Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In cryptanalysis - this attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example - exhaustively working through all possible keys in order to decrypt a message. In most schemes - the theoretical po






2. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






3. Someone who hacks






4. In cryptanalysis - a brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities. In most schemes - the theoretical possibility of a brute force attack is recognised - but it is set up in such a way th






5. A network entity that provides a single entrance / exit point to the Internet.






6. Motive - Opportunity - and Means. These deal with crime.






7. The person that determines the permissions to files. The data owner.






8. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






9. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






10. Virtual LANs. Separating broadcast domains on a single network. A way of partitioning communications channels.






11. A specialized form of software authentication that enables a user to authenticate once and gain access to the resources of multiple software systems.






12. A military standard defining controls for emanation protection






13. A method of encrypting text to produce cipher text in which a cryptographic key and algorithm are applied to a block of data as a group instead of one bit at a time






14. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






15. The EU spec. If databases exist - users are allowed to check data into them - allowed to change them if wrong - etc.






16. These cryptographic protocols provide secure communications on the Internet. SSL provides endpoint authentication and communications privacy over the Internet using cryptography. In typical use - only the server is authenticated while the client rema






17. Class A (1-126.x.x.x) - Class B (128-191.x.x.x) - Class C (192-223.x.x.x)






18. The process of reducing your risks to an acceptable level based on your risk analysis






19. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






20. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






21. Must be in place for you to use a biometric system






22. In computer security and programming - it is an anomalous condition where a process attempts to store data beyond the boundaries of a buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include oth






23. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






24. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






25. Disclosure - Alteration - Destruction. These things break the CIA triad






26. Entails planning and system actions to ensure that a project is following good quality management practices






27. Making individuals accountable for their actions on a system typically through the use of auditing






28. The frequency with which a threat is expected to occur.






29. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






30. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






31. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






32. CISSPs subscribe to a code of ethics for building up the security profession






33. In computing - the Challenge-Handshake Authentication Protocol authenticates a user to an Internet access provider. CHAP provides protection against playback attack by the peer through the use of an incrementally changing identifier and of a variable






34. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






35. Data storage formats and equipment that allow the stored data to be accessed in any order






36. Transferring your risk to someone else - typically an insurance company






37. Rolling command center with UPS - satellite - uplink - power - etc.






38. Software designed to infiltrate or damage a computer system - without the owner's consent.






39. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






40. Object Linking and Embedding. The ability of an object to be embedded into another object.






41. A war dialing utility






42. An audit trail is a chronological sequence of audit records - each of which contains evidence directly pertaining to and resulting from the execution of a business process or system function. Audit records typically result from activities such as tra






43. Motivational tools for employee awareness to get them to report security flaws in an organization






44. Procedures for when an employee is terminated to ensure that they are aware of their responsibilities and turn in all company property.






45. In computer science - it means allowing a single definition to be used with different types of data (specifically - different classes of objects). For instance - a polymorphic function definition can replace several type-specific ones - and a single






46. Scanning the airwaves for radio transmissions






47. Countermeasure to put fake stuff into a database so if someone is reading it they will get the wrong info.






48. When security is managed at a central point in an organization






49. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






50. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp