Test your basic knowledge |

Comptia Security +: Vocab

Subjects : certifications, comptia-security-+, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.
Classes of IP networks
Patent
Smurf
Private Addressing

2. Jumping into dumpsters to retrieve information about someone/something/a company
Dumpster diving
Crosstalk
DAD
Multiprocessing

3. The fraudulent appropriation by a person to his own use of property or money entrusted to that person's care but owned by someone else.
Classes of IP networks
Tokens
Embezzlement
Rolling hot sites

4. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.
Joke
OSI Model
Closed network
Certification

5. Making individuals accountable for their actions on a system typically through the use of auditing
Patent
Accountability
NAT
Repeaters

6. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.
Packet Sniffing
Data remanence
DHCP
Birthday attack

7. When security is managed at a central point in an organization
Centralized
Authorization
Out of band
CGI (The Common Gateway Interface)

8. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst
CD-Rom
Software development lifecycle
Incentive programs
ActiveX Object Linking and Embedding

9. Confidentiality - Integrity - and Availability
CIA
Back door/ trap door/maintenance hook
Salami Slicing
CORBA

10. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.
Hot Site
DDOS
Penetration testing
Software

11. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal
Software development lifecycle
Authorization
Encryption
Termination procedures

12. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x
Exit interview
OEP
Private Addressing
COOP

13. The person that determines the permissions to files. The data owner.
Trade Secret
Sniffing
CRC (Cyclic Redundancy Check)
Owner

14. The user
Fences
User
Normalization
DDOS

15. In cryptography - it is a block cipher
Authorization creep
Skipjack
Certification
Eavesdropping

16. Reasonable doubt
Certification
Attenuation
Copyright
Burden of Proof

17. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.
Risk Transferring
Biometrics
Boot-sector Virus
Non-repudiation

18. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.
Artificial Neural Networks (ANN)
Active attacks
Script kiddies
/etc/passwd

19. Network devices that operate at layer 3. This device separates broadcast domains.
Trade Secret
Owner
Salami Slicing
Routers

20. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp
Stream cipher
Passive attacks
UUEncode
Digital certificates

21. Internet Architecture Board. This board is responsible for protecting the Internet.
Embezzlement
Callback Security/Call Forwarding
Audit Trail
IAB

22. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as
TCSEC
Session Hijacking
SLE (Single Loss Expectancy or Exposure)
Closed network

23. A site that is ready physically but has no hardware in place - all it has is HVAC
Cold Site
Raid 0 - 1 - 3 - 5
SSL/TLS
Degausser

24. Closed Circuit Television
Brute force
Detective - Preventive - Corrective
CCTV
Decentralized

25. Deals with the same things as due diligence except that they deal with accepting responsibility instead of liability.
Due Care
MOM
Multitasking
OSI Model

26. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
Skipjack
Username/password
Logic bomb
Passive attacks

27. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -
Cold Site
Rijndael
Covert channels
Virtual Memory/Pagefile.sys

28. An instance of a scripting language
Incentive programs
Script
Risk Mitigation
OSI Model

29. The intercepting of conversations by unintended recipients
Telnet
Smurf
Decentralized
Eavesdropping

30. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c
Carnivore
Throughput of a Biometric System
Hackers
Boot-sector Virus

31. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer
User
OEP
Replay
CD-Rom

32. A unit that will detect motion for the purpose of setting of the alarms to alert for unauthorized access.
Motion detector
Sabotage
Tailgating / Piggybacking
Passive attacks

33. The output of a hash function is a digest.
Virtual Memory/Pagefile.sys
Echelon
Digest
Active attacks

34. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network
Encryption
Honey pot
Session Hijacking
Qualitative

35. Network device that operates at layer 1. Concentrator.
Two-Factor Authentication
Security Perimeter
Hubs
ALE (Annualized Loss Expectancy)

36. Basic Input/Output System
Fraud
Finger printing
BIOS
Dogs

37. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access
Trap Door
Termination procedures
Data Mart
Fire extinguisher

38. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po
Qualitative
DHCP
Brute Force
Boot-sector Virus

39. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.
CCTV
Multitasking
ARO (Annualized Rate of Occurrence)
Authentication

40. Rolling command center with UPS - satellite - uplink - power - etc.
Probing
Artificial Neural Networks (ANN)
Bugtraq
Rolling hot sites

41. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access
Format 7 times
ActiveX Object Linking and Embedding
Packet Sniffing
TACACS (Terminal access controller access control system)

42. An attempt to trick the system into believing that something false is real
Hoax
BIOS
Software
Burden of Proof

43. Animals with teeth. Not as discriminate as guards
Dogs
Data remanence
WAP (Wireless Application Protocol)
Hot Site

44. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.
Symmetric
Hot Site
Spoofing
DMZ

45. Object Linking and Embedding. The ability of an object to be embedded into another object.
PKI
Penetration testing
Finger printing
OLE

46. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.
Clipper Chip
MOM
Technical - Administrative - Physical
Active attacks

47. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Clipping levels
Promiscuous mode
Guards
Senior Management

48. Transferring your risk to someone else - typically an insurance company
Risk Transferring
SSO (Single sign-on)
Smart cards
CGI (The Common Gateway Interface)

49. Emanations from one wire coupling with another wire
Crosstalk
Biometrics
DOS
Caesar Cipher

50. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to
Hearsay Evidence
Guards
Quantitative
Decentralized