Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Separation of duties
Security through obscurity
Hot Site
Man trap

2. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Senior Management
Replay
Risk Transferring
Birthday attack

3. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
WTLS (Wireless Transport Layer Security)
Routers
RADIUS (Remote authentication dial-in user service)
Senior Management

4. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Quality Assurance
SSO (Single sign-on)
NAT
UUEncode

5. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
CHAP
Owner
Data Mart
ALE (Annualized Loss Expectancy)

6. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Change management
Phreaker
Accountability
DHCP

7. In the broadest sense - a fraud is a deception made for personal gain
Fraud
RAM (Random-access memory)
Toneloc
EF (Exposure Factor)

8. A site that is ready physically but has no hardware in place - all it has is HVAC
Quantitative
Guards
Wiretapping
Cold Site

9. Setting up the user to access the honeypot for reasons other than the intent to harm.
Dictionary Attack
Entrapment
Finger scanning
Script

10. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Kerberos
Guards
Twisted pair
Telnet

11. Involving the measurement of quantity or amount.
CRC (Cyclic Redundancy Check)
Software librarian
Classes of IP networks
Quantitative

12. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Hubs
Skipjack
Smurf
Cyphertext only

13. Dialing fixed sets telephone numbers looking for open modem connections to machines
Cookies
Stream cipher
Packet Sniffing
War dialing

14. Network Address Translation
NAT
Back door/ trap door/maintenance hook
Diffie-Hellman
Hearsay Evidence

15. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
DAD
DMZ
Digital certificates
Block cipher

16. A network that uses standard protocols (TCP/IP)
CIRT
Open network
Keystroke logging
Packet Sniffing

17. Continuation of Operations Plan
Fiber optic
Aggregation
COOP
Worm

18. Method of authenticating to a system. Something that you supply and something you know.
Security through obscurity
Risk Mitigation
Username/password
Twisted pair

19. Chief Information Officer
CIO
Digest
Teardrop
Multitasking

20. A site that has some equipment in place - and can be up within days
Warm Site
Trademark
Decentralized
Software librarian

21. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req
OSI Model
Dictionary Attack
Virtual Memory/Pagefile.sys
Authorization

22. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Rijndael
Centralized
Digital certificates
Cyphertext only

23. Also known as a tunnel)
Echelon
Compiler
VPN (Virtual Private Network)
Entrapment

24. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Active attacks
Noise & perturbation
Masquerade
CIRT

25. Assuming someone's session who is unaware of what you are doing
/etc/passwd
Cookies
OLE
Session Hijacking

26. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
COOP
Switches / Bridges
Firewall types
Hearsay Evidence

27. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Twisted pair
Fraud
Raid 0 - 1 - 3 - 5
RADIUS (Remote authentication dial-in user service)

28. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Script kiddies
Well-known ports
TCP Wrappers
Base-64

29. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
Boot-sector Virus
Hardware
FAR/FRR/CER
Routers

30. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.
Multipartite
Code of ethics
DMZ
Biometric profile

31. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
DDOS
Audit Trail
ARP (Address Resolution Protocol)
ROT-13

32. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
ARO (Annualized Rate of Occurrence)
Phreaker
Replay
Java

33. Public Key Infrastructure
Joke
CIA
Risk Analysis
PKI

34. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
MOM
Honey pot
Salami Slicing
Due Care

35. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans
CIA
Smart cards
ActiveX Object Linking and Embedding
Risk Analysis

36. Software designed to infiltrate or damage a computer system - without the owner's consent.
Normalization
Biometric profile
CIO
Malware

37. The user
Stream cipher
User
Risk Management
Embezzlement

38. Network devices that operate at layer 3. This device separates broadcast domains.
Routers
ROT-13
Smurf
Hackers

39. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth
Smurf
Buffer overflow
Compiler
Quality Assurance

40. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
Toneloc
Tailgating / Piggybacking
ISDN (Integrated Services Digital Network)
Embezzlement

41. White hat l0pht
Biometric profile
Common criteria
Bugtraq
Normalization

42. Using ICMP to diagram a network
Multithreading
Hot Site
Probing
Tort

43. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)
Out of band
Multithreading
Owner
Echelon

44. A network entity that provides a single entrance / exit point to the Internet.
Digital signing
Stream cipher
Bastion hosts
OSI Model

45. Enticing people to hit your honeypot to see how they try to access your system.
Enticement
Hoax
MitM
AES (Advanced Encryption Standard)

46. Occupant Emergency Plan - Employees are the most important!
Brute force
Format 7 times
Diffie-Hellman
OEP

47. After implementing countermeasures - accepting risk for the amount of vulnerability left over
WTLS (Wireless Transport Layer Security)
Virtual Memory/Pagefile.sys
DDOS
Risk Acceptance

48. The intercepting of conversations by unintended recipients
Quality Assurance
Base-64
Throughput of a Biometric System
Eavesdropping

49. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
Patent
Phreaker
Service packs
Virtual Memory/Pagefile.sys

50. The frequency with which a threat is expected to occur.
UUEncode
ARO (Annualized Rate of Occurrence)
Probing
Biometrics