Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Hubs
Checksum
MitM
Multithreading

2. Software designed to infiltrate or damage a computer system - without the owner's consent.
Kerberos
Malware
WAP (Wireless Application Protocol)
Fraggle

3. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Cryptanalysis
Social engineering
Birthday attack
Call tree

4. Network devices that operate at layer 3. This device separates broadcast domains.
Telnet
Routers
Detective - Preventive - Corrective
Warm Site

5. When security is managed at a central point in an organization
Centralized
IRC
Base-64
Illegal/Unethical

6. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Acceptable use
Content dependant
Key Escrow
Cold Site

7. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
CEO
Content dependant
Well-known ports
Owner

8. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
Object Oriented Programming
Digest
Crosstalk
Salami Slicing

9. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Promiscuous mode
CIO
Caesar Cipher
Twisted pair

10. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
Clipper Chip
Cryptanalysis
Finger scanning

11. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Qualitative
Security through obscurity
Trade Secret
SYN Flood

12. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Buffer overflow
Decentralized
Due Diligence
Qualitative

13. Entails planning and system actions to ensure that a project is following good quality management practices
Java
MOM
SESAME
Quality Assurance

14. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Username/password
Clipper Chip
Patriot Act
Trade Secret

15. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
Mandatory vacation
Authorization creep
Qualitative

16. Distributed Component Object Model. Microsoft's implementation of CORBA.
Brute Force
Certification
Qualitative
DCOM

17. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Separation of duties
War driving
Authentication
Carnivore

18. Accepting all packets
Promiscuous mode
EF (Exposure Factor)
Carnivore
Acceptable use

19. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
Firewall types
ARP (Address Resolution Protocol)
WTLS (Wireless Transport Layer Security)
Expert System

20. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Raid 0 - 1 - 3 - 5
Mandatory vacation
DCOM
Substitution

21. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Asymmetric
Entrapment
Block cipher
Joke

22. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Fiber optic
Risk Analysis
Hot Site
Trade Secret

23. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
War driving
AES (Advanced Encryption Standard)
DOS
RAM (Random-access memory)

24. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Warm Site
SESAME
Object Oriented Programming
Authorization creep

25. A gas used in fire suppression. Not human safe. Chemical reaction.
Halon
DMZ
Software
Hearsay Evidence

26. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Degausser
Buffer overflow
Fraggle
Patent

27. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Key Escrow
Finger scanning
Inference
Embezzlement

28. Personal - Network - and Application
Sniffing
Firewall types
Eavesdropping
Security through obscurity

29. Also civil law
Attenuation
Mandatory vacation
Risk Transferring
Tort

30. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Technical - Administrative - Physical
Aggregation
Dogs
Block cipher

31. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
RADIUS (Remote authentication dial-in user service)
WAP (Wireless Application Protocol)
Fraggle
CIO

32. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
CCTV
Closed network
FAR/FRR/CER
Salami Slicing

33. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Cyphertext only
Entrapment
WTLS (Wireless Transport Layer Security)
Skipjack

34. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Noise & perturbation
Risk Analysis
Asset Value
ISDN (Integrated Services Digital Network)

35. A network that uses proprietary protocols
Format 7 times
Closed network
Honey pot
DMZ

36. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
UUEncode
Risk Acceptance
Format 7 times
Echelon

37. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Attenuation
SQL (Structured Query Language)
Twisted pair
MitM

38. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Teardrop
DNS cache poisoning
Risk Analysis
Key Escrow

39. Setting up the user to access the honeypot for reasons other than the intent to harm.
Data remanence
DCOM
Entrapment
Rijndael

40. Rolling command center with UPS - satellite - uplink - power - etc.
ROM (Read-only memory)
Rolling hot sites
Trade Secret
CCTV

41. Chief Information Officer
CIO
Due Care
Termination procedures
Sniffing

42. Confidentiality - Integrity - and Availability
Switches / Bridges
CIA
Out of band
ARP (Address Resolution Protocol)

43. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
RAM (Random-access memory)
Authentication
Security Perimeter
Risk Transferring

44. Defines the objects and their attributes that exist in a database.
Illegal/Unethical
Schema
Asymmetric
Switches / Bridges

45. Jumping into dumpsters to retrieve information about someone/something/a company
Dumpster diving
Data Mart
AES (Advanced Encryption Standard)
SYN Flood

46. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
EF (Exposure Factor)
CRC (Cyclic Redundancy Check)
Biometrics
Service packs

47. When one key of a two-key pair has more encryption pattern than the other
Quality Assurance
ROT-13
Rijndael
Asymmetric

48. Animals with teeth. Not as discriminate as guards
Penetration testing
Dogs
Finger printing
Virtual Memory/Pagefile.sys

49. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Diffie-Hellman
Sabotage
Macro
DMZ

50. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Finger printing
EF (Exposure Factor)
Common criteria
Honey pot