Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






2. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






3. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






4. Residual physical representation of data that has been in some way erased. After storage media is erased there may be some physical characteristics that allow data to be reconstructed.






5. Random Number Base






6. The study of automated methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology - biometric authentication refers to technologies that measure and analyze human physical and beh






7. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






8. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






9. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






10. When a DNS server goes out to resolve a name - and gets the wrong response back - it caches the wrong address for the default DNS time period - thus poisoning the cache for that period of time






11. Using ICMP to diagram a network






12. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






13. Involving the measurement of quantity or amount.






14. Making individuals accountable for their actions on a system typically through the use of auditing






15. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






16. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






17. Network devices that operate at layer 3. This device separates broadcast domains.






18. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






19. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






20. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






21. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






22. A network entity that provides a single entrance / exit point to the Internet.






23. Internet Relay Chat.






24. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






25. When security is managed at a central point in an organization






26. Motivational tools for employee awareness to get them to report security flaws in an organization






27. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






28. A chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.






29. In cryptography - it is a block cipher






30. A network that uses proprietary protocols






31. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






32. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






33. These viruses usually infect both boot records and files.






34. Be at least 8 foot tall and have three strands of barbed wire.






35. Entails planning and system actions to ensure that a project is following good quality management practices






36. A military standard defining controls for emanation protection






37. These can be used to verify that public keys belong to certain individuals.






38. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






39. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






40. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






41. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






42. A hidden communications channel on a system that allows for the bypassing of the system security policy






43. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.






44. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






45. After implementing countermeasures - accepting risk for the amount of vulnerability left over






46. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






47. An organization that got their fame from telling the Senate Judiciary Committee that they could bring down the Internet in 30 minutes. Black hat....






48. A remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access






49. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






50. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.