Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Diffie-Hellman
Birthday attack
Centralized
ROT-13

2. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Private Addressing
Compiler
Authentication
Common criteria

3. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Twisted pair
Audit Trail
IAB
SQL (Structured Query Language)

4. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Smurf
Base-64
Finger scanning
Hardware

5. Motivational tools for employee awareness to get them to report security flaws in an organization
Incentive programs
War driving
Fire extinguisher
Illegal/Unethical

6. Repeats the signal. It amplifies the signal before sending it on.
MOM
Repeaters
ALE (Annualized Loss Expectancy)
Sabotage

7. Chief Executive Officer
Brute Force
CEO
Sabotage
Twisted pair

8. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
SSH
Wiretapping
TACACS (Terminal access controller access control system)
Passive attacks

9. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Reciprocal agreement
PAP (Password Authentication Protocol)
ALE (Annualized Loss Expectancy)
Termination procedures

10. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.
Trojan horses
Entrapment
Detective - Preventive - Corrective
Vulnerability analysis tools

11. Enticing people to hit your honeypot to see how they try to access your system.
Brute force
Inference
TCSEC
Enticement

12. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
FAR/FRR/CER
Certification
Fiber optic
Cold Site

13. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Software librarian
Debug
Open network
l0pht

14. In the broadest sense - a fraud is a deception made for personal gain
Spoofing
Software
ARP (Address Resolution Protocol)
Fraud

15. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Call tree
Granularity
Noise & perturbation
Security through obscurity

16. A site that has some equipment in place - and can be up within days
Content dependant
Cryptanalysis
CIO
Warm Site

17. When security is managed at a central point in an organization
Smart cards
Username/password
Centralized
Buffer overflow

18. An instance of a scripting language
Script
DOS
Digital signing
Quantitative

19. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
SLE (Single Loss Expectancy or Exposure)
Bugtraq
Inference
Repeaters

20. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Private Addressing
Data Mart
Technical - Administrative - Physical
TEMPEST

21. 'If you cant see it - its secure'. Bad policy to live by.
Burden of Proof
Change management
Security through obscurity
Guards

22. An attempt to trick the system into believing that something false is real
Brewer-Nash model
Hoax
Security through obscurity
Joke

23. Accepting all packets
Motion detector
DAD
Burden of Proof
Promiscuous mode

24. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Bastion hosts
DMZ
War dialing
WTLS (Wireless Transport Layer Security)

25. Jumping into dumpsters to retrieve information about someone/something/a company
Dumpster diving
OEP
Well-known ports
Logic bomb

26. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
Multiprocessing
PAP (Password Authentication Protocol)
RADIUS (Remote authentication dial-in user service)
SSH

27. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Fiber optic
Birthday attack
Quantitative
Back door/ trap door/maintenance hook

28. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Cookies
Reciprocal agreement
Technical - Administrative - Physical
Keystroke logging

29. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Spoofing
Checksum
Penetration testing
Security Perimeter

30. The real cost of acquiring/maintaining/developing a system
Risk Analysis
OEP
Telnet
Asset Value

31. Network devices that operate at layer 2. Every port on a switch is a separate collision domain
CHAP
PKI
WAP (Wireless Application Protocol)
Switches / Bridges

32. Object Linking and Embedding. The ability of an object to be embedded into another object.
Privacy Act of 1974
Repeaters
OLE
SESAME

33. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Biometrics
Salami Slicing
ARP (Address Resolution Protocol)
Penetration testing

34. Assuming someone's session who is unaware of what you are doing
RADIUS (Remote authentication dial-in user service)
Session Hijacking
Active attacks
Separation of duties

35. Someone whose hacking is primarily targeted at the phone systems
Phreaker
Expert System
Social engineering
ALE (Annualized Loss Expectancy)

36. Once authenticated - the level of access you have to a system
Authorization
Noise & perturbation
Burden of Proof
Fraud

37. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters
Substitution
SESAME
IAB
Reciprocal agreement

38. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Hubs
Spoofing
Worm
Biometric profile

39. A network that uses standard protocols (TCP/IP)
Open network
Due Diligence
Normalization
DNS cache poisoning

40. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
RAM (Random-access memory)
Polymorphic
Privacy Act of 1974
CORBA

41. Network devices that operate at layer 3. This device separates broadcast domains.
Routers
Kerberos
Fiber optic
Risk Transferring

42. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Malware
Raid 0 - 1 - 3 - 5
COM
Hot Site

43. Confidentiality - Integrity - and Availability
CIA
OEP
Decentralized
Digital certificates

44. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Hearsay Evidence
Enticement
Hardware
SESAME

45. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
CHAP
TCP Wrappers
Salami Slicing
Kerberos

46. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Java
Malware
MOM
ALE (Annualized Loss Expectancy)

47. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Granularity
Hubs
Artificial Neural Networks (ANN)
Checksum

48. A technique to eliminate data redundancy.
CD-Rom
Passive attacks
Normalization
Skipjack

49. A system designed to stop piggybacking.
SSL/TLS
Man trap
Packet Sniffing
Nonce

50. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
CRC (Cyclic Redundancy Check)
Salami Slicing
Hoax
Schema