Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Granularity
Throughput of a Biometric System
Firmware
Job rotation

2. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
DDOS
Java
DMZ
Custodian

3. The intercepting of conversations by unintended recipients
Switches / Bridges
Eavesdropping
VPN (Virtual Private Network)
Object Oriented Programming

4. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
Salami Slicing
Warm Site
Scanning
ISDN (Integrated Services Digital Network)

5. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Penetration testing
DAD
Noise & perturbation
Acceptable use

6. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
DDOS
NAT
Checksum
Due Care

7. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database
Burden of Proof
Rolling hot sites
Finger printing
CORBA

8. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
Routers
Carnivore
Hacker

9. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Software development lifecycle
EF (Exposure Factor)
Job rotation
Java

10. Confidentiality - Integrity - and Availability
Cyphertext only
Covert channels
ROM (Read-only memory)
CIA

11. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Digital signing
Code of ethics
OSI Model
Finger printing

12. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Patent
Non-repudiation
Digital certificates
SSL/TLS

13. Animals with teeth. Not as discriminate as guards
Embezzlement
Checksum
Vulnerability analysis tools
Dogs

14. To not be legal (as far as law is concerned) or ethical
Illegal/Unethical
Patriot Act
CCTV
Two-Factor Authentication

15. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Tokens
Tailgating / Piggybacking
TCSEC
Expert systems

16. CISSPs subscribe to a code of ethics for building up the security profession
Code of ethics
Illegal/Unethical
Security Perimeter
Smurf

17. Chief Executive Officer
CEO
Common criteria
Stream cipher
Audit Trail

18. The frequency with which a threat is expected to occur.
PKI
BIA
ARO (Annualized Rate of Occurrence)
DOS

19. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
ISDN (Integrated Services Digital Network)
SQL (Structured Query Language)
TACACS (Terminal access controller access control system)
Trojan horses

20. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Sabotage
Risk Management
Birthday attack
Two-Factor Authentication

21. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Polymorphic
Biometrics
Classes of IP networks
Data Mart

22. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Non-repudiation
Private Addressing
Man trap
Phreaker

23. When two or more processes are linked and execute multiple programs simultaneously
ROM (Read-only memory)
Symmetric
Multiprocessing
Smurf

24. The process of reducing your risks to an acceptable level based on your risk analysis
Identification
Risk Mitigation
ISDN (Integrated Services Digital Network)
Normalization

25. Jumping into dumpsters to retrieve information about someone/something/a company
Two-Factor Authentication
Tokens
PKI
Dumpster diving

26. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Change management
Coax
Clipper Chip
Separation of duties

27. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
CRC (Cyclic Redundancy Check)
Debug
Kerberos
Cryptanalysis

28. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Fences
NAT
Authentication
AES (Advanced Encryption Standard)

29. Random Number Base
DDOS
Throughput of a Biometric System
Nonce
Embezzlement

30. A RFC standard. A mechanism for performing commands on a remote system
Termination procedures
Fences
Telnet
CEO

31. Chief Information Officer
User
CIO
Authorization creep
Schema

32. Good for distance - longer than 100M
Replay
UUEncode
CD-Rom
Coax

33. Closed Circuit Television
Enticement
CCTV
CGI (The Common Gateway Interface)
Entrapment

34. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Boot-sector Virus
Key Escrow
Common criteria
Username/password

35. The output of a hash function is a digest.
IRC
Security kernel
RADIUS (Remote authentication dial-in user service)
Digest

36. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Privacy Act of 1974
Cryptanalysis
Digital signing
Smurf

37. Defines the objects and their attributes that exist in a database.
Schema
Change management
Private Addressing
Service packs

38. The art of breaking code. Testing the strength of an algorithm.
Identification
Hash
Cryptanalysis
Trap Door

39. Object Linking and Embedding. The ability of an object to be embedded into another object.
Normalization
Fraud
OLE
Well-known ports

40. After implementing countermeasures - accepting risk for the amount of vulnerability left over
CIA
Hash
Key Escrow
Risk Acceptance

41. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Diffie-Hellman
Biometrics
Technical - Administrative - Physical
Motion detector

42. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Multipartite
Covert channels
Senior Management
Hubs

43. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Classes of IP networks
Well-known ports
OSI Model
Risk Transferring

44. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Technical - Administrative - Physical
Key Escrow
Exit interview
SESAME

45. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
CD-Rom
Private Addressing
VLANs
Echelon

46. Providing verification to a system
Cookies
Authentication
Change management
TCP Wrappers

47. Must be in place for you to use a biometric system
Custodian
Out of band
Toneloc
Biometric profile

48. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Active attacks
Dictionary Attack
Multithreading
Qualitative

49. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Cookies
Fraud
Entrapment
Aggregation

50. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
DDOS
DOS
ARP (Address Resolution Protocol)
Due Care