Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
Custodian
Audit Trail
Authorization creep
Multiprocessing

2. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Salami Slicing
Attenuation
Object Oriented Programming
Enticement

3. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.
SSO (Single sign-on)
Termination procedures
Call tree
IRC

4. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)
SSL/TLS
Private Addressing
Trade Secret
Raid 0 - 1 - 3 - 5

5. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
DOS
Base-64
Closed network

6. Basic Input/Output System
BIOS
Exit interview
Expert System
IAB

7. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Callback Security/Call Forwarding
SSL/TLS
RADIUS (Remote authentication dial-in user service)
Fiber optic

8. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Embezzlement
Biometric profile
Debug
Symmetric

9. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Non-repudiation
SSO (Single sign-on)
UUEncode
Certification

10. These can be used to verify that public keys belong to certain individuals.
Hacker
Expert systems
Probing
Digital certificates

11. Repeats the signal. It amplifies the signal before sending it on.
Polymorphic
Repeaters
Keystroke logging
Content dependant

12. A sandbox. Emulates an operating environment.
Logic bomb
Halon
Virtual machine
Java

13. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Well-known ports
Hot Site
DDOS
Trademark

14. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Joke
Active attacks
Code of ethics
Back door/ trap door/maintenance hook

15. The real cost of acquiring/maintaining/developing a system
Asset Value
Code of ethics
Classes of IP networks
Birthday attack

16. These viruses usually infect both boot records and files.
Eavesdropping
Authorization
Classes of IP networks
Multipartite

17. Network devices that operate at layer 3. This device separates broadcast domains.
Polymorphic
User
ARO (Annualized Rate of Occurrence)
Routers

18. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.
IAB
Checksum
Boot-sector Virus
Cryptanalysis

19. Data storage formats and equipment that allow the stored data to be accessed in any order
Multipartite
Trap Door
RAM (Random-access memory)
Out of band

20. Chief Executive Officer
Sniffing
CEO
Risk Mitigation
SSH

21. When security is managed at a central point in an organization
Dogs
Reciprocal agreement
Base-64
Centralized

22. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Reciprocal agreement
Clipper Chip
Fire extinguisher
Base-64

23. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Call tree
Bugtraq
Salami Slicing

24. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
Dictionary Attack
Tokens
WTLS (Wireless Transport Layer Security)
Hoax

25. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Key Escrow
RADIUS (Remote authentication dial-in user service)
Patriot Act
Buffer overflow

26. Motive - Opportunity - and Means. These deal with crime.
UUEncode
Joke
MOM
Polymorphism

27. A network that mimics the brain
Artificial Neural Networks (ANN)
Smurf
TEMPEST
Format 7 times

28. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Job rotation
ActiveX Object Linking and Embedding
Script kiddies
IAB

29. Method of authenticating to a system. Something that you supply and something you know.
Hot Site
Compiler
Audit Trail
Username/password

30. When security is managed at many different points in an organization
Repeaters
Symmetric
Multithreading
Decentralized

31. Someone who hacks
Out of band
Dictionary Attack
Hacker
Keystroke logging

32. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Certification
Fences
SYN Flood
Logic bomb

33. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Service packs
User
OEP
Object Oriented Programming

34. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Biometrics
Java
DHCP
Script

35. A RFC standard. A mechanism for performing commands on a remote system
Dogs
Promiscuous mode
Digital signing
Telnet

36. A gas used in fire suppression. Not human safe. Chemical reaction.
Telnet
Halon
SQL (Structured Query Language)
Software

37. A network entity that provides a single entrance / exit point to the Internet.
Joke
Passive attacks
Bastion hosts
Authentication

38. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Hash
SYN Flood
ARP (Address Resolution Protocol)
Reciprocal agreement

39. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Finger printing
Senior Management
Trade Secret
Dumpster diving

40. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Trojan horses
Trade Secret
Rijndael
Spoofing

41. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Separation of duties
Base-64
TCP Wrappers
Software development lifecycle

42. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.
Packet Sniffing
Hubs
Finger scanning
Compiler

43. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Artificial Neural Networks (ANN)
Digital signing
Echelon
Risk Analysis

44. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Polymorphism
Passive attacks
Diffie-Hellman
Patent

45. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
TEMPEST
Privacy Act of 1974
Trademark
Security through obscurity

46. The frequency with which a threat is expected to occur.
ARO (Annualized Rate of Occurrence)
Nonce
SLE (Single Loss Expectancy or Exposure)
Caesar Cipher

47. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Security Perimeter
Out of band
Expert systems
Substitution

48. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE
Wiretapping
ALE (Annualized Loss Expectancy)
WTLS (Wireless Transport Layer Security)
SSO (Single sign-on)

49. White hat l0pht
Wiretapping
DMZ
Throughput of a Biometric System
Bugtraq

50. The person that determines the permissions to files. The data owner.
Owner
Inference
Virtual Memory/Pagefile.sys
RADIUS (Remote authentication dial-in user service)