Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The output of a hash function is a digest.
Trade Secret
Carnivore
FAR/FRR/CER
Digest

2. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Polymorphic
DMZ
CIA
Encryption

3. Determines the monetary loss (impact) for each occurrence of a threatened event. SLE = Asset Value x Exposure Factor
Privacy Act of 1974
BIOS
SLE (Single Loss Expectancy or Exposure)
VPN (Virtual Private Network)

4. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Hubs
Security through obscurity
Kerberos
Audit Trail

5. To not be legal (as far as law is concerned) or ethical
Hubs
Illegal/Unethical
Object Oriented Programming
Polymorphism

6. The person that controls access to the data
Dumpster diving
TCP Wrappers
CGI (The Common Gateway Interface)
Custodian

7. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Repeaters
Polymorphic
Smart cards
Stream cipher

8. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Fire extinguisher
Detective - Preventive - Corrective
Accreditation
Probing

9. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
Wiretapping
/etc/passwd
Authorization
Twisted pair

10. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Risk Mitigation
Exit interview
Audit Trail
War driving

11. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
Cyphertext only
EF (Exposure Factor)
Due Care
Dogs

12. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Tailgating / Piggybacking
Symmetric
Trademark
Brute Force

13. Ethernet - Cat5 - Twisted to allow for longer runs.
Job rotation
Twisted pair
ISDN (Integrated Services Digital Network)
Tokens

14. Relating to quality or kind. This assigns a level of importance to something.
Qualitative
Quantitative
Classes of IP networks
Due Care

15. Setting up the user to access the honeypot for reasons other than the intent to harm.
Certification
Well-known ports
Biometric profile
Entrapment

16. Enticing people to hit your honeypot to see how they try to access your system.
Closed network
Teardrop
Passive attacks
Enticement

17. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i
Trade Secret
Probing
SQL (Structured Query Language)
Stream cipher

18. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
SYN Flood
Authorization creep
SQL (Structured Query Language)
Accountability

19. Be at least 8 foot tall and have three strands of barbed wire.
Fences
OSI Model
Risk Acceptance
Authentication

20. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
TCP Wrappers
Honey pot
Skipjack
Identification

21. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
TACACS (Terminal access controller access control system)
Due Diligence
CGI (The Common Gateway Interface)
CCTV

22. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Software
Finger scanning
Digest
Private Addressing

23. Network devices that operate at layer 3. This device separates broadcast domains.
Well-known ports
Routers
Acceptable use
CGI (The Common Gateway Interface)

24. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Trojan horses
Biometrics
SSL/TLS
Mandatory vacation

25. Chief Information Officer
ROM (Read-only memory)
Dogs
Multithreading
CIO

26. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Accreditation
Routers
Hash
Clipping levels

27. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Block cipher
Separation of duties
Carnivore
Object Oriented Programming

28. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
TCB
Block cipher
Honey pot
Debug

29. Involving the measurement of quantity or amount.
Patriot Act
CGI (The Common Gateway Interface)
Rolling hot sites
Quantitative

30. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Polymorphic
Format 7 times
TEMPEST
SYN Flood

31. A network that uses proprietary protocols
ALE (Annualized Loss Expectancy)
Replay
Closed network
Key Escrow

32. The art of breaking code. Testing the strength of an algorithm.
Cryptanalysis
COM
SQL (Structured Query Language)
Data Mart

33. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Masquerade
PAP (Password Authentication Protocol)
CIRT
Block cipher

34. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic bomb
Motion detector
Open network
ARO (Annualized Rate of Occurrence)

35. A sandbox. Emulates an operating environment.
Phreaker
DNS cache poisoning
Virtual machine
Coax

36. The practice of obtaining confidential information by manipulation of legitimate users.
Buffer overflow
Social engineering
Call tree
WTLS (Wireless Transport Layer Security)

37. Good for distance - longer than 100M
ISDN (Integrated Services Digital Network)
Technical - Administrative - Physical
Malware
Coax

38. The user
Caesar Cipher
CIO
User
Patriot Act

39. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Dictionary Attack
SSL/TLS
Hearsay Evidence
Brewer-Nash model

40. Network Address Translation
Spoofing
NAT
Reciprocal agreement
Routers

41. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Checksum
FAR/FRR/CER
Privacy Act of 1974
VLANs

42. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
Dogs
Script kiddies
Termination procedures
Data remanence

43. Making individuals accountable for their actions on a system typically through the use of auditing
Termination procedures
Identification
Decentralized
Accountability

44. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
VLANs
Call tree
DCOM
Brewer-Nash model

45. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Tailgating / Piggybacking
Audit Trail
Callback Security/Call Forwarding
TEMPEST

46. Reasonable doubt
Copyright
Cyphertext only
Burden of Proof
Quality Assurance

47. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Trade Secret
Separation of duties
Brute force
Toneloc

48. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Worm
Inference
Tokens
Incentive programs

49. In a separation of duties model - this is where code is checked in and out
Decentralized
Software librarian
Hacker
Repeaters

50. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
Degausser
ISDN (Integrated Services Digital Network)
MitM
Virtual Memory/Pagefile.sys