Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The practice of obtaining confidential information by manipulation of legitimate users.
Digital certificates
Social engineering
Aggregation
BIA

2. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Senior Management
Security kernel
TACACS (Terminal access controller access control system)
Cryptanalysis

3. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.
Acceptable use
Hubs
PKI
Aggregation

4. Access control method for database based on the content of the database to provide granular access
Attenuation
Accreditation
Content dependant
Brute force

5. A hidden communications channel on a system that allows for the bypassing of the system security policy
Covert channels
CCTV
TCP Wrappers
Firmware

6. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.
ROM (Read-only memory)
Identification
Hackers
Honey pot

7. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical
Multitasking
OSI Model
Key Escrow
Hacker

8. Basic Input/Output System
Exit interview
NAT
BIOS
ALE (Annualized Loss Expectancy)

9. Also known as a tunnel)
Owner
OLE
Inference
VPN (Virtual Private Network)

10. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.
Digital certificates
Common criteria
Hackers
Coax

11. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.
Crosstalk
Trojan horses
Accreditation
Teardrop

12. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
Coax
Multitasking
Non-repudiation
Brute force

13. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Honey pot
Attenuation
Motion detector
User

14. The art of breaking code. Testing the strength of an algorithm.
Normalization
/etc/passwd
AES (Advanced Encryption Standard)
Cryptanalysis

15. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Skipjack
TCB
Birthday attack
Incentive programs

16. CISSPs subscribe to a code of ethics for building up the security profession
Normalization
Code of ethics
Separation of duties
DNS cache poisoning

17. The user
Non-repudiation
User
Hacker
Data remanence

18. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time
DNS cache poisoning
WTLS (Wireless Transport Layer Security)
Non-repudiation
Hubs

19. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of
VPN (Virtual Private Network)
/etc/passwd
Data Mart
Out of band

20. An attempt to trick the system into believing that something false is real
Hoax
Biometrics
PKI
Cyphertext only

21. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.
Fraggle
DDOS
Carnivore
Illegal/Unethical

22. In the broadest sense - a fraud is a deception made for personal gain
Fraud
Digital signing
Malware
Incentive programs

23. Public Key Infrastructure
BIA
Quality Assurance
Hackers
PKI

24. Assuming someone's session who is unaware of what you are doing
Session Hijacking
IRC
RADIUS (Remote authentication dial-in user service)
Java

25. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.
Multitasking
Format 7 times
Fire extinguisher
Spoofing

26. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Identification
Fiber optic
SQL (Structured Query Language)
Certification

27. Once authenticated - the level of access you have to a system
UUEncode
Authorization
Echelon
Keystroke logging

28. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Hoax
Honey pot
Dumpster diving
ARO (Annualized Rate of Occurrence)

29. Using ICMP to diagram a network
Noise & perturbation
Job rotation
Probing
RADIUS (Remote authentication dial-in user service)

30. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.
Due Diligence
Worm
Tokens
Owner

31. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Smurf
Trade Secret
Worm
ISDN (Integrated Services Digital Network)

32. Random Number Base
Nonce
ISDN (Integrated Services Digital Network)
BIOS
DOS

33. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.
Callback Security/Call Forwarding
Encryption
Aggregation
Granularity

34. Network Address Translation
Hardware
Risk Mitigation
NAT
Sabotage

35. A network that mimics the brain
Substitution
Macro
Artificial Neural Networks (ANN)
Passive attacks

36. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t
SSL/TLS
SYN Flood
Callback Security/Call Forwarding
Embezzlement

37. The ability to have more than one thread associated with a process
OEP
Multithreading
Raid 0 - 1 - 3 - 5
Risk Transferring

38. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.
Biometric profile
Change management
Aggregation
Fire extinguisher

39. Also civil law
Tort
Virtual machine
Sniffing
SSO (Single sign-on)

40. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)
Classes of IP networks
Trademark
Custodian
MOM

41. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.
Hash
Logic bomb
Noise & perturbation
AES (Advanced Encryption Standard)

42. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.
CIA
Hardware
Virtual Memory/Pagefile.sys
Call tree

43. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Risk Management
UUEncode
Hot Site
Non-repudiation

44. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute
Malware
Throughput of a Biometric System
Out of band
Transposition

45. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources
Packet Sniffing
Finger printing
Security kernel
Key Escrow

46. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl
Well-known ports
DCOM
Guards
DDOS

47. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.
Certification
Passive attacks
Aggregation
Fiber optic

48. Accepting all packets
Firewall types
Tailgating / Piggybacking
CD-Rom
Promiscuous mode

49. Scanning the airwaves for radio transmissions
Scanning
BIA
Passive attacks
Separation of duties

50. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe
Embezzlement
DAD
Callback Security/Call Forwarding
Hacker