Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Probing
SSH
Security kernel
Classes of IP networks

2. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Tailgating / Piggybacking
Termination procedures
Halon
Script kiddies

3. The real cost of acquiring/maintaining/developing a system
Asset Value
Vulnerability analysis tools
Copyright
Risk Transferring

4. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
EF (Exposure Factor)
Biometric profile
DDOS
Firmware

5. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Expert System
Risk Analysis
Logic bomb
Dogs

6. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
Multipartite
Mandatory vacation
Base-64
Replay

7. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Username/password
CGI (The Common Gateway Interface)
Aggregation
Multipartite

8. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Honey pot
Trade Secret
Carnivore
IAB

9. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Key Escrow
Finger printing
Social engineering
Sabotage

10. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Granularity
Compiler
Passive attacks
MOM

11. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Salami Slicing
BIA
Symmetric
EF (Exposure Factor)

12. Threat to physical security.
Macro
Probing
Sabotage
Inference

13. An instance of a scripting language
Promiscuous mode
Script
Expert systems
Halon

14. More discriminate than dogs
DOS
Digital signing
IAB
Guards

15. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Rolling hot sites
Hardware
Expert System
TCSEC

16. Animals with teeth. Not as discriminate as guards
Firmware
Technical - Administrative - Physical
Clipping levels
Dogs

17. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
DDOS
Joke
WAP (Wireless Application Protocol)

18. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Finger printing
DAD
Authorization
Non-repudiation

19. Once authenticated - the level of access you have to a system
Authorization
CGI (The Common Gateway Interface)
Kerberos
Format 7 times

20. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Illegal/Unethical
Malware
Bugtraq
Smart cards

21. The user
User
Phreaker
Firewall types
Fraud

22. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Caesar Cipher
Call tree
Skipjack
Crosstalk

23. The art of breaking code. Testing the strength of an algorithm.
Routers
Classes of IP networks
AES (Advanced Encryption Standard)
Cryptanalysis

24. Personal - Network - and Application
Firewall types
Back door/ trap door/maintenance hook
Cookies
Cryptanalysis

25. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
DMZ
Job rotation
Quantitative
Audit Trail

26. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Nonce
SQL (Structured Query Language)
Classes of IP networks
Raid 0 - 1 - 3 - 5

27. Be at least 8 foot tall and have three strands of barbed wire.
DNS cache poisoning
Fences
VLANs
Patriot Act

28. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
VLANs
Caesar Cipher
Centralized
IAB

29. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
Illegal/Unethical
Digest
Key Escrow

30. A site that has some equipment in place - and can be up within days
Base-64
Warm Site
Masquerade
Wiretapping

31. Someone whose hacking is primarily targeted at the phone systems
Phreaker
Asymmetric
Compiler
ISDN (Integrated Services Digital Network)

32. A system designed to stop piggybacking.
Digest
CORBA
Man trap
Risk Mitigation

33. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Trademark
Callback Security/Call Forwarding
Tailgating / Piggybacking
l0pht

34. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Noise & perturbation
Brute force
Dumpster diving
BIA

35. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
OLE
Hot Site
Back door/ trap door/maintenance hook
Risk Mitigation

36. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
SLE (Single Loss Expectancy or Exposure)
Data Mart
Passive attacks
Hearsay Evidence

37. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Job rotation
Diffie-Hellman
Centralized
Custodian

38. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Dogs
Finger scanning
Risk Transferring
Joke

39. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Digital signing
Base-64
ActiveX Object Linking and Embedding
Illegal/Unethical

40. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Classes of IP networks
Trap Door
Inference
Symmetric

41. Emanations from one wire coupling with another wire
Data remanence
SLE (Single Loss Expectancy or Exposure)
Crosstalk
Trademark

42. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Enticement
COM
Degausser
Non-repudiation

43. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
SSL/TLS
DMZ
Clipping levels
Software librarian

44. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Change management
TCSEC
Private Addressing
Attenuation

45. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Security kernel
Illegal/Unethical
Repeaters
Honey pot

46. 'If you cant see it - its secure'. Bad policy to live by.
Replay
Exit interview
Security through obscurity
Rolling hot sites

47. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
War dialing
DOS
Fire extinguisher
OLE

48. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Java
Mandatory vacation
Security kernel
WAP (Wireless Application Protocol)

49. Repeats the signal. It amplifies the signal before sending it on.
Repeaters
Quality Assurance
Schema
Illegal/Unethical

50. Setting up the user to access the honeypot for reasons other than the intent to harm.
Rolling hot sites
Entrapment
Polymorphism
Authorization