Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. When security is managed at many different points in an organization
Decentralized
Well-known ports
OLE
SSH

2. A network that uses proprietary protocols
Closed network
Phreaker
Social engineering
EF (Exposure Factor)

3. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc
Dictionary Attack
Exit interview
Wiretapping
Aggregation

4. A site that is ready physically but has no hardware in place - all it has is HVAC
Digest
Kerberos
Cold Site
DAD

5. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
OEP
TACACS (Terminal access controller access control system)
Smart cards
Throughput of a Biometric System

6. Relating to quality or kind. This assigns a level of importance to something.
Brute force
Qualitative
IRC
FAR/FRR/CER

7. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
DOS
Cookies
Worm
Username/password

8. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
EF (Exposure Factor)
Nonce
Raid 0 - 1 - 3 - 5

9. A network entity that provides a single entrance / exit point to the Internet.
Telnet
Vulnerability analysis tools
Bastion hosts
Aggregation

10. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time
Block cipher
SSO (Single sign-on)
Compiler
Object Oriented Programming

11. White hat l0pht
Bugtraq
Scanning
Multipartite
Hacker

12. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable
ARO (Annualized Rate of Occurrence)
Two-Factor Authentication
CHAP
Checksum

13. The physical part of a computer - as distinguished from the computer software that executes within the hardware.
Due Diligence
Fraud
Hardware
Smart cards

14. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Caesar Cipher
Due Care
Custodian
Quality Assurance

15. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
SSO (Single sign-on)
ROM (Read-only memory)
Quantitative
WAP (Wireless Application Protocol)

16. Method of authenticating to a system. Something that you supply and something you know.
Job rotation
Rolling hot sites
Username/password
Honey pot

17. Be at least 8 foot tall and have three strands of barbed wire.
Replay
VPN (Virtual Private Network)
Technical - Administrative - Physical
Fences

18. Making individuals accountable for their actions on a system typically through the use of auditing
Digital signing
Quantitative
Hacker
Accountability

19. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Hearsay Evidence
Keystroke logging
FAR/FRR/CER
Data remanence

20. Data storage formats and equipment that allow the stored data to be accessed in any order
ARP (Address Resolution Protocol)
RAM (Random-access memory)
DHCP
Warm Site

21. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Base-64
Software development lifecycle
Keystroke logging
Worm

22. A network that mimics the brain
Artificial Neural Networks (ANN)
Open network
Promiscuous mode
Software development lifecycle

23. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste
Two-Factor Authentication
TACACS (Terminal access controller access control system)
Carnivore
Java

24. A network that uses standard protocols (TCP/IP)
Well-known ports
Open network
Trademark
Patriot Act

25. The user
SLE (Single Loss Expectancy or Exposure)
COOP
User
Digital certificates

26. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it
SYN Flood
Coax
Format 7 times
Eavesdropping

27. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
/etc/passwd
Private Addressing
Identification
Fences

28. Component Object Model.
Hearsay Evidence
ARP (Address Resolution Protocol)
COM
Security kernel

29. Once authenticated - the level of access you have to a system
Penetration testing
Inference
Authorization
Risk Mitigation

30. Scanning the airwaves for radio transmissions
Scanning
TACACS (Terminal access controller access control system)
Risk Acceptance
Custodian

31. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
Digest
BIA
Toneloc
Artificial Neural Networks (ANN)

32. A site that has some equipment in place - and can be up within days
Covert channels
Repeaters
SQL (Structured Query Language)
Warm Site

33. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.
Packet Sniffing
Software
Phreaker
Caesar Cipher

34. When two or more processes are linked and execute multiple programs simultaneously
Macro
Hubs
Packet Sniffing
Multiprocessing

35. The real cost of acquiring/maintaining/developing a system
Software librarian
Aggregation
Asset Value
Risk Mitigation

36. Defines the objects and their attributes that exist in a database.
RAM (Random-access memory)
Expert systems
Hash
Schema

37. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
Stream cipher
Dogs
AES (Advanced Encryption Standard)
EF (Exposure Factor)

38. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Change management
MitM
Inference
Expert System

39. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Hacker
Block cipher
Skipjack
Smart cards

40. Someone who hacks
COM
Hacker
MitM
Termination procedures

41. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
Separation of duties
SYN Flood
Wiretapping
Virtual Memory/Pagefile.sys

42. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards
Degausser
Accountability
Risk Analysis
Expert systems

43. Providing verification to a system
Promiscuous mode
Authentication
Transposition
Virtual Memory/Pagefile.sys

44. Confidentiality - Integrity - and Availability
Virtual machine
CIA
Back door/ trap door/maintenance hook
DHCP

45. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.
Technical - Administrative - Physical
Brute Force
Rolling hot sites
Data remanence

46. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
RADIUS (Remote authentication dial-in user service)
Bastion hosts
Macro
Noise & perturbation

47. A war dialing utility
Symmetric
VLANs
Toneloc
Wiretapping

48. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Firmware
Dogs
Diffie-Hellman
Quantitative

49. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which
IAB
Patent
Callback Security/Call Forwarding
Custodian

50. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
BIA
Cyphertext only
Carnivore
Honey pot