Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






2. Component Object Model.






3. Access control method for database based on the content of the database to provide granular access






4. Network devices that operate at layer 3. This device separates broadcast domains.






5. In a computer system (or cryptosystem or algorithm) these are methods of bypassing normal authentication or securing remote access to a computer - while attempting to remain hidden from casual inspection.






6. Emanations from one wire coupling with another wire






7. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






8. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






9. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






10. The apparent simultaneous performance of two or more tasks by a computer's central processing unit.






11. Entails planning and system actions to ensure that a project is following good quality management practices






12. Accepting all packets






13. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






14. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






15. A site that is ready and available within minutes or hours to continue processing. This is a site that is fully configured and ready to go.






16. Something used to put out a fire. Can be in Classes A - B - C - D - or H






17. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






18. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






19. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






20. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






21. Internet Architecture Board. This board is responsible for protecting the Internet.






22. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






23. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






24. A sandbox. Emulates an operating environment.






25. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






26. A network that uses proprietary protocols






27. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






28. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






29. Methodical process of finding and reducing the number of bugs - or defects - in a computer program or a piece of electronic hardware thus making it behave as expected






30. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






31. A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it - possibly as part of a masquer






32. Closed Circuit Television






33. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






34. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






35. Confidentiality - Integrity - and Availability






36. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






37. Being able to control access to individuals very specifically - instead of lower in the OSI model where you cant set it so specifically






38. A RFC standard. A mechanism for performing commands on a remote system






39. An attack that is similar to smurf but instead of using ICMP (ping) it uses UDP as its weapon of choice. It broadcasts a spoofed UDP packet to the amplifying network.






40. Scanning the airwaves for radio transmissions






41. In computer networking - this is the method for finding a host's hardware address when only its IP address is known. Due to the overwhelming prevalence of IPv4 and ethernet - ARP is primarily used to translate ethernet MAC addresses from IP addresses






42. Involving the measurement of quantity or amount.






43. The intercepting of conversations by unintended recipients






44. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






45. Reasonable doubt






46. The practice of obtaining confidential information by manipulation of legitimate users.






47. The physical part of a computer - as distinguished from the computer software that executes within the hardware.






48. Among the most common types of viruses and the least damaging - these are hidden within applications that must be executed in order to execute the virus.






49. A team of individuals at the highest level of organizational management who have the day-to-day responsibilities of managing a corporation. And don't forget - they are always the ones ultimately responsible for due diligence / due care. They are also






50. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.