Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Distributed Component Object Model. Microsoft's implementation of CORBA.






2. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






3. Assuming someone's session who is unaware of what you are doing






4. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






5. Jumping into dumpsters to retrieve information about someone/something/a company






6. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






7. An attempt to trick the system into believing that something false is real






8. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






9. A sandbox. Emulates an operating environment.






10. An automated tool with a database of known vulnerabilities that check systems for those vulnerabilities






11. An attacker spoofs the source IP in a packet header - to make a ping request appear to have originated from the future victim's network - then the responding network responds in full force to these requests and brings down the victim's network.






12. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






13. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






14. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






15. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






16. Threat to physical security.






17. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






18. Component Object Model.






19. More discriminate than dogs






20. A hidden communications channel on a system that allows for the bypassing of the system security policy






21. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






22. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






23. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






24. Network device that operates at layer 1. Concentrator.






25. A network that uses standard protocols (TCP/IP)






26. When one key of a two-key pair has more encryption pattern than the other






27. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






28. A RFC standard. A mechanism for performing commands on a remote system






29. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






30. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






31. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






32. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






33. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






34. A site that has some equipment in place - and can be up within days






35. A war dialing utility






36. Any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication - which requires only one factor (knowledge of a password) in order to gain access to a syste






37. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






38. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






39. The art of breaking code. Testing the strength of an algorithm.






40. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






41. Accepting all packets






42. The amount of users that the system can process in a given amount of time. A typical acceptable amount is 10/minute






43. Once authenticated - the level of access you have to a system






44. The intercepting of conversations by unintended recipients






45. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






46. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






47. In cryptography - a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the 'units' may be single letters (the most common) - pairs of letters - triplets of letters






48. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






49. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






50. Same as a block cipher except that it is applied to a data stream one bit at a time