Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Out of band
Back door/ trap door/maintenance hook
Debug
Incentive programs

2. Access control method for database based on the content of the database to provide granular access
FAR/FRR/CER
Content dependant
CIA
Patriot Act

3. Public Key Infrastructure
PKI
Crosstalk
Stream cipher
Identification

4. A sandbox. Emulates an operating environment.
Qualitative
Virtual machine
SQL (Structured Query Language)
Wiretapping

5. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Inference
SSL/TLS
Security through obscurity
Warm Site

6. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Hackers
AES (Advanced Encryption Standard)
Out of band
TCB

7. More discriminate than dogs
Guards
Rijndael
Degausser
Masquerade

8. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Buffer overflow
CORBA
Hash
Quantitative

9. Distributed Component Object Model. Microsoft's implementation of CORBA.
DCOM
Clipping levels
Script
COM

10. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Code of ethics
Risk Management
BIA
Joke

11. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Digital signing
l0pht
Script kiddies
Trap Door

12. Computer Incident Response Team
CIRT
RADIUS (Remote authentication dial-in user service)
Checksum
Worm

13. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Due Care
RAM (Random-access memory)
Carnivore
Biometric profile

14. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user
Phreaker
Separation of duties
Expert System
Open network

15. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Trademark
Key Escrow
OEP
Polymorphism

16. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
Tokens
Virtual Memory/Pagefile.sys
BIA
Passive attacks

17. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
Expert System
PAP (Password Authentication Protocol)
ARO (Annualized Rate of Occurrence)
ROM (Read-only memory)

18. A site that is ready physically but has no hardware in place - all it has is HVAC
Cold Site
Multiprocessing
Diffie-Hellman
Expert System

19. Signal degradation as it moves farther from its source
Expert System
DMZ
Enticement
Attenuation

20. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Patriot Act
Risk Management
Virtual Memory/Pagefile.sys
Java

21. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
OEP
Artificial Neural Networks (ANN)
MitM
Echelon

22. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Honey pot
Script
Firmware
Teardrop

23. Ethernet - Cat5 - Twisted to allow for longer runs.
SLE (Single Loss Expectancy or Exposure)
Twisted pair
Trade Secret
Fiber optic

24. Accepting all packets
Software librarian
Acceptable use
Promiscuous mode
Tailgating / Piggybacking

25. Software designed to infiltrate or damage a computer system - without the owner's consent.
Attenuation
Finger printing
Malware
Sniffing

26. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Risk Transferring
ALE (Annualized Loss Expectancy)
Change management
Tailgating / Piggybacking

27. Relating to quality or kind. This assigns a level of importance to something.
Qualitative
Mandatory vacation
Biometrics
DOS

28. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
Reciprocal agreement
Carnivore
SSO (Single sign-on)
Virtual Memory/Pagefile.sys

29. In cryptography - it is a block cipher
DOS
SYN Flood
DNS cache poisoning
Skipjack

30. Threat to physical security.
Promiscuous mode
CRC (Cyclic Redundancy Check)
VPN (Virtual Private Network)
Sabotage

31. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Stream cipher
Hoax
Risk Management
Kerberos

32. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.
Script kiddies
WAP (Wireless Application Protocol)
Out of band
Joke

33. Occupant Emergency Plan - Employees are the most important!
OEP
Finger scanning
Enticement
Asset Value

34. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
Tokens
Warm Site
SESAME
Fences

35. A network that mimics the brain
Artificial Neural Networks (ANN)
Symmetric
Centralized
Debug

36. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Hackers
Virtual Memory/Pagefile.sys
SESAME
CORBA

37. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
TCB
Two-Factor Authentication
Logic bomb
Keystroke logging

38. The process of reducing your risks to an acceptable level based on your risk analysis
Promiscuous mode
Risk Mitigation
Copyright
AES (Advanced Encryption Standard)

39. The art of breaking code. Testing the strength of an algorithm.
Cryptanalysis
Aggregation
Identification
Script kiddies

40. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Masquerade
Accreditation
PAP (Password Authentication Protocol)
Salami Slicing

41. Assuming someone's session who is unaware of what you are doing
CIA
PKI
Session Hijacking
Raid 0 - 1 - 3 - 5

42. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Cold Site
Tokens
Audit Trail
Passive attacks

43. The person that determines the permissions to files. The data owner.
SSL/TLS
CEO
Owner
Warm Site

44. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Nonce
Code of ethics
Cyphertext only
Format 7 times

45. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Security Awareness Training
Firewall types
Polymorphic
FAR/FRR/CER

46. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Common criteria
TACACS (Terminal access controller access control system)
Echelon
OEP

47. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Key Escrow
Vulnerability analysis tools
Software
IRC

48. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
MOM
Exit interview
DOS
Code of ethics

49. A system designed to stop piggybacking.
TACACS (Terminal access controller access control system)
Back door/ trap door/maintenance hook
Man trap
Debug

50. A mechanism by which connections to TCP services on a system are allowed or disallowed
DNS cache poisoning
Risk Acceptance
Smurf
TCP Wrappers