Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Chief Executive Officer
Fraud
CEO
Granularity
SSL/TLS

2. Software designed to infiltrate or damage a computer system - without the owner's consent.
WTLS (Wireless Transport Layer Security)
Authorization
Echelon
Malware

3. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Hash
Call tree
Job rotation
Spoofing

4. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Trap Door
ROM (Read-only memory)
Data remanence
BIOS

5. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
BIA
Authorization creep
Kerberos
OLE

6. The art of breaking code. Testing the strength of an algorithm.
Cryptanalysis
Virtual machine
Active attacks
CCTV

7. Encompasses Risk Analysis and Risk Mitigation
Worm
Data remanence
Burden of Proof
Risk Management

8. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Brute Force
SYN Flood
Accreditation
Change management

9. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Logic bomb
UUEncode
Man trap
MitM

10. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Cryptanalysis
Enticement
BIA
CRC (Cyclic Redundancy Check)

11. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Throughput of a Biometric System
Trademark
Passive attacks
Birthday attack

12. A technique to eliminate data redundancy.
Software
Normalization
Brute force
Hackers

13. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Honey pot
IRC
Qualitative
Multitasking

14. Involving the measurement of quantity or amount.
Coax
Keystroke logging
Salami Slicing
Quantitative

15. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
TACACS (Terminal access controller access control system)
Crosstalk
Digest
Debug

16. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Call tree
Logic bomb
Brute force
FAR/FRR/CER

17. The ability to have more than one thread associated with a process
Multithreading
Finger scanning
Software
CCTV

18. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
Digital signing
Change management
Back door/ trap door/maintenance hook
Coax

19. Network Address Translation
TACACS (Terminal access controller access control system)
Logic bomb
NAT
Passive attacks

20. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Authorization
DOS
Technical - Administrative - Physical
Diffie-Hellman

21. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Privacy Act of 1974
Inference
Transposition
Custodian

22. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Bastion hosts
Compiler
War driving

23. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Firmware
VPN (Virtual Private Network)
War dialing
TCB

24. Occupant Emergency Plan - Employees are the most important!
Stream cipher
Accreditation
OEP
Switches / Bridges

25. Reasonable doubt
Burden of Proof
Aggregation
Debug
FAR/FRR/CER

26. Emanations from one wire coupling with another wire
Termination procedures
Crosstalk
Hacker
Hot Site

27. These can be used to verify that public keys belong to certain individuals.
COOP
Common criteria
Bastion hosts
Digital certificates

28. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti
RAM (Random-access memory)
Trap Door
SSH
Noise & perturbation

29. When one key of a two-key pair has more encryption pattern than the other
Encryption
Asymmetric
ARO (Annualized Rate of Occurrence)
l0pht

30. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.
Multiprocessing
Aggregation
BIOS
Authorization creep

31. Motivational tools for employee awareness to get them to report security flaws in an organization
Qualitative
Authorization creep
Schema
Incentive programs

32. A system designed to stop piggybacking.
Firewall types
Accreditation
Man trap
ActiveX Object Linking and Embedding

33. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Nonce
Entrapment
UUEncode
Cyphertext only

34. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.
Hubs
Polymorphic
Embezzlement
Firmware

35. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
DOS
Digest
Centralized
Embezzlement

36. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
Social engineering
Data Mart
Dictionary Attack
ROT-13

37. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Noise & perturbation
Rijndael
IRC
Probing

38. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Hubs
Key Escrow
ActiveX Object Linking and Embedding
Copyright

39. 'If you cant see it - its secure'. Bad policy to live by.
Block cipher
Security through obscurity
Asset Value
OLE

40. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Eavesdropping
SSH
Risk Analysis
Accreditation

41. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Risk Mitigation
Inference
SYN Flood
Echelon

42. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Software
Expert systems
Buffer overflow
Virtual Memory/Pagefile.sys

43. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Granularity
Reciprocal agreement
COM
TEMPEST

44. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Aggregation
Worm
Granularity
Hackers

45. Data storage formats and equipment that allow the stored data to be accessed in any order
Dumpster diving
Sniffing
Logic bomb
RAM (Random-access memory)

46. Same as a block cipher except that it is applied to a data stream one bit at a time
Stream cipher
Session Hijacking
ARO (Annualized Rate of Occurrence)
Script kiddies

47. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Motion detector
Finger printing
Audit Trail
Username/password

48. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Common criteria
OSI Model
Technical - Administrative - Physical
Digital signing

49. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
PKI
Common criteria
Job rotation
Attenuation

50. The user
Hardware
User
Boot-sector Virus
Encryption