Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
TCSEC
AES (Advanced Encryption Standard)
Virtual Memory/Pagefile.sys
Trade Secret

2. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
Centralized
Common criteria
Social engineering

3. A network that uses standard protocols (TCP/IP)
Open network
Macro
Social engineering
ISDN (Integrated Services Digital Network)

4. Ethernet - Cat5 - Twisted to allow for longer runs.
Twisted pair
Covert channels
Expert systems
CEO

5. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Call tree
Raid 0 - 1 - 3 - 5
Multiprocessing
Due Care

6. When two or more processes are linked and execute multiple programs simultaneously
Debug
Multiprocessing
WAP (Wireless Application Protocol)
CIRT

7. Distributed Component Object Model. Microsoft's implementation of CORBA.
DCOM
Software development lifecycle
Security kernel
Clipper Chip

8. A sandbox. Emulates an operating environment.
Virtual machine
CEO
Risk Acceptance
RAM (Random-access memory)

9. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Aggregation
CRC (Cyclic Redundancy Check)
Hoax
Inference

10. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Security Perimeter
Switches / Bridges
Out of band
War dialing

11. In the broadest sense - a fraud is a deception made for personal gain
Noise & perturbation
Fraud
Software
Dogs

12. Someone whose hacking is primarily targeted at the phone systems
Mandatory vacation
Phreaker
FAR/FRR/CER
Eavesdropping

13. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Rolling hot sites
NAT
Promiscuous mode
SSH

14. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Polymorphism
Identification
Java
Packet Sniffing

15. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Software development lifecycle
Polymorphic
Trojan horses
Format 7 times

16. Data storage formats and equipment that allow the stored data to be accessed in any order
RAM (Random-access memory)
Software librarian
Sabotage
Raid 0 - 1 - 3 - 5

17. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Sabotage
Entrapment
Hot Site
Rolling hot sites

18. Transferring your risk to someone else - typically an insurance company
Biometric profile
Substitution
Risk Transferring
Multithreading

19. To not be legal (as far as law is concerned) or ethical
CIA
TACACS (Terminal access controller access control system)
Illegal/Unethical
Transposition

20. More discriminate than dogs
Guards
Fire extinguisher
Switches / Bridges
Aggregation

21. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Biometrics
Active attacks
Key Escrow
Due Diligence

22. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Packet Sniffing
Classes of IP networks
Due Care
Entrapment

23. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
Cyphertext only
Asset Value
Owner

24. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Replay
Brute force
Multithreading
SSO (Single sign-on)

25. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Active attacks
Owner
Masquerade
Session Hijacking

26. Also known as a tunnel)
Asset Value
Hearsay Evidence
VPN (Virtual Private Network)
BIOS

27. The person that controls access to the data
Toneloc
Custodian
Hot Site
Sabotage

28. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
Multitasking
Joke
Software librarian

29. Emanations from one wire coupling with another wire
Social engineering
SLE (Single Loss Expectancy or Exposure)
EF (Exposure Factor)
Crosstalk

30. Accepting all packets
Software
DOS
Tailgating / Piggybacking
Promiscuous mode

31. Chief Executive Officer
Boot-sector Virus
CEO
Wiretapping
Detective - Preventive - Corrective

32. A site that is ready physically but has no hardware in place - all it has is HVAC
TCB
Teardrop
Cold Site
/etc/passwd

33. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Hardware
Encryption
Exit interview
Embezzlement

34. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Smart cards
Owner
Enticement
CGI (The Common Gateway Interface)

35. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Two-Factor Authentication
Authorization
Teardrop
ALE (Annualized Loss Expectancy)

36. CISSPs subscribe to a code of ethics for building up the security profession
Software
NAT
Code of ethics
Cryptanalysis

37. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Salami Slicing
Bastion hosts
Replay
Centralized

38. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Hearsay Evidence
Base-64
Kerberos
Clipping levels

39. Repeats the signal. It amplifies the signal before sending it on.
Schema
Hot Site
Repeaters
BIA

40. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Privacy Act of 1974
Brute force
Detective - Preventive - Corrective
Hoax

41. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
ALE (Annualized Loss Expectancy)
Diffie-Hellman
Biometrics
Hacker

42. Public Key Infrastructure
Tailgating / Piggybacking
Data Mart
PKI
Bastion hosts

43. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Smart cards
Routers
Encryption
FAR/FRR/CER

44. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Tailgating / Piggybacking
OEP
Quantitative
Encryption

45. Once authenticated - the level of access you have to a system
Vulnerability analysis tools
Due Care
Authorization
Phreaker

46. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Owner
Raid 0 - 1 - 3 - 5
Callback Security/Call Forwarding
BIA

47. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Digital signing
Classes of IP networks
Senior Management
Sniffing

48. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Finger printing
Symmetric
Format 7 times
DOS

49. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Sniffing
TCB
Symmetric
Risk Transferring

50. When security is managed at many different points in an organization
TEMPEST
DAD
Decentralized
Hot Site