Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Data storage formats and equipment that allow the stored data to be accessed in any order
RAM (Random-access memory)
Teardrop
Software development lifecycle
Software librarian

2. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Echelon
Logic bomb
Rolling hot sites
Cyphertext only

3. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.
Virtual machine
CRC (Cyclic Redundancy Check)
Incentive programs
Passive attacks

4. A military standard defining controls for emanation protection
Object Oriented Programming
DMZ
Hubs
TEMPEST

5. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.
Asymmetric
Content dependant
Common criteria
Toneloc

6. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Call tree
Out of band
Honey pot
Hash

7. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Covert channels
Risk Mitigation
Change management
Security Perimeter

8. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
PAP (Password Authentication Protocol)
Technical - Administrative - Physical
AES (Advanced Encryption Standard)
Smart cards

9. A network that uses standard protocols (TCP/IP)
DHCP
Joke
Open network
Accountability

10. Setting up the user to access the honeypot for reasons other than the intent to harm.
Schema
Authorization
Entrapment
DOS

11. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Packet Sniffing
ARO (Annualized Rate of Occurrence)
Bugtraq
Copyright

12. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Digital certificates
Brewer-Nash model
/etc/passwd
SESAME

13. This factor represents a measure of the magnitude of loss or impact on the value of an asset.
EF (Exposure Factor)
ROT-13
Bastion hosts
Digital signing

14. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.
COM
BIA
Debug
ROM (Read-only memory)

15. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Data Mart
Diffie-Hellman
AES (Advanced Encryption Standard)
Rijndael

16. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Patent
Identification
FAR/FRR/CER
Security kernel

17. Chief Information Officer
CGI (The Common Gateway Interface)
SSO (Single sign-on)
SSH
CIO

18. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh
Biometrics
/etc/passwd
Eavesdropping
Identification

19. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Digital certificates
Substitution
Classes of IP networks
AES (Advanced Encryption Standard)

20. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.
Debug
Tort
Degausser
Common criteria

21. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Tailgating / Piggybacking
Malware
Multithreading
Polymorphism

22. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
DDOS
Checksum
Audit Trail
COM

23. In a separation of duties model - this is where code is checked in and out
Software librarian
Asymmetric
Eavesdropping
Noise & perturbation

24. Entails planning and system actions to ensure that a project is following good quality management practices
CORBA
ALE (Annualized Loss Expectancy)
Sabotage
Quality Assurance

25. A network that mimics the brain
TCSEC
Noise & perturbation
Artificial Neural Networks (ANN)
ALE (Annualized Loss Expectancy)

26. Closed Circuit Television
Worm
CCTV
Identification
Patriot Act

27. A mechanism by which connections to TCP services on a system are allowed or disallowed
Decentralized
SSH
TCP Wrappers
Fences

28. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Worm
Rolling hot sites
TCB
Sabotage

29. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.
Block cipher
Compiler
Caesar Cipher
Username/password

30. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.
SYN Flood
SQL (Structured Query Language)
Kerberos
Trademark

31. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.
Tailgating / Piggybacking
Exit interview
Session Hijacking
Well-known ports

32. Separation of duties (SoD) is the concept of having more than one person required to complete a task.
Raid 0 - 1 - 3 - 5
Separation of duties
Hearsay Evidence
ActiveX Object Linking and Embedding

33. Once authenticated - the level of access you have to a system
Authorization
BIOS
Carnivore
Custodian

34. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th
Degausser
Brute force
Incentive programs
Centralized

35. Good for distance - longer than 100M
SSL/TLS
Hackers
/etc/passwd
Coax

36. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi
Attenuation
Transposition
Java
Expert System

37. A network entity that provides a single entrance / exit point to the Internet.
Dictionary Attack
Callback Security/Call Forwarding
Bastion hosts
Object Oriented Programming

38. A system designed to stop piggybacking.
Digital signing
Polymorphic
Man trap
Technical - Administrative - Physical

39. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r
Packet Sniffing
Patriot Act
Birthday attack
CCTV

40. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Scanning
Fire extinguisher
Brute Force
Quality Assurance

41. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
TACACS (Terminal access controller access control system)
Due Care
ARO (Annualized Rate of Occurrence)
Penetration testing

42. Access control method for database based on the content of the database to provide granular access
Normalization
UUEncode
Technical - Administrative - Physical
Content dependant

43. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.
Polymorphic
Encryption
ARO (Annualized Rate of Occurrence)
Crosstalk

44. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
MitM
Well-known ports
Java
Security Perimeter

45. Scanning the airwaves for radio transmissions
Illegal/Unethical
Scanning
Biometric profile
Hash

46. Transferring your risk to someone else - typically an insurance company
Software
CRC (Cyclic Redundancy Check)
Audit Trail
Risk Transferring

47. A gas used in fire suppression. Not human safe. Chemical reaction.
Halon
Joke
/etc/passwd
Data remanence

48. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Multitasking
Qualitative
Hardware
Firewall types

49. This is an open international standard for applications that use wireless communications.
WAP (Wireless Application Protocol)
CD-Rom
Twisted pair
MOM

50. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Noise & perturbation
Accountability
Bugtraq
Substitution