Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A form of redundancy check (a very simple measure for protecting the integrity of data by detecting errors in data that is sent through space or time.






2. Software designed to infiltrate or damage a computer system - without the owner's consent.






3. When a security event occurs - this is the order in which people will be contacted. This is a predefined list.






4. Network devices that operate at layer 3. This device separates broadcast domains.






5. When security is managed at a central point in an organization






6. A set of rules applied by many transit networks which restrict the ways in which the network may be used.






7. 1 - 1024 are the ports registered to Internet applications. Ones on the test include: 20 - ftp 21 - ftp 22 - ssh 23 - telnet 25 - smtp 53 - dns 69 - tftp 80 - http 161 - snmp 443 - ssl






8. The idea is that a computer program may be seen as comprising a collection of individual units - or objects - that act on each other - as opposed to a traditional view in which a program may be seen as a collection of functions - or simply as a list






9. In cryptography - it is one of the simplest and most widely-known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions further down the alphabet.






10. A hidden value or set of values that allows access to a program - computer system - or data. It is sometimes erroneously confused with a backdoor - which (in a computer system) is a method of bypassing normal authentication or securing remote access






11. The attacker sends a SYN request to the victims machine and the victim machine allocates resources for that request and sends a SYN/ACK back. The attacking machine doesn't respond however - but instead sends another SYN and continues to do so until t






12. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






13. Entails planning and system actions to ensure that a project is following good quality management practices






14. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






15. The frequency with which a threat is expected to occur.






16. Distributed Component Object Model. Microsoft's implementation of CORBA.






17. Driving around enumerating wireless networks with the proper equipment (antennas and the like)






18. Accepting all packets






19. A component in the Wireless Application Protocol (WAP) protocol stack. It sits between the WTP and WDP layers in the WAP communications stack.






20. If an employee is suspected of wrongdoing - sending them away from work for a while so that their actions can be audited.






21. A meme and a joke are the same thing. e.g. When someone says to delete a file that is really just fine and they call it a virus






22. A formula - practice - process - design - instrument - pattern - or compilation of information used by a business to obtain an advantage over competitors within the same industry or profession.






23. A denial-of-service attack is an attack on a computer system or network that causes a loss of service to users - typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational






24. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






25. A gas used in fire suppression. Not human safe. Chemical reaction.






26. Degaussing is the process of reducing or eliminating an unwanted magnetic field. The Degausser is what actually performs the degaussing.






27. When you know something from a source - and can infer other related information based off of what you know - when you may not necessarily have access to that data normally.






28. Personal - Network - and Application






29. Also civil law






30. Technical are IT implemented. Administrative items are things that HR implements. Physical things are things that are tangible.






31. An AAA (Authentication - Authorization - and Accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.






32. False Acceptance Rate - False Rejection Rate - Crossover Error Rate






33. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.






34. Identifying risks and assessing the possible damage that can be caused in order to justify security safeguards






35. A network that uses proprietary protocols






36. The government required overwrite rate if you are formatting a drive in such a manner as to make it nearly impossible to retrieve data from it






37. The most popular computer language used to create - modify - retrieve and manipulate data from relational database management systems. The language has evolved beyond its original purpose to support object-relational database management systems. It i






38. The Teardrop attack involved sending IP fragments with overlapping payloads to the target machine.






39. Setting up the user to access the honeypot for reasons other than the intent to harm.






40. Rolling command center with UPS - satellite - uplink - power - etc.






41. Chief Information Officer






42. Confidentiality - Integrity - and Availability






43. An imaginary boundary between the components that make up the TCB and the components that are not covered by the TCB






44. Defines the objects and their attributes that exist in a database.






45. Jumping into dumpsters to retrieve information about someone/something/a company






46. A collection of updates - fixes and/or enhancements to a software program delivered in the form of a single installable package.






47. When one key of a two-key pair has more encryption pattern than the other






48. Animals with teeth. Not as discriminate as guards






49. Diffie-Hellman (D-H) key exchange is a cryptographic protocol which allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt s






50. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network