Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A site that is ready physically but has no hardware in place - all it has is HVAC






2. Public Key Infrastructure






3. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






4. The person that determines the permissions to files. The data owner.






5. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






6. Scanning the airwaves for radio transmissions






7. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






8. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






9. a.k.a. The Chinese wall. Nash Bridges - Bridge wall - Chinese wall. Dynamically changes access control to prevent unauthorized access.






10. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






11. Internet Architecture Board. This board is responsible for protecting the Internet.






12. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






13. Motivational tools for employee awareness to get them to report security flaws in an organization






14. A network that mimics the brain






15. In a separation of duties model - this is where code is checked in and out






16. Distributed Component Object Model. Microsoft's implementation of CORBA.






17. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






18. Demilitarized Zone. A part of the network that is neither part of the internal network nor directly part of the Internet. Basically a network sitting between two networks.






19. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






20. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






21. Also known as a tunnel)






22. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






23. Making individuals accountable for their actions on a system typically through the use of auditing






24. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






25. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






26. The practice of obtaining confidential information by manipulation of legitimate users.






27. Access control method for database based on the content of the database to provide granular access






28. A mechanism by which connections to TCP services on a system are allowed or disallowed






29. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






30. Accepting all packets






31. The practice of following someone with a security code or keycard through a security door - generally in workplaces.






32. A self-replicating computer program - similar to a computer virus. A virus attaches itself to - and becomes part of - another executable program; however - a worm is self-contained and does not need to be part of another program to propagate itself.






33. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






34. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






35. In computer security - this type of attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gains an illegitimate advantage.






36. In computing - Secure Shell or SSH is a set of standards and an associated network protocol that allows establishing a secure channel between a local and a remote computer. It uses public-key cryptography to authenticate the remote computer and (opti






37. Data storage formats and equipment that allow the stored data to be accessed in any order






38. Encompasses Risk Analysis and Risk Mitigation






39. Someone whose hacking is primarily targeted at the phone systems






40. White hat l0pht






41. Method of authenticating to a system. Something that you supply and something you know.






42. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






43. A system designed to stop piggybacking.






44. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






45. Not a picture - but rather vectors of your finger geometry with an acceptable variance built in to provide for slight changes.






46. An attempt to trick the system into believing that something false is real






47. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






48. Motive - Opportunity - and Means. These deal with crime.






49. When security is managed at a central point in an organization






50. Chief Information Officer