Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Internet Relay Chat.
IRC
Digital certificates
ROM (Read-only memory)
TACACS (Terminal access controller access control system)

2. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Object Oriented Programming
Fraud
Trade Secret
War driving

3. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Compiler
Passive attacks
Smurf
Authentication

4. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider
ARO (Annualized Rate of Occurrence)
Trojan horses
Coax
PAP (Password Authentication Protocol)

5. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
CGI (The Common Gateway Interface)
Decentralized
Digital signing
Active attacks

6. The real cost of acquiring/maintaining/developing a system
Privacy Act of 1974
Honey pot
Asset Value
Cold Site

7. A system designed to stop piggybacking.
Cryptanalysis
Man trap
ROM (Read-only memory)
DNS cache poisoning

8. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Copyright
EF (Exposure Factor)
Transposition
SSL/TLS

9. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
Decentralized
Echelon
War driving
ActiveX Object Linking and Embedding

10. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.
SSO (Single sign-on)
SSL/TLS
Smart cards
Tort

11. A network entity that provides a single entrance / exit point to the Internet.
Change management
Digital signing
Bastion hosts
RADIUS (Remote authentication dial-in user service)

12. The practice of obtaining confidential information by manipulation of legitimate users.
Social engineering
EF (Exposure Factor)
Multitasking
Polymorphism

13. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Owner
Non-repudiation
Private Addressing
Boot-sector Virus

14. Internet Architecture Board. This board is responsible for protecting the Internet.
SSL/TLS
SYN Flood
Software development lifecycle
IAB

15. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Inference
Throughput of a Biometric System
Software development lifecycle
Logic bomb

16. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Routers
Burden of Proof
DHCP
Hardware

17. Common Object Request Broker Architecture.
CORBA
Detective - Preventive - Corrective
Checksum
Multitasking

18. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Hoax
Owner
Raid 0 - 1 - 3 - 5
Encryption

19. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
CIA
Fiber optic
CIRT
Back door/ trap door/maintenance hook

20. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.
CRC (Cyclic Redundancy Check)
Owner
SESAME
CORBA

21. Assuming someone's session who is unaware of what you are doing
Spoofing
Session Hijacking
Burden of Proof
Hash

22. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Object Oriented Programming
Spoofing
TCSEC
Digest

23. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Termination procedures
Patent
Debug
Schema

24. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Common criteria
SQL (Structured Query Language)
Warm Site
CIO

25. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Privacy Act of 1974
CORBA
Cookies
Burden of Proof

26. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Motion detector
Risk Transferring
Enticement
Rijndael

27. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Separation of duties
ALE (Annualized Loss Expectancy)
Granularity
Hacker

28. In a separation of duties model - this is where code is checked in and out
Logic bomb
Termination procedures
Software librarian
Masquerade

29. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.
Wiretapping
CIRT
Switches / Bridges
CRC (Cyclic Redundancy Check)

30. When security is managed at many different points in an organization
Software development lifecycle
Call tree
Biometric profile
Decentralized

31. Rolling command center with UPS - satellite - uplink - power - etc.
Multithreading
Exit interview
Echelon
Rolling hot sites

32. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.
Closed network
Teardrop
Boot-sector Virus
RAM (Random-access memory)

33. The intercepting of conversations by unintended recipients
Transposition
Eavesdropping
Twisted pair
Job rotation

34. A site that has some equipment in place - and can be up within days
Common criteria
Warm Site
Custodian
War driving

35. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
Non-repudiation
Virtual machine
Expert System
CD-Rom

36. The ability to have more than one thread associated with a process
Multithreading
COM
Vulnerability analysis tools
Centralized

37. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Rijndael
Software
Guards
Caesar Cipher

38. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
ALE (Annualized Loss Expectancy)
Checksum
SSH
Change management

39. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
ROM (Read-only memory)
Risk Analysis
Scanning
Expert System

40. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Firewall types
Caesar Cipher
Quality Assurance
Risk Transferring

41. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
DHCP
Format 7 times
Cookies
BIA

42. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Well-known ports
Classes of IP networks
Script
Format 7 times

43. A war dialing utility
Toneloc
Spoofing
Substitution
Bastion hosts

44. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
BIOS
Hot Site
Multiprocessing
Polymorphic

45. 'If you cant see it - its secure'. Bad policy to live by.
Security through obscurity
/etc/passwd
VLANs
RAM (Random-access memory)

46. Motive - Opportunity - and Means. These deal with crime.
Trap Door
Tailgating / Piggybacking
Exit interview
MOM

47. An attempt to trick the system into believing that something false is real
Cryptanalysis
Hoax
Virtual Memory/Pagefile.sys
Salami Slicing

48. Dynamic Host Configuration Protocol.
DHCP
Encryption
Code of ethics
Bugtraq

49. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).
ISDN (Integrated Services Digital Network)
Compiler
Centralized
Service packs

50. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Due Diligence
Worm
Patriot Act
Expert systems