Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
Halon
Throughput of a Biometric System
Block cipher

2. The act of identifying yourself. Providing your identity to a system
CHAP
Carnivore
/etc/passwd
Identification

3. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
Authorization creep
Skipjack
Inference

4. Rolling command center with UPS - satellite - uplink - power - etc.
Content dependant
Rolling hot sites
Dictionary Attack
Keystroke logging

5. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
OSI Model
Private Addressing
TACACS (Terminal access controller access control system)
Senior Management

6. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
COOP
SESAME
Script kiddies
Separation of duties

7. Personal - Network - and Application
Fraggle
Tokens
Firewall types
Asset Value

8. A site that is ready physically but has no hardware in place - all it has is HVAC
Echelon
Cold Site
Biometric profile
Bugtraq

9. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
DOS
TEMPEST
Accreditation
AES (Advanced Encryption Standard)

10. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Firmware
Object Oriented Programming
Virtual machine
Callback Security/Call Forwarding

11. Reasonable doubt
War dialing
Burden of Proof
Exit interview
Boot-sector Virus

12. Chief Information Officer
Risk Analysis
Logic bomb
Change management
CIO

13. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Fire extinguisher
Teardrop
Copyright
Penetration testing

14. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Expert System
AES (Advanced Encryption Standard)
SLE (Single Loss Expectancy or Exposure)
Expert systems

15. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
DCOM
Guards
Clipping levels
Joke

16. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Aggregation
ARO (Annualized Rate of Occurrence)
Finger printing
Termination procedures

17. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
VPN (Virtual Private Network)
EF (Exposure Factor)
Audit Trail
FAR/FRR/CER

18. Same as a block cipher except that it is applied to a data stream one bit at a time
Stream cipher
Copyright
TCSEC
Smurf

19. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Repeaters
CHAP
Classes of IP networks
Caesar Cipher

20. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Scanning
Risk Transferring
Malware
Fiber optic

21. Public Key Infrastructure
Fire extinguisher
Active attacks
PKI
EF (Exposure Factor)

22. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Trademark
Guards
TCP Wrappers
Penetration testing

23. Motive - Opportunity - and Means. These deal with crime.
Risk Acceptance
CIRT
Skipjack
MOM

24. Also civil law
Tort
Owner
Twisted pair
VPN (Virtual Private Network)

25. Involving the measurement of quantity or amount.
ROM (Read-only memory)
Quantitative
WAP (Wireless Application Protocol)
BIOS

26. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Trade Secret
Common criteria
Two-Factor Authentication
SLE (Single Loss Expectancy or Exposure)

27. In a separation of duties model - this is where code is checked in and out
Software librarian
ROT-13
Job rotation
SSO (Single sign-on)

28. Data storage formats and equipment that allow the stored data to be accessed in any order
Virtual machine
RAM (Random-access memory)
Hubs
Security through obscurity

29. Random Number Base
Risk Acceptance
Script kiddies
COOP
Nonce

30. Enticing people to hit your honeypot to see how they try to access your system.
Exit interview
Enticement
Key Escrow
Username/password

31. Internet Architecture Board. This board is responsible for protecting the Internet.
Classes of IP networks
IAB
BIOS
Security through obscurity

32. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
CRC (Cyclic Redundancy Check)
Security kernel
Throughput of a Biometric System
Callback Security/Call Forwarding

33. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic bomb
DMZ
Trap Door
Session Hijacking

34. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Honey pot
Format 7 times
War driving
Java

35. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Cookies
VPN (Virtual Private Network)
Hash
Cold Site

36. Dynamic Host Configuration Protocol.
Bugtraq
DHCP
Wiretapping
Audit Trail

37. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Birthday attack
Multithreading
COOP
Quality Assurance

38. The art of breaking code. Testing the strength of an algorithm.
Cryptanalysis
Hearsay Evidence
TCB
Custodian

39. A RFC standard. A mechanism for performing commands on a remote system
/etc/passwd
WTLS (Wireless Transport Layer Security)
Telnet
Fire extinguisher

40. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Encryption
Spoofing
Fiber optic
Twisted pair

41. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
ROT-13
Expert System
Virtual machine
Accreditation

42. Once authenticated - the level of access you have to a system
Symmetric
Detective - Preventive - Corrective
Keystroke logging
Authorization

43. Emanations from one wire coupling with another wire
Crosstalk
Routers
CGI (The Common Gateway Interface)
Worm

44. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Logic bomb
Call tree
Boot-sector Virus
MitM

45. The frequency with which a threat is expected to occur.
Clipper Chip
Halon
/etc/passwd
ARO (Annualized Rate of Occurrence)

46. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Throughput of a Biometric System
Tort
Termination procedures
Trojan horses

47. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Coax
SYN Flood
Content dependant
Telnet

48. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Hash
VLANs
Security Perimeter
Owner

49. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
ROM (Read-only memory)
Trap Door
Two-Factor Authentication
Telnet

50. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Security kernel
OSI Model
Change management
Finger scanning