Test your basic knowledge |

Comptia Security +: Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Separation of duties (SoD) is the concept of having more than one person required to complete a task.






2. An instance of a scripting language






3. This factor represents a measure of the magnitude of loss or impact on the value of an asset.






4. Same as a block cipher except that it is applied to a data stream one bit at a time






5. A class of storage media used in computers and other electronic devices. Because it cannot (easily) be written to - its main uses lie in the distribution of firmware.






6. The effort made by an ordinarily prudent or reasonable party to avoid harm to another party or himself. Deals with liability.






7. A little piece of information that is put on your computer to allow communications with the server and that also allow some servers to track everything you go to on the Internet






8. In computing - it is software that is embedded in a hardware device. It is often provided on flash ROMs or as a binary image file that can be uploaded onto existing hardware by a user.






9. A distinctive sign of some kind which is used by a business to uniquely identify itself and its products and services to consumers - and to distinguish the business and its products and / or services from those of other businesses.






10. Jumping into dumpsters to retrieve information about someone/something/a company






11. Accepting all packets






12. Dynamic Host Configuration Protocol.






13. Business Impact Analysis. A BIA is a functional analysis in which a team collects data through interviews and documentary sources. It documents business functions - activities - and transactions.






14. In computer terminology - a honeypot is a trap set to detect - deflect or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer - data or a network site that appears to be part of a network






15. Common Object Request Broker Architecture.






16. When security is managed at a central point in an organization






17. A form of binary to text encoding that originated as a Unix program for encoding binary data for transmission over the uucp mail system. The name 'uuencode' is derived from 'Unix-to-Unix encoding'. Since uucp converted characters between various comp






18. The process of certifying a system that has been built to ensure that it meets the security standards that you have said you will use.






19. A network that mimics the brain






20. When an employee leaves the company - you want to make them aware of non-disclosures and non compete clauses - etc.






21. Systems that use a knowledge base - an inference engine - and general methods for searching problem solutions.






22. It can capture radio and satellite communications - telephone calls - faxes and e-mails nearly anywhere in the world and includes computer automated analysis and sorting of intercepts. ECHELON is estimated to intercept up to 3 billion communications






23. The process of developing a planned approach to change in an organization. Typically the objective is to maximize the collective benefits for all people involved in the change and minimize the risk of failure of implementing the change.






24. A type of virus that changes its telltale code segments so that it ' looks' different from one infected file to another - thus making detection more difficult.






25. The person that determines the permissions to files. The data owner.






26. An arrangement in which the keys needed to decrypt encrypted data are held in escrow by a third party - so that someone else (typically government agencies) can obtain them to decrypt messages which they suspect to be relevant to national security.






27. A site that has some equipment in place - and can be up within days






28. Rotating employee's job duties so that things can be checked that they are doing to make sure nothing fraudulent is occurring.






29. Provides a means to obtain passwords or encryption keys and thus bypass other security measures. This can be accomplished through hardware or software means.






30. A hash function (or hash algorithm) is a way of creating a small digital 'fingerprint' from any kind of data. The function chops and mixes the data to create the fingerprint - often called a hash value. The hash value is commonly represented as a sho






31. Motivational tools for employee awareness to get them to report security flaws in an organization






32. Provides for less data leakage. Longer distance. Uses light instead of electrical impulse.






33. A computer program (or set of programs) that translates text written in a computer language (the source language) into another computer language (the target language).






34. A specialized version of a data warehouse. Like data warehouses - data marts contain a snapshot of operational data that helps business people to strategize based on analyses of past trends and experiences. The key difference is that the creation of






35. Internet Relay Chat.






36. Also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor - the Data Encryption Standard (DES). AES was adopt






37. Data storage formats and equipment that allow the stored data to be accessed in any order






38. The illegal practice of stealing money repeatedly in extremely small quantities - usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. Salami slicing is most often performed by employees of t






39. Someone whose hacking is primarily targeted at the phone systems






40. Virtual memory is an area of 'memory' that is not in physical memory (RAM) but on the disk system to allow for extra 'memory' processing area above what is available through RAM. This is the pagefile.sys file on a Windows system. Many Windows OSs req






41. A birthday attack is a type of cryptographic attack which exploits the mathematics behind the birthday paradox - making use of a space-time tradeoff.






42. Same as AES Advanced Encryption Standard (AES) - also known as Rijndael - is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively - as was the case with its predecessor -






43. This is the file on a UNIX system where usernames to password MD5 hash outputs are stored. The system uses this file to determine if the password entered for a given username is correct.






44. Basic Input/Output System






45. Animals with teeth. Not as discriminate as guards






46. Someone who hacks






47. Threat to physical security.






48. When you have a certain amount of access and you change jobs and you keep that access from the previous position. Also known as enlargement of permission and privilege escalation.






49. Federal law with many aspects designed to curb terrorist activities; impacts real estate transactions because of disclosure requirements imposed on escrow agents regarding transfer of title and deposits of cash; imposes new disclosure and signature r






50. This deals with differences between plaintext password storage and transmission - versus encrypted password storage and transmission.