Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
CRC (Cyclic Redundancy Check)
AES (Advanced Encryption Standard)
SESAME
Keystroke logging

2. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Virtual Memory/Pagefile.sys
Patent
Rolling hot sites

3. Public Key Infrastructure
Digest
PKI
Symmetric
Open network

4. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Virtual machine
Logic bomb
Cyphertext only
Encryption

5. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
RAM (Random-access memory)
Routers
Script kiddies
Software librarian

6. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Debug
Wiretapping
Symmetric
Tailgating / Piggybacking

7. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Back door/ trap door/maintenance hook
ARP (Address Resolution Protocol)
Hash
CORBA

8. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Accountability
Substitution
Non-repudiation
Brute force

9. Entails planning and system actions to ensure that a project is following good quality management practices
Polymorphism
Hackers
Hubs
Quality Assurance

10. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Buffer overflow
Throughput of a Biometric System
PAP (Password Authentication Protocol)
Certification

11. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Keystroke logging
Key Escrow
Tort
Digest

12. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Trap Door
Hearsay Evidence
Software development lifecycle
Throughput of a Biometric System

13. The output of a hash function is a digest.
ActiveX Object Linking and Embedding
Digest
Covert channels
Content dependant

14. The practice of obtaining confidential information by manipulation of legitimate users.
Accreditation
Back door/ trap door/maintenance hook
SSL/TLS
Social engineering

15. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Aggregation
BIA
Entrapment
ROM (Read-only memory)

16. A military standard defining controls for emanation protection
Guards
TEMPEST
Inference
Owner

17. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
BIA
Dogs
Object Oriented Programming
Masquerade

18. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Mandatory vacation
Software librarian
Cold Site
PAP (Password Authentication Protocol)

19. Chief Executive Officer
Bastion hosts
Halon
ALE (Annualized Loss Expectancy)
CEO

20. In a separation of duties model - this is where code is checked in and out
Software librarian
Worm
Reciprocal agreement
Guards

21. A site that has some equipment in place - and can be up within days
Multiprocessing
Nonce
Warm Site
DNS cache poisoning

22. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
COOP
Dogs
Fiber optic
Digital signing

23. Occupant Emergency Plan - Employees are the most important!
Authentication
Multiprocessing
Multitasking
OEP

24. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
Sniffing
Java
Open network
Virtual Memory/Pagefile.sys

25. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
VPN (Virtual Private Network)
CD-Rom
Hubs
TEMPEST

26. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
PAP (Password Authentication Protocol)
Job rotation
Trade Secret
Logic bomb

27. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.
Risk Analysis
Malware
Exit interview
Macro

28. CISSPs subscribe to a code of ethics for building up the security profession
Code of ethics
Hearsay Evidence
Vulnerability analysis tools
Script kiddies

29. Good for distance - longer than 100M
Fences
Biometric profile
Smurf
Coax

30. A mechanism by which connections to TCP services on a system are allowed or disallowed
TCP Wrappers
Honey pot
AES (Advanced Encryption Standard)
Common criteria

31. Network devices that operate at layer 3. This device separates broadcast domains.
CHAP
Routers
Entrapment
Tort

32. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Checksum
Hubs
Security Perimeter
DAD

33. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Throughput of a Biometric System
Termination procedures
UUEncode
Risk Acceptance

34. Object Linking and Embedding. The ability of an object to be embedded into another object.
OLE
Cookies
PAP (Password Authentication Protocol)
Firmware

35. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Brute force
SESAME
Trade Secret
Teardrop

36. Random Number Base
Patent
Rijndael
Nonce
Open network

37. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Private Addressing
Clipper Chip
BIA
CORBA

38. A technique to eliminate data redundancy.
CD-Rom
Fences
Kerberos
Normalization

39. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Burden of Proof
Certification
SSO (Single sign-on)
Kerberos

40. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Acceptable use
Trade Secret
War dialing
Biometrics

41. After implementing countermeasures - accepting risk for the amount of vulnerability left over
Risk Acceptance
SSL/TLS
Object Oriented Programming
Back door/ trap door/maintenance hook

42. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Block cipher
NAT
TEMPEST
SSO (Single sign-on)

43. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.
Worm
Active attacks
Accountability
Brute force

44. The user
Active attacks
Routers
User
DDOS

45. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Authorization creep
SSL/TLS
SYN Flood
Artificial Neural Networks (ANN)

46. Assuming someone's session who is unaware of what you are doing
Session Hijacking
Patriot Act
SQL (Structured Query Language)
War driving

47. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Brute force
Probing
Boot-sector Virus
l0pht

48. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
CCTV
Halon
Format 7 times
ARP (Address Resolution Protocol)

49. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
CRC (Cyclic Redundancy Check)
CEO
CHAP
Illegal/Unethical

50. A war dialing utility
Switches / Bridges
Senior Management
Data Mart
Toneloc