Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Encompasses Risk Analysis and Risk Mitigation
Hoax
Risk Management
Buffer overflow
Asset Value

2. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
l0pht
Base-64
Trap Door
Detective - Preventive - Corrective

3. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Cookies
Raid 0 - 1 - 3 - 5
RADIUS (Remote authentication dial-in user service)
NAT

4. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
OEP
SSH
Cryptanalysis
Detective - Preventive - Corrective

5. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Brewer-Nash model
Certification
Caesar Cipher
CHAP

6. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
EF (Exposure Factor)
Birthday attack
UUEncode
War driving

7. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
BIA
Sabotage
Script kiddies
Bugtraq

8. Reasonable doubt
ROT-13
SLE (Single Loss Expectancy or Exposure)
Java
Burden of Proof

9. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
Fiber optic
Eavesdropping
Termination procedures

10. A war dialing utility
Qualitative
Fences
Toneloc
COOP

11. Signal degradation as it moves farther from its source
SSO (Single sign-on)
Attenuation
TACACS (Terminal access controller access control system)
Eavesdropping

12. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
DOS
Hot Site
Classes of IP networks
Cryptanalysis

13. Method of authenticating to a system. Something that you supply and something you know.
Termination procedures
Code of ethics
Fraud
Username/password

14. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Cookies
Wiretapping
Polymorphism
Non-repudiation

15. Scanning the airwaves for radio transmissions
Penetration testing
Brute Force
Degausser
Scanning

16. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Risk Mitigation
Penetration testing
Buffer overflow
Private Addressing

17. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Birthday attack
SSH
Honey pot
Aggregation

18. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
SSH
Embezzlement
Authorization creep

19. The ability to have more than one thread associated with a process
Dogs
Multithreading
Qualitative
SLE (Single Loss Expectancy or Exposure)

20. Accepting all packets
Virtual Memory/Pagefile.sys
Promiscuous mode
Nonce
Skipjack

21. Once authenticated - the level of access you have to a system
Authorization
Burden of Proof
Degausser
Job rotation

22. Someone who hacks
Audit Trail
OLE
Diffie-Hellman
Hacker

23. Confidentiality - Integrity - and Availability
Passive attacks
CIA
Exit interview
Dogs

24. Making individuals accountable for their actions on a system typically through the use of auditing
Accountability
Risk Analysis
Substitution
Quantitative

25. A site that is ready physically but has no hardware in place - all it has is HVAC
Security through obscurity
Firewall types
War dialing
Cold Site

26. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
Worm
VLANs
CD-Rom
SQL (Structured Query Language)

27. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Birthday attack
Out of band
TACACS (Terminal access controller access control system)
Authorization

28. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Checksum
OSI Model
CHAP
Risk Transferring

29. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Due Care
TEMPEST
Data Mart
Acceptable use

30. A network entity that provides a single entrance / exit point to the Internet.
Normalization
Diffie-Hellman
Bastion hosts
ALE (Annualized Loss Expectancy)

31. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
CGI (The Common Gateway Interface)
TACACS (Terminal access controller access control system)
Fences
Smart cards

32. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Penetration testing
Trap Door
Out of band
WAP (Wireless Application Protocol)

33. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Compiler
Data Mart
SSL/TLS
Throughput of a Biometric System

34. Same as a block cipher except that it is applied to a data stream one bit at a time
Compiler
Data remanence
Stream cipher
Halon

35. Object Linking and Embedding. The ability of an object to be embedded into another object.
OLE
War dialing
Patriot Act
Fences

36. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Transposition
RADIUS (Remote authentication dial-in user service)
Schema
Illegal/Unethical

37. Jumping into dumpsters to retrieve information about someone/something/a company
Dumpster diving
Firmware
Due Care
CHAP

38. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Degausser
Hubs
CGI (The Common Gateway Interface)
Non-repudiation

39. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Inference
Data remanence
Risk Analysis
PAP (Password Authentication Protocol)

40. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
War driving
Cyphertext only
Clipper Chip
Birthday attack

41. A network that mimics the brain
Artificial Neural Networks (ANN)
CCTV
Certification
Digital certificates

42. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
Finger printing
DAD
Audit Trail

43. Chief Information Officer
Script kiddies
Checksum
CIO
Accreditation

44. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Burden of Proof
Hash
Identification
Dictionary Attack

45. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Well-known ports
PAP (Password Authentication Protocol)
Patriot Act
Security through obscurity

46. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Due Diligence
Identification
PAP (Password Authentication Protocol)
DDOS

47. Must be in place for you to use a biometric system
Cryptanalysis
TCSEC
Biometric profile
Patent

48. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Technical - Administrative - Physical
Coax
Kerberos
/etc/passwd

49. 'If you cant see it - its secure'. Bad policy to live by.
Echelon
Bastion hosts
Multithreading
Security through obscurity

50. The intercepting of conversations by unintended recipients
Degausser
Eavesdropping
Noise & perturbation
Accreditation