Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. White hat l0pht






2. Entails planning and system actions to ensure that a project is following good quality management practices






3. Testing a company's network to test for vulnerabilities in their systems so that weaknesses can be fixed. This testing does not actually fix anything.






4. A network that uses standard protocols (TCP/IP)






5. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






6. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






7. Component Object Model.






8. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






9. A set of exclusive rights granted by governments to regulate the use of a particular expression of an idea or information. Artists ability to control their work






10. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






11. Encompasses Risk Analysis and Risk Mitigation






12. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






13. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






14. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






15. A SSO technology that extends Kerberos functionality and improve upon its weaknesses.






16. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






17. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






18. Must be in place for you to use a biometric system






19. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe






20. Issued by the United States National Computer Security Center (NCSC - an arm of the NSA) as 'Trusted Computer System Evaluation Criteria' - a DOD standard 5200.23-STD in December 1985 superseding CSC-STD-001-83 - the TCSEC (frequently referred to as






21. A computer program that contains some of the subject-specific knowledge of one or more human experts. The most common form of expert systems is a program (like a wizard) made up of a set of rules that analyze information (usually supplied by the user






22. Base 64 is a positional numeral system using a base of 64. It is the largest power of two base that can be represented using only printable ASCII characters. This has led to its use as a transfer encoding for e-mail among other things.






23. A mechanism by which connections to TCP services on a system are allowed or disallowed






24. Object Linking and Embedding. The ability of an object to be embedded into another object.






25. A technique to eliminate data redundancy.






26. Telephone tapping (or wire tapping/wiretapping in the US) is the monitoring of telephone and Internet conversations by a third party - often by covert means. The telephone tap or wire tap received its name because historically - the monitoring connec






27. The frequency with which a threat is expected to occur.






28. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






29. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






30. These viruses usually infect both boot records and files.






31. To not be legal (as far as law is concerned) or ethical






32. In cryptography - it is a block cipher






33. Chief Executive Officer






34. Using ICMP to diagram a network






35. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






36. In cryptography - encryption is the process of obscuring information to make it unreadable without special knowledge.






37. RFC 1918 defined the following addresses as the private addressing ranges: 192.168.x.x - 10.x.x.x - 172.16.x.x - 172.31.x.x






38. The key that is used to encrypt a file or message is the same key that is used to decrypt the file or message






39. A military standard defining controls for emanation protection






40. Someone whose hacking is primarily targeted at the phone systems






41. Packet sniffers (also known as network or protocol analyzers or Ethernet sniffers) are computer software (usually) or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel bac






42. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






43. Grabs an image of the finger which is then stored in a database and then works in a one-to-many database






44. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






45. A person able to exploit a system or gain unauthorized access through skill and tactics. This usually refers to a black hat hacker. There are also white hats (ethical hackers) - and grey hats.






46. Rolling command center with UPS - satellite - uplink - power - etc.






47. Attack which does not result in an unauthorized state change - such as an attack that only monitors and/or records data.






48. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






49. A set of exclusive rights granted by a state to a person for a fixed period of time in exchange for the regulated - public disclosure of certain details of a device - method - process or composition of matter (substance) (known as an invention) which






50. A card that holds information that must be authenticated to before it can reveal the information that it is holding