Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Trap Door
Embezzlement
Skipjack
IRC

2. Jumping into dumpsters to retrieve information about someone/something/a company
Dumpster diving
Reciprocal agreement
Hash
FAR/FRR/CER

3. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
TCB
Call tree
Hoax
Skipjack

4. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Aggregation
Two-Factor Authentication
Clipper Chip
DAD

5. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
CIRT
Patent
Base-64
Rolling hot sites

6. A gas used in fire suppression. Not human safe. Chemical reaction.
Halon
l0pht
Vulnerability analysis tools
Hearsay Evidence

7. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
SSH
SSO (Single sign-on)
BIA
Warm Site

8. Also known as a tunnel)
User
Degausser
VPN (Virtual Private Network)
Skipjack

9. Data storage formats and equipment that allow the stored data to be accessed in any order
Sabotage
RAM (Random-access memory)
Callback Security/Call Forwarding
Twisted pair

10. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Teardrop
Granularity
Change management
Risk Acceptance

11. White hat l0pht
Bugtraq
Quality Assurance
Hackers
Two-Factor Authentication

12. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Active attacks
Normalization
Hacker
Senior Management

13. When security is managed at a central point in an organization
Centralized
Common criteria
Patent
Identification

14. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Firmware
Hearsay Evidence
OSI Model
PKI

15. Occupant Emergency Plan - Employees are the most important!
Finger scanning
OEP
TCP Wrappers
WAP (Wireless Application Protocol)

16. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Virtual Memory/Pagefile.sys
Packet Sniffing
War driving
Bastion hosts

17. Dynamic Host Configuration Protocol.
Entrapment
DHCP
Hot Site
Centralized

18. When two or more processes are linked and execute multiple programs simultaneously
Owner
Multiprocessing
Centralized
Smart cards

19. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Service packs
Hash
Acceptable use
ActiveX Object Linking and Embedding

20. A technique to eliminate data redundancy.
Skipjack
Digital certificates
Normalization
MOM

21. A RFC standard. A mechanism for performing commands on a remote system
Hubs
Multiprocessing
Smurf
Telnet

22. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Twisted pair
Encryption
Honey pot
Risk Acceptance

23. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
/etc/passwd
Echelon
Clipping levels
Accreditation

24. The act of identifying yourself. Providing your identity to a system
Nonce
Identification
Software development lifecycle
Covert channels

25. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
Exit interview
Multithreading
Copyright
WAP (Wireless Application Protocol)

26. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Trademark
CRC (Cyclic Redundancy Check)
Software librarian
Fire extinguisher

27. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Classes of IP networks
/etc/passwd
Back door/ trap door/maintenance hook
Sniffing

28. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Joke
PAP (Password Authentication Protocol)
PKI
Wiretapping

29. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Data remanence
Risk Analysis
Mandatory vacation
Termination procedures

30. Animals with teeth. Not as discriminate as guards
Patriot Act
Dogs
CRC (Cyclic Redundancy Check)
Technical - Administrative - Physical

31. Making individuals accountable for their actions on a system typically through the use of auditing
Classes of IP networks
Accountability
User
Job rotation

32. The output of a hash function is a digest.
ARO (Annualized Rate of Occurrence)
Digest
Biometrics
Closed network

33. The intercepting of conversations by unintended recipients
Clipper Chip
Software
Eavesdropping
TACACS (Terminal access controller access control system)

34. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Attenuation
Out of band
Expert systems
Authorization creep

35. Involving the measurement of quantity or amount.
Symmetric
Quantitative
TCP Wrappers
Normalization

36. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
ROM (Read-only memory)
Software
Authorization creep
Copyright

37. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Risk Analysis
Identification
Scanning
Symmetric

38. Network Address Translation
Twisted pair
Script kiddies
NAT
Software librarian

39. A hidden communications channel on a system that allows for the bypassing of the system security policy
Hoax
Covert channels
MOM
SQL (Structured Query Language)

40. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Normalization
Sniffing
Man trap
Caesar Cipher

41. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
Bugtraq
DNS cache poisoning
Noise & perturbation
Joke

42. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Scanning
War driving
Tokens
Smart cards

43. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
TCSEC
Hoax
Brute force
Cyphertext only

44. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Wiretapping
/etc/passwd
Identification
Brute force

45. A site that has some equipment in place - and can be up within days
Risk Management
Two-Factor Authentication
Script
Warm Site

46. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Promiscuous mode
War driving
Birthday attack
CGI (The Common Gateway Interface)

47. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
SLE (Single Loss Expectancy or Exposure)
Noise & perturbation
War driving
Teardrop

48. Software designed to infiltrate or damage a computer system - without the owner's consent.
Content dependant
Malware
DCOM
Security Perimeter

49. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Hacker
Noise & perturbation
Hearsay Evidence
SLE (Single Loss Expectancy or Exposure)

50. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Clipping levels
Common criteria
Replay
Expert System