Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
Data remanence
Granularity
Tort

2. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
TCP Wrappers
Boot-sector Virus
TCSEC
Centralized

3. Trusted Computing Base. Comprised of the hardware - software - and firmware of the system.
Salami Slicing
TCB
ARP (Address Resolution Protocol)
Quality Assurance

4. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Security through obscurity
ALE (Annualized Loss Expectancy)
COM
Callback Security/Call Forwarding

5. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.
Tort
Quantitative
Brewer-Nash model
Fraggle

6. Dialing fixed sets telephone numbers looking for open modem connections to machines
Exit interview
War dialing
NAT
Hash

7. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra
NAT
DMZ
Normalization
Audit Trail

8. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
/etc/passwd
Virtual Memory/Pagefile.sys
Common criteria
Hackers

9. The practice of following someone with a security code or keycard through a security door - generally in workplaces.
Tailgating / Piggybacking
Cryptanalysis
Block cipher
Patriot Act

10. Threat to physical security.
Sabotage
Checksum
Authentication
Data Mart

11. A mechanism by which connections to TCP services on a system are allowed or disallowed
Acceptable use
Digest
Multitasking
TCP Wrappers

12. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Embezzlement
Hardware
Guards
Firewall types

13. Accepting all packets
Expert System
Identification
Warm Site
Promiscuous mode

14. The art of breaking code. Testing the strength of an algorithm.
Cryptanalysis
Owner
ALE (Annualized Loss Expectancy)
Script

15. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.
UUEncode
Tokens
Code of ethics
Spoofing

16. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.
WAP (Wireless Application Protocol)
Dogs
Digital signing
Senior Management

17. A military standard defining controls for emanation protection
Replay
TEMPEST
Acceptable use
Virtual machine

18. Internet Architecture Board. This board is responsible for protecting the Internet.
Private Addressing
Base-64
Inference
IAB

19. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.
Block cipher
Expert systems
Crosstalk
EF (Exposure Factor)

20. Be at least 8 foot tall and have three strands of barbed wire.
Termination procedures
Fences
Multipartite
Buffer overflow

21. Internet Relay Chat.
IRC
Halon
Motion detector
DMZ

22. A network that mimics the brain
Artificial Neural Networks (ANN)
Skipjack
Digital certificates
Security Awareness Training

23. Repeats the signal. It amplifies the signal before sending it on.
Repeaters
Expert System
Throughput of a Biometric System
Bugtraq

24. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the
Coax
Kerberos
/etc/passwd
Eavesdropping

25. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
Call tree
Sniffing
SQL (Structured Query Language)
Multithreading

26. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
ISDN (Integrated Services Digital Network)
Block cipher
Hackers
Cyphertext only

27. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Keystroke logging
Digital signing
Symmetric
Hoax

28. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Enticement
Rolling hot sites
ActiveX Object Linking and Embedding
Service packs

29. Scanning the airwaves for radio transmissions
NAT
Scanning
WAP (Wireless Application Protocol)
Social engineering

30. Object Linking and Embedding. The ability of an object to be embedded into another object.
OLE
Content dependant
Multithreading
DHCP

31. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Boot-sector Virus
Nonce
Classes of IP networks
Format 7 times

32. Component Object Model.
MitM
COM
DOS
Risk Transferring

33. Network device that operates at layer 1. Concentrator.
Replay
ALE (Annualized Loss Expectancy)
Hubs
Polymorphic

34. Something used to put out a fire. Can be in Classes A - B - C - D - or H
Fire extinguisher
Enticement
Raid 0 - 1 - 3 - 5
Logic bomb

35. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Hash
Well-known ports
Schema
Dictionary Attack

36. 'If you cant see it - its secure'. Bad policy to live by.
Patriot Act
Security through obscurity
Audit Trail
Twisted pair

37. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Cryptanalysis
UUEncode
Motion detector
Trap Door

38. A hidden communications channel on a system that allows for the bypassing of the system security policy
Firewall types
Covert channels
Cryptanalysis
Back door/ trap door/maintenance hook

39. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Multiprocessing
Smurf
FAR/FRR/CER
IAB

40. Dynamic Host Configuration Protocol.
DHCP
Raid 0 - 1 - 3 - 5
DNS cache poisoning
Artificial Neural Networks (ANN)

41. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack
MitM
Sniffing
Data Mart
Enticement

42. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Worm
TCB
Packet Sniffing
Bugtraq

43. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.
WTLS (Wireless Transport Layer Security)
CIA
Enticement
Private Addressing

44. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt
Cookies
Finger scanning
AES (Advanced Encryption Standard)
Caesar Cipher

45. CISSPs subscribe to a code of ethics for building up the security profession
Code of ethics
DHCP
IRC
Social engineering

46. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Compiler
Accreditation
Carnivore
Brute Force

47. In a distributed attack - the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and
DDOS
Script
Firewall types
Probing

48. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
CD-Rom
EF (Exposure Factor)
Hardware
Digest

49. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Data Mart
Job rotation
Stream cipher
Fraggle

50. Motivational tools for employee awareness to get them to report security flaws in an organization
Software
Dumpster diving
EF (Exposure Factor)
Incentive programs