Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






2. A technique to eliminate data redundancy.






3. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






4. This is an open international standard for applications that use wireless communications.






5. Once authenticated - the level of access you have to a system






6. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






7. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






8. Good for distance - longer than 100M






9. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






10. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






11. Also civil law






12. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






13. The art of breaking code. Testing the strength of an algorithm.






14. After implementing countermeasures - accepting risk for the amount of vulnerability left over






15. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






16. A hidden communications channel on a system that allows for the bypassing of the system security policy






17. Someone whose hacking is primarily targeted at the phone systems






18. Enticing people to hit your honeypot to see how they try to access your system.






19. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






20. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






21. The person that controls access to the data






22. The frequency with which a threat is expected to occur.






23. Chief Information Officer






24. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






25. Also known as a tunnel)






26. Refers to a cryptographic signature - either on a document - or on a lower-level data structure that signs an item electronically.






27. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






28. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






29. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






30. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






31. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






32. Closed Circuit Television






33. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






34. Someone who hacks






35. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






36. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






37. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






38. Packet sniffers (also known as Network Analyzers or Ethernet Sniffers) are software programs that can see the traffic passing over a network or part of a network. As data streams travel back and forth over the network - the program captures each pack






39. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






40. Method of authenticating to a system. Something that you supply and something you know.






41. They all deal with objects or identifiers that are used during authentication. They provide information that will allow the authentication to happen. There are many types.






42. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






43. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






44. A number of computer software products and specifications from Sun Microsystems that together provide a system for developing and deploying cross-platform applications. Java is used in a wide variety of computing platforms spanning from embedded devi






45. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






46. Hardware - software - and firmware elements of a TCB that implement the fundamental security procedures for controlling access to system resources






47. Something used to put out a fire. Can be in Classes A - B - C - D - or H






48. To not be legal (as far as law is concerned) or ethical






49. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






50. Countermeasures / safeguards fall into these categories. Detective measures detect - preventive measures prevent - and corrective measures correct.