Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






2. A computer network authentication protocol which allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. Kerberos prevents eavesdropping or replay attacks - and ensures the integrity of the






3. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






4. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






5. After implementing countermeasures - accepting risk for the amount of vulnerability left over






6. Network devices that operate at layer 2. Every port on a switch is a separate collision domain






7. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






8. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






9. A site that is ready physically but has no hardware in place - all it has is HVAC






10. A card that holds information that must be authenticated to before it can reveal the information that it is holding






11. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






12. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






13. Using ICMP to diagram a network






14. Closed Circuit Television






15. Also known as a tunnel)






16. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






17. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






18. A mechanism by which connections to TCP services on a system are allowed or disallowed






19. Someone who hacks






20. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






21. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






22. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






23. The practice of obtaining confidential information by manipulation of legitimate users.






24. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






25. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






26. Object Linking and Embedding. The ability of an object to be embedded into another object.






27. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






28. A system designed to stop piggybacking.






29. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






30. Communications that don't take the natural course of email (when you don't want eavesdropping to happen)






31. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






32. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






33. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






34. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






35. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






36. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






37. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






38. When security is managed at many different points in an organization






39. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






40. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






41. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






42. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






43. The act of identifying yourself. Providing your identity to a system






44. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






45. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






46. Continuation of Operations Plan






47. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






48. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






49. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






50. Making individuals accountable for their actions on a system typically through the use of auditing







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests