Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Component Object Model.
Biometrics
COM
Switches / Bridges
Software development lifecycle

2. Method of authenticating to a system. Something that you supply and something you know.
Username/password
Session Hijacking
Expert System
Rijndael

3. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Burden of Proof
Risk Management
ActiveX Object Linking and Embedding
Birthday attack

4. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Script kiddies
DAD
PAP (Password Authentication Protocol)
Hacker

5. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Custodian
Carnivore
Accreditation
Fences

6. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Firmware
Penetration testing
Format 7 times
Content dependant

7. When security is managed at a central point in an organization
Centralized
OSI Model
SSO (Single sign-on)
Toneloc

8. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic bomb
Authorization
Smurf
Toneloc

9. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Closed network
Covert channels
Passive attacks
Wiretapping

10. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
WTLS (Wireless Transport Layer Security)
Tailgating / Piggybacking
Embezzlement
Macro

11. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Data Mart
COM
Digital signing
Kerberos

12. Motivational tools for employee awareness to get them to report security flaws in an organization
TCB
Incentive programs
Carnivore
Owner

13. Data storage formats and equipment that allow the stored data to be accessed in any order
Raid 0 - 1 - 3 - 5
SQL (Structured Query Language)
Decentralized
RAM (Random-access memory)

14. Setting up the user to access the honeypot for reasons other than the intent to harm.
ARP (Address Resolution Protocol)
Entrapment
Symmetric
Cookies

15. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
BIA
Crosstalk
Hacker
Trojan horses

16. Internet Architecture Board. This board is responsible for protecting the Internet.
IAB
Tort
Enticement
TACACS (Terminal access controller access control system)

17. Access control method for database based on the content of the database to provide granular access
Content dependant
Joke
Classes of IP networks
Risk Management

18. When security is managed at many different points in an organization
Inference
Multitasking
Telnet
Decentralized

19. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
/etc/passwd
Biometrics
Trojan horses
Fences

20. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Format 7 times
Two-Factor Authentication
Digital certificates
Polymorphic

21. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Degausser
Authorization
Burden of Proof
Termination procedures

22. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
BIA
Callback Security/Call Forwarding
Object Oriented Programming
SSO (Single sign-on)

23. In the broadest sense - a fraud is a deception made for personal gain
Eavesdropping
TCB
Embezzlement
Fraud

24. Public Key Infrastructure
PKI
VLANs
Software librarian
Script

25. A RFC standard. A mechanism for performing commands on a remote system
Telnet
Checksum
Due Diligence
Script kiddies

26. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Call tree
Content dependant
SSO (Single sign-on)
Compiler

27. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Change management
CRC (Cyclic Redundancy Check)
User
Kerberos

28. Random Number Base
Callback Security/Call Forwarding
Artificial Neural Networks (ANN)
Nonce
DNS cache poisoning

29. Closed Circuit Television
Java
Penetration testing
CCTV
DOS

30. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
EF (Exposure Factor)
Separation of duties
Keystroke logging
Trademark

31. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
SYN Flood
Asymmetric
DAD
PAP (Password Authentication Protocol)

32. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Trademark
Asset Value
Cyphertext only
TCSEC

33. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Logic bomb
Inference
Format 7 times
ROT-13

34. 'If you cant see it - its secure'. Bad policy to live by.
Caesar Cipher
Inference
Security through obscurity
Degausser

35. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single
Degausser
Polymorphism
Open network
ActiveX Object Linking and Embedding

36. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Risk Management
Security Awareness Training
Vulnerability analysis tools
Software development lifecycle

37. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Copyright
/etc/passwd
DAD
Throughput of a Biometric System

38. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Normalization
Digital certificates
Substitution
Brewer-Nash model

39. Disclosure - Alteration - Destruction. These things break the CIA triad
Asymmetric
DAD
Software development lifecycle
TCB

40. A network that uses standard protocols (TCP/IP)
Open network
Keystroke logging
Biometric profile
SSO (Single sign-on)

41. A hidden communications channel on a system that allows for the bypassing of the system security policy
Security through obscurity
Scanning
Teardrop
Covert channels

42. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Artificial Neural Networks (ANN)
UUEncode
Boot-sector Virus
AES (Advanced Encryption Standard)

43. These viruses usually infect both boot records and files.
Trademark
Multipartite
Sniffing
Security through obscurity

44. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Job rotation
Digital signing
Fiber optic
Nonce

45. Making individuals accountable for their actions on a system typically through the use of auditing
Accountability
SSO (Single sign-on)
Script
Enticement

46. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Vulnerability analysis tools
Cookies
Dictionary Attack
Bastion hosts

47. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Security kernel
Security Awareness Training
DDOS
Granularity

48. The process of reducing your risks to an acceptable level based on your risk analysis
Dumpster diving
Risk Mitigation
Java
Kerberos

49. A war dialing utility
Toneloc
PKI
Buffer overflow
Security through obscurity

50. More discriminate than dogs
Covert channels
Guards
Reciprocal agreement
CIO