost of acquiring/maintaining/developing a system
Finger scanning
Dictionary Attack
Asset Value
Skipjack

47. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Senior Management
Motion detector
COM
Expert systems

48. Encompasses Risk Analysis and Risk Mitigation
Risk Management
Fraud
SYN Flood
Script kiddies

49. The user
IAB
Penetration testing
User
Termination procedures

50. Be at least 8 foot tall and have three strands of barbed wire.
Birthday attack
SSL/TLS
Fences
Due Diligence