Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. To not be legal (as far as law is concerned) or ethical






2. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.






3. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






4. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






5. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






6. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






7. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






8. Providing verification to a system






9. After implementing countermeasures - accepting risk for the amount of vulnerability left over






10. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






11. Motive - Opportunity - and Means. These deal with crime.






12. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






13. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






14. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






15. Animals with teeth. Not as discriminate as guards






16. Transferring your risk to someone else - typically an insurance company






17. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






18. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






19. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






20. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






21. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






22. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






23. White hat l0pht






24. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






25. An attempt to trick the system into believing that something false is real






26. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






27. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






28. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






29. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






30. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






31. A RFC standard. A mechanism for performing commands on a remote system






32. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






33. The practice of obtaining confidential information by manipulation of legitimate users.






34. The frequency with which a threat is expected to occur.






35. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






36. A site that has some equipment in place - and can be up within days






37. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






38. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






39. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






40. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






41. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






42. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






43. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






44. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






45. The real cost of acquiring/maintaining/developing a system






46. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






47. Threat to physical security.






48. The act of identifying yourself. Providing your identity to a system






49. A gas used in fire suppression. Not human safe. Chemical reaction.






50. Network Address Translation