Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A site that has some equipment in place - and can be up within days
DHCP
Warm Site
Promiscuous mode
Digest

2. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Passive attacks
Privacy Act of 1974
Common criteria
CGI (The Common Gateway Interface)

3. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Senior Management
Expert System
Expert systems
Copyright

4. Network Address Translation
NAT
Format 7 times
Twisted pair
SLE (Single Loss Expectancy or Exposure)

5. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Boot-sector Virus
Embezzlement
CGI (The Common Gateway Interface)
Asymmetric

6. Relating to quality or kind. This assigns a level of importance to something.
Technical - Administrative - Physical
Trade Secret
Qualitative
Honey pot

7. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Joke
Risk Management
Tailgating / Piggybacking
PAP (Password Authentication Protocol)

8. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
SSH
Digital signing
Granularity
Non-repudiation

9. The user
Private Addressing
Data Mart
Clipping levels
User

10. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
Fraud
WTLS (Wireless Transport Layer Security)
Digest
Well-known ports

11. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
TACACS (Terminal access controller access control system)
SSO (Single sign-on)
Penetration testing
Fraggle

12. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
/etc/passwd
Normalization
Finger scanning
Eavesdropping

13. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
ActiveX Object Linking and Embedding
Software development lifecycle
Change management
Virtual Memory/Pagefile.sys

14. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
Firmware
CD-Rom
Script
Compiler

15. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Hash
ActiveX Object Linking and Embedding
Quantitative
Senior Management

16. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically
Two-Factor Authentication
Smart cards
CD-Rom
Granularity

17. Involving the measurement of quantity or amount.
Tort
Quantitative
Detective - Preventive - Corrective
Authorization creep

18. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
TEMPEST
Security through obscurity
Finger printing
Reciprocal agreement

19. The act of identifying yourself. Providing your identity to a system
Identification
DNS cache poisoning
Object Oriented Programming
Digital certificates

20. A system designed to stop piggybacking.
Man trap
Coax
Social engineering
Promiscuous mode

21. Accepting all packets
Patent
Termination procedures
Toneloc
Promiscuous mode

22. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Detective - Preventive - Corrective
Callback Security/Call Forwarding
Twisted pair
Fraud

23. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
Change management
Scanning
TCSEC
Content dependant

24. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Hash
CIO
Hardware
Trade Secret

25. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Dictionary Attack
BIA
Salami Slicing
Data Mart

26. An instance of a scripting language
Script
Risk Transferring
Schema
RADIUS (Remote authentication dial-in user service)

27. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Kerberos
Smurf
Qualitative
Carnivore

28. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Security Perimeter
Script kiddies
Asset Value
Patent

29. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Keystroke logging
Repeaters
Degausser
Routers

30. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Virtual Memory/Pagefile.sys
Data Mart
ALE (Annualized Loss Expectancy)
Non-repudiation

31. Emanations from one wire coupling with another wire
Centralized
Crosstalk
User
RAM (Random-access memory)

32. This is an open international standard for applications that use wireless communications.
Custodian
SYN Flood
Skipjack
WAP (Wireless Application Protocol)

33. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Virtual machine
Hash
Encryption
Hubs

34. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Well-known ports
Virtual Memory/Pagefile.sys
Senior Management
Sniffing

35. The practice of obtaining confidential information by manipulation of legitimate users.
Social engineering
Tort
Script
ARO (Annualized Rate of Occurrence)

36. Internet Relay Chat.
SSL/TLS
Closed network
IRC
DNS cache poisoning

37. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
l0pht
Dumpster diving
Hash
CIO

38. Repeats the signal. It amplifies the signal before sending it on.
Hearsay Evidence
Repeaters
Separation of duties
Kerberos

39. Confidentiality - Integrity - and Availability
Replay
Non-repudiation
CIA
Tort

40. Occupant Emergency Plan - Employees are the most important!
MOM
OEP
Smart cards
Mandatory vacation

41. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work
VLANs
Due Diligence
Exit interview
Copyright

42. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Multithreading
Caesar Cipher
Crosstalk
Repeaters

43. Continuation of Operations Plan
Transposition
SSH
Custodian
COOP

44. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Noise & perturbation
War driving
Security kernel
Out of band

45. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Logic bomb
Skipjack
SLE (Single Loss Expectancy or Exposure)
Digest

46. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Software
Carnivore
Routers
RADIUS (Remote authentication dial-in user service)

47. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Checksum
Degausser
Covert channels
Crosstalk

48. Disclosure - Alteration - Destruction. These things break the CIA triad
Vulnerability analysis tools
DAD
Brute Force
Penetration testing

49. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.
Session Hijacking
BIA
Due Diligence
Brewer-Nash model

50. A war dialing utility
Data Mart
Senior Management
Toneloc
Callback Security/Call Forwarding