Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Defines the objects and their attributes that exist in a database.
ISDN (Integrated Services Digital Network)
Schema
Script kiddies
Biometric profile

2. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Private Addressing
Aggregation
ARP (Address Resolution Protocol)
Fire extinguisher

3. Entails planning and system actions to ensure that a project is following good quality management practices
Granularity
Twisted pair
MOM
Quality Assurance

4. The user
Eavesdropping
User
Routers
Fiber optic

5. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Hearsay Evidence
CIA
ARP (Address Resolution Protocol)
Clipping levels

6. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Qualitative
SESAME
Malware
Logic bomb

7. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Trademark
CIO
Boot-sector Virus
DOS

8. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Data remanence
Diffie-Hellman
SYN Flood
Boot-sector Virus

9. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
SLE (Single Loss Expectancy or Exposure)
Transposition
Hardware
Guards

10. The intercepting of conversations by unintended recipients
Cookies
Eavesdropping
Patriot Act
AES (Advanced Encryption Standard)

11. In cryptography - it is a block cipher
Bastion hosts
Routers
Copyright
Skipjack

12. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Noise & perturbation
War dialing
DOS
EF (Exposure Factor)

13. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Inference
Buffer overflow
Script kiddies
Fiber optic

14. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
Fences
Coax
Boot-sector Virus

15. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
Sniffing
Private Addressing
War dialing
DDOS

16. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.
DNS cache poisoning
Fraud
CHAP
Back door/ trap door/maintenance hook

17. When two or more processes are linked and execute multiple programs simultaneously
Fiber optic
Privacy Act of 1974
Multiprocessing
OSI Model

18. A war dialing utility
Toneloc
CIRT
Vulnerability analysis tools
Caesar Cipher

19. The output of a hash function is a digest.
Asymmetric
Script kiddies
Toneloc
Digest

20. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.
Inference
Risk Acceptance
Masquerade
Risk Management

21. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
RADIUS (Remote authentication dial-in user service)
CIRT
Degausser
SSO (Single sign-on)

22. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
Polymorphic
Halon
Callback Security/Call Forwarding
CHAP

23. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Asymmetric
Degausser
Burden of Proof
Format 7 times

24. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Common criteria
Hot Site
Biometrics
Active attacks

25. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
UUEncode
Data remanence
Fire extinguisher
Stream cipher

26. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
DCOM
Exit interview
TACACS (Terminal access controller access control system)
Illegal/Unethical

27. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Replay
WAP (Wireless Application Protocol)
Debug
Joke

28. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Burden of Proof
Hubs
Software development lifecycle
CCTV

29. Accepting all packets
Promiscuous mode
Fiber optic
Granularity
User

30. Rolling command center with UPS - satellite - uplink - power - etc.
IRC
Rolling hot sites
Hardware
Masquerade

31. A military standard defining controls for emanation protection
Authentication
TEMPEST
TCSEC
User

32. Basic Input/Output System
BIOS
ALE (Annualized Loss Expectancy)
Cryptanalysis
Reciprocal agreement

33. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Virtual machine
TCB
Hot Site
Hardware

34. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
ALE (Annualized Loss Expectancy)
Multipartite
VPN (Virtual Private Network)
WTLS (Wireless Transport Layer Security)

35. Providing verification to a system
Detective - Preventive - Corrective
Packet Sniffing
Authentication
Repeaters

36. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
TACACS (Terminal access controller access control system)
Audit Trail
Open network
Digital certificates

37. CISSPs subscribe to a code of ethics for building up the security profession
Code of ethics
Certification
Fences
Carnivore

38. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses
ARP (Address Resolution Protocol)
Reciprocal agreement
Callback Security/Call Forwarding
Biometric profile

39. An attempt to trick the system into believing that something false is real
Brute force
Malware
Hoax
Virtual machine

40. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Smurf
Symmetric
Qualitative
Nonce

41. When one key of a two-key pair has more encryption pattern than the other
Call tree
Passive attacks
Two-Factor Authentication
Asymmetric

42. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Incentive programs
Brute force
Out of band
Tort

43. Ethernet - Cat5 - Twisted to allow for longer runs.
Risk Management
Twisted pair
Malware
Virtual Memory/Pagefile.sys

44. This is an open international standard for applications that use wireless communications.
WTLS (Wireless Transport Layer Security)
Multitasking
Common criteria
WAP (Wireless Application Protocol)

45. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Finger printing
Call tree
Quantitative
CD-Rom

46. Confidentiality - Integrity - and Availability
Format 7 times
DHCP
CIA
Closed network

47. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Spoofing
Data remanence
Authorization creep
l0pht

48. Continuation of Operations Plan
Probing
BIA
COOP
Coax

49. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Qualitative
Guards
Private Addressing
DDOS

50. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.
Promiscuous mode
Cryptanalysis
Key Escrow
Format 7 times