Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Privacy Act of 1974
AES (Advanced Encryption Standard)
Mandatory vacation
Polymorphism

2. Animals with teeth. Not as discriminate as guards
Dogs
Closed network
Eavesdropping
VPN (Virtual Private Network)

3. A standard protocol for interfacing external application software with an information server - commonly a web server. This allows the server to pass requests from a client web browser to the external application. The web server can then return the ou
CGI (The Common Gateway Interface)
Accreditation
Out of band
Symmetric

4. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
Clipper Chip
SSH
Common criteria
Job rotation

5. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Quality Assurance
Virtual machine
Fire extinguisher
Hackers

6. Rolling command center with UPS - satellite - uplink - power - etc.
Motion detector
Rolling hot sites
Tokens
DDOS

7. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Debug
Expert System
Motion detector
Spoofing

8. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities
Open network
Firmware
OSI Model
Vulnerability analysis tools

9. A site that has some equipment in place - and can be up within days
Biometric profile
SYN Flood
SESAME
Warm Site

10. The ability to have more than one thread associated with a process
Enticement
Object Oriented Programming
OLE
Multithreading

11. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.
Exit interview
Digital signing
Base-64
Format 7 times

12. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Multitasking
Firewall types
Carnivore
l0pht

13. This is an attack in which an attacker is able to read - insert and modify at will - messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept message
MitM
Tort
TCP Wrappers
Qualitative

14. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho
Hash
SSH
Vulnerability analysis tools
ActiveX Object Linking and Embedding

15. A military standard defining controls for emanation protection
Qualitative
Session Hijacking
Detective - Preventive - Corrective
TEMPEST

16. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'
Caesar Cipher
Toneloc
Covert channels
Transposition

17. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.
Reciprocal agreement
Spoofing
Qualitative
Quality Assurance

18. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Scanning
Callback Security/Call Forwarding
User
Tort

19. Confidentiality - Integrity - and Availability
Multithreading
Twisted pair
CIA
OSI Model

20. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
Guards
War dialing
Well-known ports
FAR/FRR/CER

21. 'If you cant see it - its secure'. Bad policy to live by.
Worm
Due Care
Security through obscurity
DNS cache poisoning

22. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
CORBA
Fraggle
Firmware
Guards

23. A sandbox. Emulates an operating environment.
Virtual machine
Honey pot
EF (Exposure Factor)
Schema

24. In the broadest sense - a fraud is a deception made for personal gain
Fraud
Qualitative
Skipjack
Crosstalk

25. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.
ARP (Address Resolution Protocol)
TACACS (Terminal access controller access control system)
DCOM
VLANs

26. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus
Joke
ARO (Annualized Rate of Occurrence)
Due Care
Two-Factor Authentication

27. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema
Hash
Job rotation
Separation of duties
SSL/TLS

28. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
RADIUS (Remote authentication dial-in user service)
Risk Acceptance
Routers
Detective - Preventive - Corrective

29. The user
Trojan horses
UUEncode
Keystroke logging
User

30. Entails planning and system actions to ensure that a project is following good quality management practices
Quality Assurance
Out of band
Packet Sniffing
Attenuation

31. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
Centralized
Hardware
Decentralized
ISDN (Integrated Services Digital Network)

32. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s
Out of band
Diffie-Hellman
ISDN (Integrated Services Digital Network)
ALE (Annualized Loss Expectancy)

33. Also known as a tunnel)
VPN (Virtual Private Network)
ARP (Address Resolution Protocol)
Replay
OEP

34. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac
Cyphertext only
Packet Sniffing
Smurf
Senior Management

35. The art of breaking code. Testing the strength of an algorithm.
War driving
Cryptanalysis
Coax
Callback Security/Call Forwarding

36. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Hot Site
NAT
Fences
Due Care

37. Must be in place for you to use a biometric system
Biometric profile
Man trap
Script kiddies
Decentralized

38. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
Service packs
Job rotation
CORBA
Exit interview

39. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB
Security Perimeter
Hubs
Artificial Neural Networks (ANN)
Due Diligence

40. When security is managed at many different points in an organization
Decentralized
AES (Advanced Encryption Standard)
Artificial Neural Networks (ANN)
WTLS (Wireless Transport Layer Security)

41. ('rotate by 13 places' - sometimes hyphenated ROT-13) Is a simple Caesar cipher used for obscuring text by replacing each letter with the letter thirteen places down the alphabet
Trojan horses
WTLS (Wireless Transport Layer Security)
Fraud
ROT-13

42. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Tokens
Caesar Cipher
Honey pot
ROM (Read-only memory)

43. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Salami Slicing
Sniffing
Repeaters
Due Diligence

44. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
War driving
Digital signing
Multitasking
Software

45. The person that determines the permissions to files. The data owner.
Username/password
Data Mart
Finger printing
Owner

46. These viruses usually infect both boot records and files.
Multipartite
Base-64
Authorization
Crosstalk

47. More discriminate than dogs
Trademark
Hackers
OSI Model
Guards

48. Chief Executive Officer
Clipping levels
CEO
VPN (Virtual Private Network)
Trademark

49. Once authenticated - the level of access you have to a system
DCOM
Authorization
Closed network
Fiber optic

50. The real cost of acquiring/maintaining/developing a system
Risk Acceptance
Trademark
OSI Model
Asset Value