Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The person that determines the permissions to files. The data owner.
Bugtraq
Script kiddies
Owner
Hearsay Evidence

2. Relating to quality or kind. This assigns a level of importance to something.
Qualitative
Burden of Proof
Inference
Fraud

3. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
RAM (Random-access memory)
Carnivore
Keystroke logging
Burden of Proof

4. A card that holds information that must be authenticated to before it can reveal the information that it is holding
Warm Site
COM
Smart cards
UUEncode

5. To not be legal (as far as law is concerned) or ethical
Carnivore
Illegal/Unethical
NAT
Risk Mitigation

6. Enticing people to hit your honeypot to see how they try to access your system.
TACACS (Terminal access controller access control system)
Fire extinguisher
Finger printing
Enticement

7. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Bastion hosts
Change management
OLE
Covert channels

8. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also
Classes of IP networks
Senior Management
COOP
Trojan horses

9. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.
Audit Trail
Detective - Preventive - Corrective
SLE (Single Loss Expectancy or Exposure)
Acceptable use

10. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.
Stream cipher
Encryption
User
Masquerade

11. False Acceptance Rate - False Rejection Rate - Crossover Error Rate
FAR/FRR/CER
Accreditation
DNS cache poisoning
RADIUS (Remote authentication dial-in user service)

12. White hat l0pht
Bugtraq
Replay
Nonce
Throughput of a Biometric System

13. A system designed to stop piggybacking.
Skipjack
AES (Advanced Encryption Standard)
Privacy Act of 1974
Man trap

14. A gas used in fire suppression. Not human safe. Chemical reaction.
Halon
Multiprocessing
Hot Site
Asset Value

15. Rolling command center with UPS - satellite - uplink - power - etc.
Rolling hot sites
Malware
EF (Exposure Factor)
TCP Wrappers

16. A network that uses proprietary protocols
Separation of duties
Hearsay Evidence
TACACS (Terminal access controller access control system)
Closed network

17. Network device that operates at layer 1. Concentrator.
Hubs
Bastion hosts
Asymmetric
Centralized

18. In a separation of duties model - this is where code is checked in and out
Social engineering
ROT-13
Software librarian
Replay

19. Jumping into dumpsters to retrieve information about someone/something/a company
Dumpster diving
Trade Secret
Malware
Username/password

20. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Attenuation
Brute Force
Data Mart
Cookies

21. Also known as a tunnel)
Replay
Symmetric
VPN (Virtual Private Network)
Technical - Administrative - Physical

22. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet
Cookies
TCB
Privacy Act of 1974
War dialing

23. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
TCSEC
Service packs
Certification
Format 7 times

24. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.
Mandatory vacation
Custodian
Session Hijacking
OLE

25. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.
Service packs
Sabotage
Attenuation
Debug

26. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Aggregation
Entrapment
CRC (Cyclic Redundancy Check)
DDOS

27. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.
Keystroke logging
Granularity
Authorization
Bastion hosts

28. Encompasses Risk Analysis and Risk Mitigation
Risk Management
Job rotation
Toneloc
Burden of Proof

29. Good for distance - longer than 100M
Kerberos
Motion detector
Inference
Coax

30. Setting up the user to access the honeypot for reasons other than the intent to harm.
Security Perimeter
Entrapment
Boot-sector Virus
Vulnerability analysis tools

31. Internet Architecture Board. This board is responsible for protecting the Internet.
DNS cache poisoning
Authorization creep
IAB
Covert channels

32. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.
Privacy Act of 1974
Probing
Dictionary Attack
Rijndael

33. A hidden communications channel on a system that allows for the bypassing of the system security policy
Toneloc
Covert channels
Decentralized
Eavesdropping

34. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational
Risk Transferring
Copyright
DOS
FAR/FRR/CER

35. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.
Digital certificates
Cold Site
ISDN (Integrated Services Digital Network)
WAP (Wireless Application Protocol)

36. The ability to have more than one thread associated with a process
Multithreading
Trap Door
Cryptanalysis
MOM

37. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.
Halon
Cyphertext only
Asymmetric
Vulnerability analysis tools

38. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message
Symmetric
Digital certificates
Fiber optic
Dictionary Attack

39. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t
Salami Slicing
Expert System
IAB
Guards

40. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....
CIO
Trade Secret
l0pht
Wiretapping

41. The process of reducing your risks to an acceptable level based on your risk analysis
Digest
Artificial Neural Networks (ANN)
Risk Mitigation
Centralized

42. The real cost of acquiring/maintaining/developing a system
Risk Management
Brute force
Birthday attack
Asset Value

43. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.
SYN Flood
Routers
Boot-sector Virus
MOM

44. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.
WAP (Wireless Application Protocol)
Detective - Preventive - Corrective
Multiprocessing
Job rotation

45. Threat to physical security.
Telnet
Sabotage
Block cipher
Exit interview

46. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications
Common criteria
Firewall types
Open network
Echelon

47. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
UUEncode
Raid 0 - 1 - 3 - 5
Repeaters
Macro

48. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec
WTLS (Wireless Transport Layer Security)
Nonce
Wiretapping
CRC (Cyclic Redundancy Check)

49. Distributed Component Object Model. Microsoft's implementation of CORBA.
Multithreading
DCOM
Certification
Scanning

50. Component Object Model.
ALE (Annualized Loss Expectancy)
UUEncode
Hoax
COM