Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Refers to any of the various programs by which a computer controls aspects of its operations - such as those for translating data from one form to another - as contrasted with hardware - which is the physical equipment comprising the installation.






2. A network entity that provides a single entrance / exit point to the Internet.






3. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






4. A spoofing attack - a kind of attack in data communication - in which a third party tries to mislead the communication participants using forged information.






5. White hat l0pht






6. Also known as a tunnel)






7. The real cost of acquiring/maintaining/developing a system






8. A sandbox. Emulates an operating environment.






9. The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.






10. Using ICMP to diagram a network






11. These viruses usually infect both boot records and files.






12. A war dialing utility






13. An international standard defining security assurance and functionality profiles. Replaced the TCSEC - ITSEC - etc.






14. A type of hash function used to produce a checksum - which is a small - fixed number of bits - against a block of data. This is used to detect errors after transmission or storage.






15. (OLE) is a distributed object system and protocol developed by Microsoft. OLE allows an editor to 'farm out' part of a document to another editor and then reimport it. Its primary use is for managing compound documents - but it is also used for trans






16. In a separation of duties model - this is where code is checked in and out






17. In risk assessment - the average monetary value of losses per year. SLE x ARO = ALE






18. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






19. A mechanism by which connections to TCP services on a system are allowed or disallowed






20. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






21. Project initiation - functional design analysis and planning - system design specifications - software development - installation/implementation - operational/maintenance - disposal






22. 0 = striping without parity 1 = mirroring 3 = striping with parity (parity on single drive) 5 = striping with parity (parity striped across all drives)






23. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






24. These can be used to verify that public keys belong to certain individuals.






25. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






26. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






27. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






28. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






29. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






30. Differs from ordinary composition in that it does not imply ownership. In composition - when the owning object is destroyed - so are the contained objects. In aggregation - this is not necessarily true.






31. Good for distance - longer than 100M






32. Software designed to infiltrate or damage a computer system - without the owner's consent.






33. In cryptanalysis and computer security - this attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute forc






34. A military standard defining controls for emanation protection






35. In classical cryptography - a transposition cipher changes one character from the plaintext to another (to decrypt the reverse is done). That is - the order of the characters is changed. Mathematically a bijective function is used on the characters'






36. Someone who hacks using programs that they can download from the Internet. This person usually doesn't find new exploits - but simply exploits vulnerabilities that others have found.






37. In cryptography - it is a block cipher






38. Continuation of Operations Plan






39. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






40. Chief Information Officer






41. Same as a block cipher except that it is applied to a data stream one bit at a time






42. Non-repudiation is the concept of ensuring that a contract - especially one agreed to via the Internet - cannot later be denied by one of the parties involved.






43. Ethernet - Cat5 - Twisted to allow for longer runs.






44. Refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system.






45. A site that has some equipment in place - and can be up within days






46. Affects the section of a floppy or hard disk that contains operating system and file information. Each time you start your PC with an infected floppy in the drive - the virus can spread.






47. A type of circuit switched telephone network system - designed to allow digital transmission of voice and data over ordinary telephone copper wires - resulting in better quality and higher speeds than available with analog systems.






48. A name given to a system implemented by the FBI that is analogous to wiretapping except in this case - e-mail and other communications are being tapped instead of telephone conversations. Carnivore was essentially a customizable packet sniffer that c






49. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






50. In telecommunications - a callback occurs when the originator of a call is immediately called back in a second call as a response. This helps to make sure that only authorized people are calling in as the number dialing in has to be in the list. Howe