Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Logic bomb
DNS cache poisoning
BIA
Teardrop

2. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Audit Trail
Quantitative
CGI (The Common Gateway Interface)
Exit interview

3. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Encryption
Vulnerability analysis tools
Accountability
Trap Door

4. CISSPs subscribe to a code of ethics for building up the security profession
Attenuation
Code of ethics
Digital certificates
TACACS (Terminal access controller access control system)

5. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Keystroke logging
DMZ
Biometrics
DDOS

6. Network devices that operate at layer 3. This device separates broadcast domains.
Routers
Expert systems
Security kernel
Asset Value

7. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Out of band
CIA
Risk Analysis
Acceptable use

8. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Trade Secret
Wiretapping
WTLS (Wireless Transport Layer Security)
Two-Factor Authentication

9. Network Address Translation
NAT
Packet Sniffing
DMZ
Common criteria

10. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
TCP Wrappers
Brewer-Nash model
Hot Site
Digest

11. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Two-Factor Authentication
Sniffing
Illegal/Unethical
OEP

12. Chief Information Officer
Coax
Security through obscurity
CIO
Malware

13. Rolling command center with UPS - satellite - uplink - power - etc.
Schema
Content dependant
Rolling hot sites
Identification

14. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Sniffing
CCTV
Due Diligence
Burden of Proof

15. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
Finger scanning
CD-Rom
Scanning

16. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Halon
Fire extinguisher
Macro
Encryption

17. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
ROM (Read-only memory)
Inference
OEP
Finger scanning

18. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
DDOS
Due Care
Closed network
Routers

19. The real cost of acquiring/maintaining/developing a system
Warm Site
Asset Value
Probing
Bugtraq

20. In the broadest sense - a fraud is a deception made for personal gain
Fraud
Copyright
Incentive programs
Phreaker

21. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Brewer-Nash model
Asymmetric
IAB
DHCP

22. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Senior Management
CGI (The Common Gateway Interface)
Finger printing
Embezzlement

23. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Brute force
Passive attacks
Transposition
Normalization

24. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Biometrics
Software librarian
Active attacks
Common criteria

25. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Schema
Throughput of a Biometric System
Active attacks
Promiscuous mode

26. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Base-64
Dogs
Echelon
CD-Rom

27. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Buffer overflow
Cold Site
Content dependant
TACACS (Terminal access controller access control system)

28. Providing verification to a system
Granularity
Private Addressing
Authentication
DDOS

29. Reasonable doubt
User
ISDN (Integrated Services Digital Network)
Burden of Proof
Nonce

30. Object Linking and Embedding. The ability of an object to be embedded into another object.
OLE
Patriot Act
Penetration testing
Separation of duties

31. Accepting all packets
Risk Mitigation
Promiscuous mode
CIA
CORBA

32. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
TEMPEST
Fraggle
Warm Site
Security Perimeter

33. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Trademark
Data Mart
User
Guards

34. The person that determines the permissions to files. The data owner.
Hash
Rolling hot sites
Owner
Privacy Act of 1974

35. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Tort
RAM (Random-access memory)
Fire extinguisher
Hot Site

36. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
PAP (Password Authentication Protocol)
Asset Value
DDOS
Fire extinguisher

37. More discriminate than dogs
Tailgating / Piggybacking
Guards
Symmetric
Risk Transferring

38. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
IRC
Custodian
Smurf
TCB

39. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Artificial Neural Networks (ANN)
TCB
Twisted pair
Granularity

40. Computer Incident Response Team
Technical - Administrative - Physical
Quantitative
CIRT
Rolling hot sites

41. Repeats the signal. It amplifies the signal before sending it on.
Repeaters
TEMPEST
Bastion hosts
Technical - Administrative - Physical

42. Closed Circuit Television
Packet Sniffing
Fraud
CCTV
Callback Security/Call Forwarding

43. Software designed to infiltrate or damage a computer system - without the owner's consent.
Data remanence
MitM
Accreditation
Malware

44. Animals with teeth. Not as discriminate as guards
SSO (Single sign-on)
Dogs
Penetration testing
CD-Rom

45. These can be used to verify that public keys belong to certain individuals.
Probing
Digital certificates
Tokens
WAP (Wireless Application Protocol)

46. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Clipper Chip
ARP (Address Resolution Protocol)
ROT-13
VLANs

47. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
CIRT
PAP (Password Authentication Protocol)
WTLS (Wireless Transport Layer Security)
Telnet

48. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Virtual Memory/Pagefile.sys
Logic bomb
Penetration testing
Separation of duties

49. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
Raid 0 - 1 - 3 - 5
RAM (Random-access memory)
Wiretapping
CEO

50. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
BIA
Brute Force
Normalization
AES (Advanced Encryption Standard)