Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Defines the objects and their attributes that exist in a database.
Schema
Joke
TCB
CIA

2. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Security kernel
Promiscuous mode
TCSEC
Detective - Preventive - Corrective

3. Occupant Emergency Plan - Employees are the most important!
OEP
Aggregation
Owner
Man trap

4. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Well-known ports
Clipping levels
Rijndael
Kerberos

5. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Security Perimeter
Owner
AES (Advanced Encryption Standard)
Finger printing

6. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Degausser
Dumpster diving
ActiveX Object Linking and Embedding
Polymorphism

7. The person that controls access to the data
Custodian
Compiler
ActiveX Object Linking and Embedding
Acceptable use

8. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Firewall types
Well-known ports
Raid 0 - 1 - 3 - 5
Trademark

9. Assuming someone's session who is unaware of what you are doing
Session Hijacking
Degausser
Accountability
War driving

10. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Polymorphism
Normalization
Halon
IRC

11. Encompasses Risk Analysis and Risk Mitigation
Risk Management
Cold Site
Security Awareness Training
Routers

12. Motivational tools for employee awareness to get them to report security flaws in an organization
War dialing
Incentive programs
Hubs
Quality Assurance

13. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Hash
CIRT
Mandatory vacation
Fraud

14. The ability to have more than one thread associated with a process
Caesar Cipher
Fire extinguisher
Brute Force
Multithreading

15. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Normalization
Reciprocal agreement
Senior Management
CIA

16. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Hacker
Worm
CGI (The Common Gateway Interface)
Embezzlement

17. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Hackers
COOP
Raid 0 - 1 - 3 - 5
/etc/passwd

18. Animals with teeth. Not as discriminate as guards
Digest
Dogs
Toneloc
VLANs

19. White hat l0pht
Tort
Vulnerability analysis tools
l0pht
Bugtraq

20. A RFC standard. A mechanism for performing commands on a remote system
Quality Assurance
Telnet
COM
DOS

21. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
ARO (Annualized Rate of Occurrence)
Teardrop
Copyright
ISDN (Integrated Services Digital Network)

22. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Granularity
Crosstalk
SLE (Single Loss Expectancy or Exposure)
Risk Mitigation

23. The output of a hash function is a digest.
Open network
Digest
AES (Advanced Encryption Standard)
Tokens

24. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Risk Analysis
SYN Flood
Malware

25. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Well-known ports
Smart cards
CRC (Cyclic Redundancy Check)
Polymorphic

26. Common Object Request Broker Architecture.
CORBA
Spoofing
Multitasking
CHAP

27. These viruses usually infect both boot records and files.
Identification
Multipartite
Quantitative
Classes of IP networks

28. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Sabotage
Finger printing
Firmware
Debug

29. A mechanism by which connections to TCP services on a system are allowed or disallowed
TCP Wrappers
Bastion hosts
RAM (Random-access memory)
OEP

30. Network devices that operate at layer 3. This device separates broadcast domains.
SYN Flood
Qualitative
Routers
Decentralized

31. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Fiber optic
Aggregation
Scanning
Block cipher

32. Someone who hacks
VPN (Virtual Private Network)
Well-known ports
Hacker
Multiprocessing

33. A war dialing utility
Toneloc
Tokens
Incentive programs
Tailgating / Piggybacking

34. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
Data remanence
Biometric profile
DMZ

35. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Boot-sector Virus
Stream cipher
Data remanence
Owner

36. Emanations from one wire coupling with another wire
ISDN (Integrated Services Digital Network)
Stream cipher
Tailgating / Piggybacking
Crosstalk

37. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Exit interview
ActiveX Object Linking and Embedding
ROM (Read-only memory)
CGI (The Common Gateway Interface)

38. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Masquerade
CGI (The Common Gateway Interface)
Artificial Neural Networks (ANN)
Acceptable use

39. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
War driving
PAP (Password Authentication Protocol)
RADIUS (Remote authentication dial-in user service)
Masquerade

40. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
AES (Advanced Encryption Standard)
Active attacks
SYN Flood
Routers

41. Reasonable doubt
VPN (Virtual Private Network)
Burden of Proof
Biometric profile
SSL/TLS

42. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Username/password
CD-Rom
Raid 0 - 1 - 3 - 5
Inference

43. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Raid 0 - 1 - 3 - 5
Copyright
Enticement
Motion detector

44. In a separation of duties model - this is where code is checked in and out
Software librarian
Quantitative
Authorization creep
Risk Analysis

45. Accepting all packets
Guards
Accountability
Telnet
Promiscuous mode

46. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Service packs
CRC (Cyclic Redundancy Check)
Routers
IRC

47. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Script
Encryption
SSL/TLS
Vulnerability analysis tools

48. When security is managed at many different points in an organization
Trademark
Promiscuous mode
Halon
Decentralized

49. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Toneloc
Aggregation
Symmetric
Expert System

50. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
Inference
Object Oriented Programming
Digital signing
Base-64