Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Authorization
Inference
Caesar Cipher
ActiveX Object Linking and Embedding

2. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Normalization
Substitution
Software development lifecycle
PAP (Password Authentication Protocol)

3. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
AES (Advanced Encryption Standard)
Security Perimeter
Acceptable use
Cold Site

4. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Active attacks
Fiber optic
Substitution
Software

5. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Base-64
Repeaters
Owner
Authorization creep

6. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Coax
Sniffing
War driving
Security Perimeter

7. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Senior Management
Session Hijacking
DDOS
Checksum

8. When security is managed at a central point in an organization
TEMPEST
Centralized
Salami Slicing
Wiretapping

9. A network that uses proprietary protocols
Trojan horses
Fire extinguisher
Toneloc
Closed network

10. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Non-repudiation
Throughput of a Biometric System
Embezzlement
Software librarian

11. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
BIA
Bugtraq
Switches / Bridges
CGI (The Common Gateway Interface)

12. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Compiler
IRC
TACACS (Terminal access controller access control system)
Finger scanning

13. Public Key Infrastructure
Attenuation
TCB
Eavesdropping
PKI

14. The act of identifying yourself. Providing your identity to a system
DMZ
Software
Encryption
Identification

15. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
Worm
Polymorphism
Format 7 times
Separation of duties

16. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list
DAD
Object Oriented Programming
Job rotation
Fences

17. Involving the measurement of quantity or amount.
Format 7 times
CCTV
Halon
Quantitative

18. Threat to physical security.
Attenuation
Format 7 times
Sabotage
VPN (Virtual Private Network)

19. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Aggregation
COOP
Active attacks
Certification

20. Personal - Network - and Application
Firewall types
Software development lifecycle
Dumpster diving
Echelon

21. The person that determines the permissions to files. The data owner.
Replay
Session Hijacking
Owner
Termination procedures

22. Dialing fixed sets telephone numbers looking for open modem connections to machines
War dialing
Finger printing
EF (Exposure Factor)
Private Addressing

23. These viruses usually infect both boot records and files.
Multipartite
Java
Multithreading
Asymmetric

24. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
Classes of IP networks
Security Awareness Training
Wiretapping
War dialing

25. Reasonable doubt
Teardrop
Cookies
Security Awareness Training
Burden of Proof

26. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Dumpster diving
Software librarian
TCSEC
Patriot Act

27. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
DCOM
MitM
Block cipher
Degausser

28. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Carnivore
Authentication
Asset Value
Salami Slicing

29. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Key Escrow
CIO
Accountability
FAR/FRR/CER

30. A military standard defining controls for emanation protection
TEMPEST
Base-64
Routers
BIOS

31. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Hubs
Penetration testing
Change management
Service packs

32. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
TCSEC
EF (Exposure Factor)
Caesar Cipher
Crosstalk

33. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Hubs
Trojan horses
Identification
Qualitative

34. More discriminate than dogs
Brute force
Guards
Trap Door
Security through obscurity

35. The art of breaking code. Testing the strength of an algorithm.
CRC (Cyclic Redundancy Check)
Normalization
Block cipher
Cryptanalysis

36. The practice of obtaining confidential information by manipulation of legitimate users.
ROT-13
Cyphertext only
Social engineering
EF (Exposure Factor)

37. Assuming someone's session who is unaware of what you are doing
Java
Asset Value
Session Hijacking
Software

38. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Common criteria
MOM
Burden of Proof
CGI (The Common Gateway Interface)

39. A RFC standard. A mechanism for performing commands on a remote system
Telnet
Debug
Termination procedures
Penetration testing

40. Closed Circuit Television
Exit interview
Finger scanning
CCTV
OEP

41. This is an open international standard for applications that use wireless communications.
AES (Advanced Encryption Standard)
OSI Model
COOP
WAP (Wireless Application Protocol)

42. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Degausser
Well-known ports
PKI
Raid 0 - 1 - 3 - 5

43. Object Linking and Embedding. The ability of an object to be embedded into another object.
Entrapment
Digital signing
Software development lifecycle
OLE

44. Basic Input/Output System
Debug
BIOS
Polymorphic
Warm Site

45. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Routers
Masquerade
CCTV
TACACS (Terminal access controller access control system)

46. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
TCP Wrappers
Sniffing
Accreditation
Script kiddies

47. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Security Awareness Training
SLE (Single Loss Expectancy or Exposure)
Enticement
Trade Secret

48. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Expert System
IRC
Raid 0 - 1 - 3 - 5
Due Diligence

49. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Motion detector
Boot-sector Virus
Raid 0 - 1 - 3 - 5
UUEncode

50. Setting up the user to access the honeypot for reasons other than the intent to harm.
EF (Exposure Factor)
Artificial Neural Networks (ANN)
Entrapment
Replay