Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






2. A site that is ready physically but has no hardware in place - all it has is HVAC






3. When two or more processes are linked and execute multiple programs simultaneously






4. Defines the objects and their attributes that exist in a database.






5. Public Key Infrastructure






6. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






7. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






8. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






9. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






10. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






11. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






12. A card that holds information that must be authenticated to before it can reveal the information that it is holding






13. Also civil law






14. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






15. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






16. In the context of computer software - a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.






17. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






18. Dynamic Host Configuration Protocol.






19. 'If you cant see it - its secure'. Bad policy to live by.






20. Distributed Component Object Model. Microsoft's implementation of CORBA.






21. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






22. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






23. A legal term used to describe an out-of-court statement offered to establish the truth of the facts asserted in that statement. Hearsay is generally not admissible in common law courts because it is of dubious value - but there are many exceptions to






24. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






25. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






26. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






27. The user






28. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






29. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






30. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






31. Internet Architecture Board. This board is responsible for protecting the Internet.






32. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






33. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






34. The process of training end users / employees in the ways and processes of security. This helps to mitigate risk to the company (if the employees know what to do) and also helps the employees to know what is expected of them security-wise - so that t






35. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






36. Involving the measurement of quantity or amount.






37. Jumping into dumpsters to retrieve information about someone/something/a company






38. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






39. Rolling command center with UPS - satellite - uplink - power - etc.






40. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






41. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






42. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






43. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






44. Repeats the signal. It amplifies the signal before sending it on.






45. Accepting all packets






46. An agreement that you make with another company to be able to use their facilities in the event of a disaster. The least expensive - and not usually enforceable.






47. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






48. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






49. A compact disc that contains data only accessible by a computer. All modern CD-ROM drives can also read audio CDs. It is possible to produce composite CDs containing both data and audio with the latter capable of being played on a CD player - whilst






50. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications