Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






2. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






3. The 7 layer model defined by the ISO. Memorized by 'All People Seem To Need Data Processing' and 'Please Do Not Throw Sausage Pizza Away'. Actually - the layers are Application - Presentation - Session - Transport - Network - Data Link - Physical






4. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






5. Someone whose hacking is primarily targeted at the phone systems






6. An attack which results in an unauthorized state change - such as the manipulation of files - or the adding of unauthorized files.






7. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






8. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






9. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






10. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






11. The art of breaking code. Testing the strength of an algorithm.






12. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






13. Chief Executive Officer






14. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






15. Motivational tools for employee awareness to get them to report security flaws in an organization






16. Transferring your risk to someone else - typically an insurance company






17. A network that mimics the brain






18. A sandbox. Emulates an operating environment.






19. Component Object Model.






20. Common Object Request Broker Architecture.






21. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






22. A site that is ready physically but has no hardware in place - all it has is HVAC






23. A simple authentication protocol used to authenticate a user to a remote access server or Internet service provider (ISP). Almost all NOS remote servers support PAP. PAP transmits unencrypted ASCII passwords over the network and is therefore consider






24. Access control method for database based on the content of the database to provide granular access






25. Distributed Component Object Model. Microsoft's implementation of CORBA.






26. Also known as a tunnel)






27. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






28. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






29. Enticing people to hit your honeypot to see how they try to access your system.






30. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






31. White hat l0pht






32. Closed Circuit Television






33. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






34. Providing verification to a system






35. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






36. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






37. Encompasses Risk Analysis and Risk Mitigation






38. Animals with teeth. Not as discriminate as guards






39. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






40. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






41. Internet Architecture Board. This board is responsible for protecting the Internet.






42. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






43. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






44. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






45. In a separation of duties model - this is where code is checked in and out






46. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






47. After implementing countermeasures - accepting risk for the amount of vulnerability left over






48. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






49. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






50. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet