Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Repeaters
Hardware
Senior Management
Brute Force

2. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
DOS
Active attacks
Hackers
Encryption

3. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Risk Transferring
Checksum
Cyphertext only
RAM (Random-access memory)

4. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
EF (Exposure Factor)
Separation of duties
Wiretapping
Normalization

5. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Halon
Back door/ trap door/maintenance hook
Toneloc
Transposition

6. A RFC standard. A mechanism for performing commands on a remote system
Multiprocessing
Telnet
NAT
RAM (Random-access memory)

7. Chief Executive Officer
Transposition
Callback Security/Call Forwarding
CEO
Privacy Act of 1974

8. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
ISDN (Integrated Services Digital Network)
Birthday attack
Job rotation
DMZ

9. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Guards
ALE (Annualized Loss Expectancy)
OSI Model
Symmetric

10. When one key of a two-key pair has more encryption pattern than the other
Change management
Repeaters
Asymmetric
Separation of duties

11. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Replay
Private Addressing
Two-Factor Authentication
Authorization creep

12. These viruses usually infect both boot records and files.
WAP (Wireless Application Protocol)
Sabotage
Multipartite
Out of band

13. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
Authorization creep
CGI (The Common Gateway Interface)
Penetration testing
/etc/passwd

14. Repeats the signal. It amplifies the signal before sending it on.
Repeaters
Throughput of a Biometric System
Hoax
CIRT

15. Driving around enumerating wireless networks with the proper equipment (antennas and the like)
Asymmetric
Hot Site
War driving
Virtual machine

16. A site that is ready physically but has no hardware in place - all it has is HVAC
Script kiddies
Tokens
Cold Site
Wiretapping

17. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.
Due Diligence
Data Mart
Trade Secret
Noise & perturbation

18. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Fiber optic
Dictionary Attack
Granularity
War driving

19. Also known as a tunnel)
Salami Slicing
Mandatory vacation
AES (Advanced Encryption Standard)
VPN (Virtual Private Network)

20. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Hearsay Evidence
Tort
TCSEC
Back door/ trap door/maintenance hook

21. Assuming someone's session who is unaware of what you are doing
l0pht
Well-known ports
Session Hijacking
Clipping levels

22. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Normalization
Degausser
Penetration testing
EF (Exposure Factor)

23. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
Probing
Trademark
Encryption
Fire extinguisher

24. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
Open network
Salami Slicing
l0pht
Hearsay Evidence

25. A set of rules applied by many transit networks which restrict the ways in which the network may be used.
Boot-sector Virus
Burden of Proof
Script kiddies
Acceptable use

26. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t
EF (Exposure Factor)
Man trap
Diffie-Hellman
Security Awareness Training

27. Ethernet - Cat5 - Twisted to allow for longer runs.
Finger printing
Twisted pair
Common criteria
Masquerade

28. CISSPs subscribe to a code of ethics for building up the security profession
Code of ethics
Asset Value
Risk Analysis
OEP

29. White hat l0pht
Switches / Bridges
Brute Force
Trade Secret
Bugtraq

30. The art of breaking code. Testing the strength of an algorithm.
Cryptanalysis
VLANs
Masquerade
AES (Advanced Encryption Standard)

31. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Audit Trail
Accountability
Packet Sniffing
Authorization creep

32. Someone whose hacking is primarily targeted at the phone systems
Tailgating / Piggybacking
Phreaker
Trade Secret
Software

33. A network entity that provides a single entrance / exit point to the Internet.
Authorization
Bastion hosts
OSI Model
Malware

34. A technique to eliminate data redundancy.
BIA
Trademark
Normalization
Trap Door

35. Involving the measurement of quantity or amount.
Masquerade
FAR/FRR/CER
Quantitative
Fraggle

36. Entails planning and system actions to ensure that a project is following good quality management practices
Buffer overflow
Quality Assurance
Centralized
FAR/FRR/CER

37. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Non-repudiation
TACACS (Terminal access controller access control system)
EF (Exposure Factor)
Multithreading

38. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Java
User
Twisted pair
Polymorphism

39. Same as a block cipher except that it is applied to a data stream one bit at a time
Raid 0 - 1 - 3 - 5
Scanning
CCTV
Stream cipher

40. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
ActiveX Object Linking and Embedding
CHAP
Fraggle
Username/password

41. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Fire extinguisher
Call tree
Risk Transferring
Replay

42. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Hackers
WTLS (Wireless Transport Layer Security)
Masquerade
Brute force

43. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Cryptanalysis
Multipartite
Owner
TACACS (Terminal access controller access control system)

44. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Guards
Digest
Tailgating / Piggybacking
Eavesdropping

45. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Security kernel
Illegal/Unethical
Honey pot
Penetration testing

46. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
Routers
Echelon
Checksum
Brewer-Nash model

47. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Security Perimeter
Well-known ports
CIO
Smurf

48. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Out of band
CIO
Multipartite
Halon

49. The real cost of acquiring/maintaining/developing a system
Dumpster diving
VLANs
Digital signing
Asset Value

50. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected
Debug
Risk Analysis
Replay
DMZ