Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
Software librarian
Security kernel
RAM (Random-access memory)

2. When security is managed at a central point in an organization
Tailgating / Piggybacking
Warm Site
IRC
Centralized

3. Software designed to infiltrate or damage a computer system - without the owner's consent.
Malware
Worm
Detective - Preventive - Corrective
Multipartite

4. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Twisted pair
Classes of IP networks
Multithreading
Replay

5. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
MOM
UUEncode
OSI Model

6. Continuation of Operations Plan
Certification
Script kiddies
COOP
Granularity

7. Internet Relay Chat.
Aggregation
Attenuation
War driving
IRC

8. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Throughput of a Biometric System
Trade Secret
Software librarian
COOP

9. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Granularity
Twisted pair
Security through obscurity
Enticement

10. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Encryption
Buffer overflow
OSI Model
Salami Slicing

11. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Active attacks
Coax
Security kernel
Raid 0 - 1 - 3 - 5

12. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Substitution
Closed network
ALE (Annualized Loss Expectancy)
Hacker

13. The person that determines the permissions to files. The data owner.
Tailgating / Piggybacking
CHAP
CIA
Owner

14. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
BIA
CHAP
WAP (Wireless Application Protocol)
Firewall types

15. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
TCB
Software development lifecycle
Security kernel
Vulnerability analysis tools

16. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
SQL (Structured Query Language)
Identification
Two-Factor Authentication
Multitasking

17. A site that has some equipment in place - and can be up within days
Owner
Burden of Proof
Warm Site
Service packs

18. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Hardware
Macro
Software development lifecycle
Crosstalk

19. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
DOS
Mandatory vacation
Debug
ARO (Annualized Rate of Occurrence)

20. Must be in place for you to use a biometric system
TCB
Biometric profile
Noise & perturbation
Out of band

21. The intercepting of conversations by unintended recipients
CORBA
Identification
WAP (Wireless Application Protocol)
Eavesdropping

22. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
WAP (Wireless Application Protocol)
DAD
Burden of Proof
Joke

23. Random Number Base
Guards
Due Diligence
Nonce
Virtual Memory/Pagefile.sys

24. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
AES (Advanced Encryption Standard)
Hackers
Object Oriented Programming
Acceptable use

25. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
ARP (Address Resolution Protocol)
Symmetric
TCSEC
SSH

26. Involving the measurement of quantity or amount.
Sabotage
Digest
Quantitative
Data Mart

27. Motive - Opportunity - and Means. These deal with crime.
Job rotation
CIRT
Out of band
MOM

28. Someone whose hacking is primarily targeted at the phone systems
Bugtraq
Hash
Twisted pair
Phreaker

29. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
COOP
Technical - Administrative - Physical
Trademark
SSH

30. A network that mimics the brain
Telnet
CD-Rom
Artificial Neural Networks (ANN)
Birthday attack

31. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Tort
Firewall types
Aggregation
Nonce

32. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Keystroke logging
Trap Door
Worm
Compiler

33. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Security Awareness Training
Artificial Neural Networks (ANN)
Dogs
Echelon

34. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Trojan horses
Virtual Memory/Pagefile.sys
BIOS
CHAP

35. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Entrapment
CHAP
Security Perimeter
Key Escrow

36. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
CIO
Finger scanning
Vulnerability analysis tools
Closed network

37. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Job rotation
Security Awareness Training
Tailgating / Piggybacking
CEO

38. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Reciprocal agreement
Security Awareness Training
Throughput of a Biometric System
Back door/ trap door/maintenance hook

39. Network devices that operate at layer 3. This device separates broadcast domains.
CGI (The Common Gateway Interface)
Tokens
Routers
Risk Acceptance

40. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Rijndael
Joke
Multiprocessing
Symmetric

41. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Warm Site
Logic bomb
Crosstalk
CGI (The Common Gateway Interface)

42. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Fire extinguisher
Polymorphism
Expert System
Hot Site

43. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Switches / Bridges
Inference
Digest
Acceptable use

44. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Halon
Call tree
Fiber optic
Patent

45. Network device that operates at layer 1. Concentrator.
Java
Hubs
Cold Site
Firmware

46. Computer Incident Response Team
Hacker
Software librarian
Tort
CIRT

47. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Masquerade
ROM (Read-only memory)
Multipartite
SSH

48. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
RAM (Random-access memory)
Raid 0 - 1 - 3 - 5
Authentication
Common criteria

49. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Schema
Hackers
Clipper Chip
Change management

50. Chief Executive Officer
CEO
War driving
Scanning
CIA